From 1a28e1091cd4c150faebb25c08077f016046d8a9 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 16 Aug 2017 10:15:58 +0200
Subject: [PATCH 01/33] docs(api): update swagger.yml (#1130)

---
 api/swagger.yaml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/api/swagger.yaml b/api/swagger.yaml
index aa7713195..28e0dc3f1 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -3,7 +3,8 @@ swagger: "2.0"
 info:
   description: "Portainer API is an HTTP API served by Portainer. It is used by the\
     \ Portainer UI and everything you can do with the UI can be done using the HTTP\
-    \ API.\nYou can find out more about Portainer at [http://portainer.io](http://portainer.io)\
+    \ API.  \nExamples are available at https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8\
+    \  \nYou can find out more about Portainer at [http://portainer.io](http://portainer.io)\
     \ and get some support on [Slack](http://portainer.io/slack/).\n\n# Authentication\n\
     \nMost of the API endpoints require to be authenticated as well as some level\
     \ of authorization to be used.\nPortainer API uses JSON Web Token to manage authentication\
@@ -20,7 +21,18 @@ info:
     \ this access policy.\nExtra-checks might be added to ensure access to the resource\
     \ is granted. Returned data might also be filtered.\n\n### Administrator access\n\
     \nAuthentication as well as an administrator role are required to access the endpoints\
-    \ with this access policy.\n"
+    \ with this access policy.\n\n# Execute Docker requests\n\nPortainer **DO NOT**\
+    \ expose specific endpoints to manage your Docker resources (create a container,\
+    \ remove a volume, etc...).  \n\nInstead, it acts as a reverse-proxy to the Docker\
+    \ HTTP API. This means that you can execute Docker requests **via** the Portainer\
+    \ HTTP API.\n\nTo do so, you can use the `/endpoints/{id}/docker` Portainer API\
+    \ endpoint (which is not documented below due to Swagger limitations). This\n\
+    endpoint has a restricted access policy so you still need to be authenticated\
+    \ to be able to query this endpoint. Any query on this endpoint will be proxied\
+    \ to the\nDocker API of the associated endpoint (requests and responses objects\
+    \ are the same as documented in the Docker API).\n\n**NOTE**: You can find more\
+    \ information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/)\
+    \ as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).\n"
   version: "1.14.0"
   title: "Portainer API"
   contact:

From 35dd3916dd779347fc10a5ff1949ac7bd8eab837 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 22 Aug 2017 16:36:12 +0200
Subject: [PATCH 02/33] fix(authentication): do not use $sanitize with LDAP
 authentication (#1136)

---
 app/components/auth/authController.js | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/components/auth/authController.js b/app/components/auth/authController.js
index 14ef479d7..cd203cfc0 100644
--- a/app/components/auth/authController.js
+++ b/app/components/auth/authController.js
@@ -1,6 +1,6 @@
 angular.module('auth', [])
-.controller('AuthenticationController', ['$scope', '$state', '$stateParams', '$window', '$timeout', '$sanitize', 'Authentication', 'Users', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications',
-function ($scope, $state, $stateParams, $window, $timeout, $sanitize, Authentication, Users, EndpointService, StateManager, EndpointProvider, Notifications) {
+.controller('AuthenticationController', ['$scope', '$state', '$stateParams', '$window', '$timeout', '$sanitize', 'Authentication', 'Users', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications', 'SettingsService',
+function ($scope, $state, $stateParams, $window, $timeout, $sanitize, Authentication, Users, EndpointService, StateManager, EndpointProvider, Notifications, SettingsService) {
 
   $scope.authData = {
     username: 'admin',
@@ -78,9 +78,19 @@ function ($scope, $state, $stateParams, $window, $timeout, $sanitize, Authentica
 
   $scope.authenticateUser = function() {
     $scope.authenticationError = false;
-    var username = $sanitize($scope.authData.username);
-    var password = $sanitize($scope.authData.password);
-    Authentication.login(username, password)
+
+    SettingsService.publicSettings()
+    .then(function success(data) {
+      var settings = data;
+      var username = $scope.authData.username;
+      var password = $scope.authData.password;
+      if (settings.AuthenticationMethod === 1) {
+        username = $sanitize($scope.authData.username);
+        password = $sanitize($scope.authData.password);
+      }
+
+      return Authentication.login(username, password);
+    })
     .then(function success(data) {
       return EndpointService.endpoints();
     })

From d50a650686aaef5084fe4ecce4a45df1f97a6ef0 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 23 Aug 2017 09:51:42 +0200
Subject: [PATCH 03/33] feat(dashboard): remove driver information in volumes
 (#1148)

---
 app/components/dashboard/dashboard.html | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/app/components/dashboard/dashboard.html b/app/components/dashboard/dashboard.html
index 8ba214666..d3b1426c5 100644
--- a/app/components/dashboard/dashboard.html
+++ b/app/components/dashboard/dashboard.html
@@ -125,9 +125,6 @@
           <div class="widget-icon blue pull-left">
             <i class="fa fa-cubes"></i>
           </div>
-          <div class="pull-right" ng-if="infoData.Driver">
-            <div><i class="fa fa-hdd-o space-right"></i>{{ infoData.Driver }} driver</div>
-          </div>
           <div class="title">{{ volumeData.total }}</div>
           <div class="comment">Volumes</div>
         </rd-widget-body>

From a6ef27164cb62696af780648d818ef9b6dd1ccd3 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 23 Aug 2017 10:06:18 +0200
Subject: [PATCH 04/33] feat(container-details): prevent re-creation, edition &
 duplication for service task (#1149)

---
 app/components/container/container.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/components/container/container.html b/app/components/container/container.html
index b399a1eca..34590f292 100644
--- a/app/components/container/container.html
+++ b/app/components/container/container.html
@@ -20,8 +20,8 @@
           <button class="btn btn-primary" ng-click="pause()" ng-disabled="!container.State.Running || container.State.Paused"><i class="fa fa-pause space-right" aria-hidden="true"></i>Pause</button>
           <button class="btn btn-primary" ng-click="unpause()" ng-disabled="!container.State.Paused"><i class="fa fa-play space-right" aria-hidden="true"></i>Resume</button>
           <button class="btn btn-danger" ng-click="confirmRemove()"><i class="fa fa-trash space-right" aria-hidden="true"></i>Remove</button>
-          <button class="btn btn-danger" ng-click="recreate()"><i class="fa fa-refresh space-right" aria-hidden="true"></i>Recreate</button>
-          <button class="btn btn-primary" ng-click="duplicate()"><i class="fa fa-files-o space-right" aria-hidden="true"></i>Duplicate/Edit</button>
+          <button class="btn btn-danger" ng-click="recreate()" ng-if="!container.Config.Labels['com.docker.swarm.service.id']"><i class="fa fa-refresh space-right" aria-hidden="true"></i>Recreate</button>
+          <button class="btn btn-primary" ng-click="duplicate()" ng-if="!container.Config.Labels['com.docker.swarm.service.id']"><i class="fa fa-files-o space-right" aria-hidden="true"></i>Duplicate/Edit</button>
         </div>
       </rd-widget-body>
     </rd-widget>

From 8c68e92e748278dbedea749b0d28e557bd45eae8 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Thu, 24 Aug 2017 07:53:34 +0200
Subject: [PATCH 05/33] feat(images): use containers instead of /system/df to
 check unused images (#1150)

---
 app/components/images/images.html              |  6 +++---
 app/components/images/imagesController.js      |  2 +-
 .../templates/templatesController.js           |  2 +-
 app/models/docker/image.js                     |  2 +-
 app/services/docker/containerService.js        |  2 +-
 app/services/docker/imageService.js            | 18 ++++++++++++------
 6 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/app/components/images/images.html b/app/components/images/images.html
index 5959c0bf2..8e82ff1a6 100644
--- a/app/components/images/images.html
+++ b/app/components/images/images.html
@@ -70,7 +70,7 @@
         <div class="pull-right">
           <input type="text" id="filter" ng-model="state.filter" placeholder="Filter..." class="form-control input-sm" />
         </div>
-        <span class="btn-group btn-group-sm pull-right" style="margin-right: 20px;" ng-if="applicationState.endpoint.mode.provider !== 'DOCKER_SWARM' && applicationState.endpoint.apiVersion >= 1.25 && applicationState.endpoint.mode.provider !== 'VMWARE_VIC'">
+        <span class="btn-group btn-group-sm pull-right" style="margin-right: 20px;">
           <label class="btn btn-primary" ng-model="state.containersCountFilter" uib-btn-radio="undefined">
             All
           </label>
@@ -121,12 +121,12 @@
               </tr>
             </thead>
             <tbody>
-              <tr dir-paginate="image in (state.filteredImages = (images | filter:{ Containers: state.containersCountFilter } | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
+              <tr dir-paginate="image in (state.filteredImages = (images | filter:{ ContainerCount: state.containersCountFilter } | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
                 <td><input type="checkbox" ng-model="image.Checked" ng-change="selectItem(image)" /></td>
                 <td>
                   <a class="monospaced" ui-sref="image({id: image.Id})">{{ image.Id|truncate:20}}</a>
                   <span style="margin-left: 10px;" class="label label-warning image-tag"
-                    ng-if="::image.Containers === 0 && applicationState.endpoint.mode.provider !== 'DOCKER_SWARM' && applicationState.endpoint.apiVersion >= 1.25 && applicationState.endpoint.mode.provider !== 'VMWARE_VIC'">
+                    ng-if="::image.ContainerCount === 0">
                     Unused
                   </span>
                 </td>
diff --git a/app/components/images/imagesController.js b/app/components/images/imagesController.js
index e8c9ca30f..6770f44a9 100644
--- a/app/components/images/imagesController.js
+++ b/app/components/images/imagesController.js
@@ -95,7 +95,7 @@ function ($scope, $state, ImageService, Notifications, Pagination, ModalService)
     $('#loadImagesSpinner').show();
     var endpointProvider = $scope.applicationState.endpoint.mode.provider;
     var apiVersion = $scope.applicationState.endpoint.apiVersion;
-    ImageService.images(apiVersion >= 1.25 && endpointProvider !== 'DOCKER_SWARM' && endpointProvider !== 'VMWARE_VIC')
+    ImageService.images(true)
     .then(function success(data) {
       $scope.images = data;
     })
diff --git a/app/components/templates/templatesController.js b/app/components/templates/templatesController.js
index 9a8d90455..347b11d9e 100644
--- a/app/components/templates/templatesController.js
+++ b/app/components/templates/templatesController.js
@@ -151,7 +151,7 @@ function ($scope, $q, $state, $stateParams, $anchorScroll, $filter, ContainerSer
 
     $q.all({
       templates: TemplateService.getTemplates(templatesKey),
-      containers: ContainerService.getContainers(0),
+      containers: ContainerService.containers(0),
       volumes: VolumeService.getVolumes(),
       networks: NetworkService.networks(
         provider === 'DOCKER_STANDALONE' || provider === 'DOCKER_SWARM_MODE',
diff --git a/app/models/docker/image.js b/app/models/docker/image.js
index 43301787f..5dd073800 100644
--- a/app/models/docker/image.js
+++ b/app/models/docker/image.js
@@ -3,8 +3,8 @@ function ImageViewModel(data) {
   this.Tag = data.Tag;
   this.Repository = data.Repository;
   this.Created = data.Created;
-  this.Containers = data.dataUsage ? data.dataUsage.Containers : 0;
   this.Checked = false;
   this.RepoTags = data.RepoTags;
   this.VirtualSize = data.VirtualSize;
+  this.ContainerCount = data.ContainerCount;
 }
diff --git a/app/services/docker/containerService.js b/app/services/docker/containerService.js
index 001b2203d..ee946fec3 100644
--- a/app/services/docker/containerService.js
+++ b/app/services/docker/containerService.js
@@ -3,7 +3,7 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
-  service.getContainers = function (all) {
+  service.containers = function(all) {
     var deferred = $q.defer();
     Container.query({ all: all }).$promise
     .then(function success(data) {
diff --git a/app/services/docker/imageService.js b/app/services/docker/imageService.js
index 95b0ba92e..181de81e3 100644
--- a/app/services/docker/imageService.js
+++ b/app/services/docker/imageService.js
@@ -1,5 +1,5 @@
 angular.module('portainer.services')
-.factory('ImageService', ['$q', 'Image', 'ImageHelper', 'RegistryService', 'HttpRequestHelper', 'SystemService', function ImageServiceFactory($q, Image, ImageHelper, RegistryService, HttpRequestHelper, SystemService) {
+.factory('ImageService', ['$q', 'Image', 'ImageHelper', 'RegistryService', 'HttpRequestHelper', 'ContainerService', function ImageServiceFactory($q, Image, ImageHelper, RegistryService, HttpRequestHelper, ContainerService) {
   'use strict';
   var service = {};
 
@@ -24,17 +24,23 @@ angular.module('portainer.services')
     var deferred = $q.defer();
 
     $q.all({
-      dataUsage: withUsage ? SystemService.dataUsage() : { Images: [] },
+      containers: withUsage ? ContainerService.containers(1) : [],
       images: Image.query({}).$promise
     })
     .then(function success(data) {
-      var images = data.images.map(function(item) {
-        item.dataUsage = data.dataUsage.Images.find(function(usage) {
-           return item.Id === usage.Id;
-        });
+      var containers = data.containers;
 
+      var images = data.images.map(function(item) {
+        item.ContainerCount = 0;
+        for (var i = 0; i < containers.length; i++) {
+          var container = containers[i];
+          if (container.ImageID === item.Id) {
+            item.ContainerCount++;
+          }
+        }
         return new ImageViewModel(item);
       });
+
       deferred.resolve(images);
     })
     .catch(function error(err) {

From c1e486bf438f01a00d8550fae11553a18cc724e1 Mon Sep 17 00:00:00 2001
From: Adam Snodgrass <overra@gmail.com>
Date: Mon, 28 Aug 2017 13:53:36 -0500
Subject: [PATCH 06/33] feat(templates): add support for bind mounts in volumes

* #777 feat(templates): add support for binding to host path

* #777 feat(templates): add link to templates documentation

* refactor(templates): update warning style to match theme

* fix(templates): remove trailing comma

* refactor(templates): use bind instead of self declaration

* feat(templates): support readonly property in template volumes

* #777 refactor(templates): remove deprecation notice

* #777 refactor(templates): remove deprecated condition from template
---
 app/components/templates/templates.html |  2 +-
 app/models/api/template.js              | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/app/components/templates/templates.html b/app/components/templates/templates.html
index 4d2e0dd71..bf05cbbfb 100644
--- a/app/components/templates/templates.html
+++ b/app/components/templates/templates.html
@@ -27,7 +27,7 @@
             </div>
             <div class="form-group">
               <div class="col-sm-12">
-                <span class="template-note" ng-bind-html="state.selectedTemplate.Note"></span>
+                <div class="template-note" ng-if="state.selectedTemplate.Note" ng-bind-html="state.selectedTemplate.Note"></div>
               </div>
             </div>
           </div>
diff --git a/app/models/api/template.js b/app/models/api/template.js
index 01532f6f6..3883edf4f 100644
--- a/app/models/api/template.js
+++ b/app/models/api/template.js
@@ -16,11 +16,18 @@ function TemplateViewModel(data) {
   this.Volumes = [];
   if (data.volumes) {
     this.Volumes = data.volumes.map(function (v) {
-      return {
-        readOnly: false,
-        containerPath: v,
+      var volume = {
+        readOnly: v.readonly || false,
+        containerPath: v.container || v,
         type: 'auto'
       };
+
+      if (v.bind) {
+        volume.name = v.bind;
+        volume.type = 'bind';
+      }
+
+      return volume;
     });
   }
   this.Ports = [];

From 13b2fcffd21f93ced1bb026b4bc772abda084089 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Mon, 28 Aug 2017 20:57:41 +0200
Subject: [PATCH 07/33] docs(templates): add deprecation notice for old volume
 format

---
 app/models/api/template.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/models/api/template.js b/app/models/api/template.js
index 3883edf4f..0123f92e4 100644
--- a/app/models/api/template.js
+++ b/app/models/api/template.js
@@ -16,6 +16,8 @@ function TemplateViewModel(data) {
   this.Volumes = [];
   if (data.volumes) {
     this.Volumes = data.volumes.map(function (v) {
+      // @DEPRECATED: New volume definition introduced
+      // via https://github.com/portainer/portainer/pull/1154
       var volume = {
         readOnly: v.readonly || false,
         containerPath: v.container || v,

From e65d132b3dc40eea45560db2583d96de91a5dde1 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Mon, 28 Aug 2017 20:59:13 +0200
Subject: [PATCH 08/33] feat(init-admin): allow to specify a username for the
 initial admin account (#1160)

---
 api/errors.go                                 |   6 +-
 api/http/handler/user.go                      |  33 +++-
 app/app.js                                    |  39 +++-
 app/components/auth/auth.html                 |  78 ++------
 app/components/auth/authController.js         | 183 ++++++++----------
 app/components/initAdmin/initAdmin.html       |  80 ++++++++
 .../initAdmin/initAdminController.js          |  33 ++++
 .../initEndpoint.html}                        | 104 ++++++----
 .../initEndpointController.js}                |  73 +++----
 app/services/api/userService.js               |  21 ++
 assets/css/app.css                            |   4 +-
 index.html                                    |   7 +-
 12 files changed, 385 insertions(+), 276 deletions(-)
 create mode 100644 app/components/initAdmin/initAdmin.html
 create mode 100644 app/components/initAdmin/initAdminController.js
 rename app/components/{endpointInit/endpointInit.html => initEndpoint/initEndpoint.html} (59%)
 rename app/components/{endpointInit/endpointInitController.js => initEndpoint/initEndpointController.js} (51%)

diff --git a/api/errors.go b/api/errors.go
index bf5f5517a..aefd967b7 100644
--- a/api/errors.go
+++ b/api/errors.go
@@ -13,8 +13,10 @@ const (
 const (
 	ErrUserNotFound            = Error("User not found")
 	ErrUserAlreadyExists       = Error("User already exists")
-	ErrInvalidUsername         = Error("Invalid username. White spaces are not allowed.")
-	ErrAdminAlreadyInitialized = Error("Admin user already initialized")
+	ErrInvalidUsername         = Error("Invalid username. White spaces are not allowed")
+	ErrAdminAlreadyInitialized = Error("An administrator user already exists")
+	ErrCannotRemoveAdmin       = Error("Cannot remove the default administrator account")
+	ErrAdminCannotRemoveSelf   = Error("Cannot remove your own user account. Contact another administrator")
 )
 
 // Team errors.
diff --git a/api/http/handler/user.go b/api/http/handler/user.go
index 7aa4e11c9..72952737d 100644
--- a/api/http/handler/user.go
+++ b/api/http/handler/user.go
@@ -82,6 +82,7 @@ type (
 	}
 
 	postAdminInitRequest struct {
+		Username string `valid:"required"`
 		Password string `valid:"required"`
 	}
 )
@@ -358,10 +359,14 @@ func (handler *UserHandler) handlePostAdminInit(w http.ResponseWriter, r *http.R
 		return
 	}
 
-	user, err := handler.UserService.UserByUsername("admin")
-	if err == portainer.ErrUserNotFound {
+	users, err := handler.UserService.UsersByRole(portainer.AdministratorRole)
+	if err != nil {
+		httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+	if len(users) == 0 {
 		user := &portainer.User{
-			Username: "admin",
+			Username: req.Username,
 			Role:     portainer.AdministratorRole,
 		}
 		user.Password, err = handler.CryptoService.Hash(req.Password)
@@ -375,11 +380,7 @@ func (handler *UserHandler) handlePostAdminInit(w http.ResponseWriter, r *http.R
 			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
 			return
 		}
-	} else if err != nil {
-		httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
-		return
-	}
-	if user != nil {
+	} else {
 		httperror.WriteErrorResponse(w, portainer.ErrAdminAlreadyInitialized, http.StatusConflict, handler.Logger)
 		return
 	}
@@ -396,6 +397,22 @@ func (handler *UserHandler) handleDeleteUser(w http.ResponseWriter, r *http.Requ
 		return
 	}
 
+	if userID == 1 {
+		httperror.WriteErrorResponse(w, portainer.ErrCannotRemoveAdmin, http.StatusForbidden, handler.Logger)
+		return
+	}
+
+	tokenData, err := security.RetrieveTokenData(r)
+	if err != nil {
+		httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
+		return
+	}
+
+	if tokenData.ID == portainer.UserID(userID) {
+		httperror.WriteErrorResponse(w, portainer.ErrAdminCannotRemoveSelf, http.StatusForbidden, handler.Logger)
+		return
+	}
+
 	_, err = handler.UserService.User(portainer.UserID(userID))
 
 	if err == portainer.ErrUserNotFound {
diff --git a/app/app.js b/app/app.js
index d7774719f..059b41344 100644
--- a/app/app.js
+++ b/app/app.js
@@ -34,11 +34,12 @@ angular.module('portainer', [
   'docker',
   'endpoint',
   'endpointAccess',
-  'endpointInit',
   'endpoints',
   'events',
   'image',
   'images',
+  'initAdmin',
+  'initEndpoint',
   'main',
   'network',
   'networks',
@@ -321,6 +322,33 @@ angular.module('portainer', [
         }
       }
     })
+    .state('init', {
+      abstract: true,
+      url: '/init',
+      views: {
+        'content@': {
+          template: '<div ui-view="content@"></div>'
+        }
+      }
+    })
+    .state('init.endpoint', {
+      url: '/endpoint',
+      views: {
+        'content@': {
+          templateUrl: 'app/components/initEndpoint/initEndpoint.html',
+          controller: 'InitEndpointController'
+        }
+      }
+    })
+    .state('init.admin', {
+      url: '/admin',
+      views: {
+        'content@': {
+          templateUrl: 'app/components/initAdmin/initAdmin.html',
+          controller: 'InitAdminController'
+        }
+      }
+    })
     .state('docker', {
       url: '/docker/',
       views: {
@@ -373,15 +401,6 @@ angular.module('portainer', [
         }
       }
     })
-    .state('endpointInit', {
-      url: '/init/endpoint',
-      views: {
-        'content@': {
-          templateUrl: 'app/components/endpointInit/endpointInit.html',
-          controller: 'EndpointInitController'
-        }
-      }
-    })
     .state('events', {
       url: '/events/',
       views: {
diff --git a/app/components/auth/auth.html b/app/components/auth/auth.html
index 8668d328a..fe53cc0b5 100644
--- a/app/components/auth/auth.html
+++ b/app/components/auth/auth.html
@@ -1,92 +1,38 @@
 <div class="page-wrapper">
   <!-- login box -->
   <div class="container simple-box">
-    <div class="col-md-6 col-md-offset-3 col-sm-6 col-sm-offset-3">
+    <div class="col-sm-6 col-sm-offset-3">
       <!-- login box logo -->
       <div class="row">
-        <img ng-if="logo" ng-src="{{ logo }}" class="simple-box-logo">
         <img ng-if="!logo" src="images/logo_alt.png" class="simple-box-logo" alt="Portainer">
+        <img ng-if="logo" ng-src="{{ logo }}" class="simple-box-logo">
       </div>
       <!-- !login box logo -->
-      <!-- init password panel -->
-      <div class="panel panel-default" ng-if="initPassword">
-        <div class="panel-body">
-          <!-- init password form -->
-          <form class="login-form form-horizontal" enctype="multipart/form-data" method="POST">
-            <!-- comment -->
-            <div class="input-group">
-              <p style="margin: 5px;">
-                Please specify a password for the <b>admin</b> user account.
-              </p>
-            </div>
-            <!-- !comment input -->
-            <!-- comment -->
-            <div class="input-group">
-              <p style="margin: 5px;">
-                <i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[initPasswordData.password.length >= 8]" aria-hidden="true"></i>
-                Your password must be at least 8 characters long
-              </p>
-            </div>
-            <!-- !comment input -->
-            <!-- password input -->
-            <div class="input-group">
-              <span class="input-group-addon"><i class="fa fa-lock" aria-hidden="true"></i></span>
-              <input id="admin_password" type="password" class="form-control" name="password" ng-model="initPasswordData.password" autofocus>
-            </div>
-            <!-- !password input -->
-            <!-- comment -->
-            <div class="input-group">
-              <p style="margin: 5px;">
-                <i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[initPasswordData.password !== '' && initPasswordData.password === initPasswordData.password_confirmation]" aria-hidden="true"></i>
-                Confirm your password
-              </p>
-            </div>
-            <!-- !comment input -->
-            <!-- password confirmation input -->
-            <div class="input-group">
-              <span class="input-group-addon"><i class="fa fa-lock" aria-hidden="true"></i></span>
-              <input id="password_confirmation" type="password" class="form-control" name="password" ng-model="initPasswordData.password_confirmation">
-            </div>
-            <!-- !password confirmation input -->
-            <!-- validate button -->
-            <div class="form-group">
-              <div class="col-sm-12 controls">
-                <p class="pull-left text-danger" ng-if="initPasswordData.error" style="margin: 5px;">
-                  <i class="fa fa-exclamation-circle" aria-hidden="true"></i> Unable to create default user
-                </p>
-                <button type="submit" class="btn btn-primary pull-right" ng-disabled="initPasswordData.password.length < 8 || initPasswordData.password !== initPasswordData.password_confirmation" ng-click="createAdminUser()"><i class="fa fa-key" aria-hidden="true"></i> Validate</button>
-              </div>
-            </div>
-            <!-- !validate button -->
-          </form>
-          <!-- !init password form -->
-        </div>
-      </div>
-      <!-- !init password panel -->
       <!-- login panel -->
-      <div class="panel panel-default" ng-if="!initPassword">
+      <div class="panel panel-default">
         <div class="panel-body">
           <!-- login form -->
-          <form class="login-form form-horizontal" enctype="multipart/form-data" method="POST">
+          <form class="simple-box-form form-horizontal">
             <!-- username input -->
             <div class="input-group">
               <span class="input-group-addon"><i class="fa fa-user" aria-hidden="true"></i></span>
-              <input id="username" type="text" class="form-control" name="username" ng-model="authData.username" placeholder="Username">
+              <input id="username" type="text" class="form-control" name="username" ng-model="formValues.Username" placeholder="admin" autofocus>
             </div>
             <!-- !username input -->
             <!-- password input -->
             <div class="input-group">
               <span class="input-group-addon"><i class="fa fa-lock" aria-hidden="true"></i></span>
-              <input id="password" type="password" class="form-control" name="password" ng-model="authData.password" autofocus>
+              <input id="password" type="password" class="form-control" name="password" ng-model="formValues.Password">
             </div>
             <!-- !password input -->
             <!-- login button -->
             <div class="form-group">
-              <div class="col-sm-12 controls">
-                <p class="pull-left text-danger" ng-if="authData.error" style="margin: 5px;">
-                  <i class="fa fa-exclamation-circle" aria-hidden="true"></i> {{ authData.error }}
-                </p>
-                <button type="submit" class="btn btn-primary pull-right" ng-click="authenticateUser()"><i class="fa fa-sign-in" aria-hidden="true"></i> Login</button>
+              <div class="col-sm-12">
+                <button type="submit" class="btn btn-primary btn-sm pull-right" ng-click="authenticateUser()"><i class="fa fa-sign-in" aria-hidden="true"></i> Login</button>
+                <span class="pull-left" style="margin: 5px;" ng-if="state.AuthenticationError">
+                  <i class="fa fa-exclamation-triangle red-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+                  <span class="small text-danger">{{ state.AuthenticationError }}</span>
+                </span>
               </div>
             </div>
             <!-- !login button -->
diff --git a/app/components/auth/authController.js b/app/components/auth/authController.js
index cd203cfc0..a20d0ccb7 100644
--- a/app/components/auth/authController.js
+++ b/app/components/auth/authController.js
@@ -1,123 +1,110 @@
 angular.module('auth', [])
-.controller('AuthenticationController', ['$scope', '$state', '$stateParams', '$window', '$timeout', '$sanitize', 'Authentication', 'Users', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications', 'SettingsService',
-function ($scope, $state, $stateParams, $window, $timeout, $sanitize, Authentication, Users, EndpointService, StateManager, EndpointProvider, Notifications, SettingsService) {
-
-  $scope.authData = {
-    username: 'admin',
-    password: '',
-    error: ''
-  };
-  $scope.initPasswordData = {
-    password: '',
-    password_confirmation: '',
-    error: false
-  };
+.controller('AuthenticationController', ['$scope', '$state', '$stateParams', '$window', '$timeout', '$sanitize', 'Authentication', 'Users', 'UserService', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications', 'SettingsService',
+function ($scope, $state, $stateParams, $window, $timeout, $sanitize, Authentication, Users, UserService, EndpointService, StateManager, EndpointProvider, Notifications, SettingsService) {
 
   $scope.logo = StateManager.getState().application.logo;
 
-  if (!$scope.applicationState.application.authentication) {
-    EndpointService.endpoints()
-    .then(function success(data) {
-      if (data.length > 0)  {
-        endpointID = EndpointProvider.endpointID();
-        if (!endpointID) {
-          endpointID = data[0].Id;
-          EndpointProvider.setEndpointID(endpointID);
-        }
-        StateManager.updateEndpointState(true)
-        .then(function success() {
-          $state.go('dashboard');
-        }, function error(err) {
-          Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
-        });
-      }
-      else {
-        $state.go('endpointInit');
-      }
-    }, function error(err) {
-      Notifications.error('Failure', err, 'Unable to retrieve endpoints');
-    });
-  } else {
-    Users.checkAdminUser({}, function () {},
-    function (e) {
-      if (e.status === 404) {
-        $scope.initPassword = true;
-      } else {
-        Notifications.error('Failure', e, 'Unable to verify administrator account existence');
-      }
-    });
-  }
-
-  if ($stateParams.logout) {
-    Authentication.logout();
-  }
-
-  if ($stateParams.error) {
-    $scope.authData.error = $stateParams.error;
-    Authentication.logout();
-  }
-
-  if (Authentication.isAuthenticated()) {
-    $state.go('dashboard');
-  }
-
-  $scope.createAdminUser = function() {
-    var password = $sanitize($scope.initPasswordData.password);
-    Users.initAdminUser({password: password}, function (d) {
-      $scope.initPassword = false;
-      $timeout(function() {
-        var element = $window.document.getElementById('password');
-        if(element) {
-          element.focus();
-        }
-      });
-    }, function (e) {
-      $scope.initPassword.error = true;
-    });
+  $scope.formValues = {
+    Username: '',
+    Password: ''
   };
 
+  $scope.state = {
+    AuthenticationError: ''
+  };
+
+  function setActiveEndpointAndRedirectToDashboard(endpoint) {
+    var endpointID = EndpointProvider.endpointID();
+    if (!endpointID) {
+      EndpointProvider.setEndpointID(endpoint.Id);
+    }
+    StateManager.updateEndpointState(true)
+    .then(function success(data) {
+      $state.go('dashboard');
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
+    });
+  }
+
+  function unauthenticatedFlow() {
+    EndpointService.endpoints()
+    .then(function success(data) {
+      var endpoints = data;
+      if (endpoints.length > 0)  {
+        setActiveEndpointAndRedirectToDashboard(endpoints[0]);
+      } else {
+        $state.go('init.endpoint');
+      }
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to retrieve endpoints');
+    });
+  }
+
+  function authenticatedFlow() {
+    UserService.administratorExists()
+    .then(function success(exists) {
+      if (!exists) {
+        $state.go('init.admin');
+      }
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to verify administrator account existence');
+    });
+  }
+
   $scope.authenticateUser = function() {
-    $scope.authenticationError = false;
+    var username = $scope.formValues.Username;
+    var password = $scope.formValues.Password;
 
     SettingsService.publicSettings()
     .then(function success(data) {
       var settings = data;
-      var username = $scope.authData.username;
-      var password = $scope.authData.password;
       if (settings.AuthenticationMethod === 1) {
-        username = $sanitize($scope.authData.username);
-        password = $sanitize($scope.authData.password);
+        username = $sanitize(username);
+        password = $sanitize(password);
       }
-
       return Authentication.login(username, password);
     })
-    .then(function success(data) {
+    .then(function success() {
       return EndpointService.endpoints();
     })
     .then(function success(data) {
+      var endpoints = data;
       var userDetails = Authentication.getUserDetails();
-      if (data.length > 0)  {
-        endpointID = EndpointProvider.endpointID();
-        if (!endpointID) {
-          endpointID = data[0].Id;
-          EndpointProvider.setEndpointID(endpointID);
-        }
-        StateManager.updateEndpointState(true)
-        .then(function success() {
-          $state.go('dashboard');
-        }, function error(err) {
-          Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
-        });
-      }
-      else if (data.length === 0 && userDetails.role === 1) {
-        $state.go('endpointInit');
-      } else if (data.length === 0 && userDetails.role === 2) {
+      if (endpoints.length > 0)  {
+        setActiveEndpointAndRedirectToDashboard(endpoints[0]);
+      } else if (endpoints.length === 0 && userDetails.role === 1) {
+        $state.go('init.endpoint');
+      } else if (endpoints.length === 0 && userDetails.role === 2) {
         Authentication.logout();
-        $scope.authData.error = 'User not allowed. Please contact your administrator.';
+        $scope.state.AuthenticationError = 'User not allowed. Please contact your administrator.';
       }
     })
-    .catch(function error(err) {
-      $scope.authData.error = 'Authentication error';
+    .catch(function error() {
+      $scope.state.AuthenticationError = 'Invalid credentials';
     });
   };
+
+  function initView() {
+    if ($stateParams.logout || $stateParams.error) {
+      Authentication.logout();
+      $scope.state.AuthenticationError = $stateParams.error;
+      return;
+    }
+
+    if (Authentication.isAuthenticated()) {
+      $state.go('dashboard');
+    }
+
+    var authenticationEnabled = $scope.applicationState.application.authentication;
+    if (!authenticationEnabled) {
+      unauthenticatedFlow();
+    } else {
+      authenticatedFlow();
+    }
+  }
+
+  initView();
 }]);
diff --git a/app/components/initAdmin/initAdmin.html b/app/components/initAdmin/initAdmin.html
new file mode 100644
index 000000000..775a1b5e9
--- /dev/null
+++ b/app/components/initAdmin/initAdmin.html
@@ -0,0 +1,80 @@
+<div class="page-wrapper">
+  <!-- simple box -->
+  <div class="container simple-box">
+    <div class="col-md-8 col-md-offset-2 col-sm-10 col-sm-offset-1">
+      <!-- simple box logo -->
+      <div class="row">
+        <img ng-if="logo" ng-src="{{ logo }}" class="simple-box-logo">
+        <img ng-if="!logo" src="images/logo_alt.png" class="simple-box-logo" alt="Portainer">
+      </div>
+      <!-- !simple box logo -->
+      <!-- init password panel -->
+      <div class="panel panel-default">
+        <div class="panel-body">
+          <!-- init password form -->
+          <form class="simple-box-form form-horizontal">
+            <!-- note -->
+            <div class="form-group">
+              <div class="col-sm-12">
+                <span class="small text-muted">
+                  Please create the initial administrator user.
+                </span>
+              </div>
+            </div>
+            <!-- !note -->
+            <!-- username-input -->
+            <div class="form-group">
+              <label for="username" class="col-sm-4 control-label text-left">
+                Username
+              </label>
+              <div class="col-sm-8">
+                <input type="text" class="form-control" id="username" ng-model="formValues.Username" placeholder="e.g. admin">
+              </div>
+            </div>
+            <!-- !username-input -->
+            <!-- new-password-input -->
+            <div class="form-group">
+              <label for="password" class="col-sm-4 control-label text-left">Password</label>
+              <div class="col-sm-8">
+                <input type="password" class="form-control" ng-model="formValues.Password" id="password">
+              </div>
+            </div>
+            <!-- !new-password-input -->
+            <!-- confirm-password-input -->
+            <div class="form-group">
+              <label for="confirm_password" class="col-sm-4 control-label text-left">Confirm password</label>
+              <div class="col-sm-8">
+                <div class="input-group">
+                  <input type="password" class="form-control" ng-model="formValues.ConfirmPassword" id="confirm_password">
+                  <span class="input-group-addon"><i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[formValues.Password !== '' && formValues.Password === formValues.ConfirmPassword]" aria-hidden="true"></i></span>
+                </div>
+              </div>
+            </div>
+            <!-- !confirm-password-input -->
+            <!-- note -->
+            <div class="form-group">
+              <div class="col-sm-12">
+                <span class="small text-muted">
+                  <i ng-class="{true: 'fa fa-check green-icon', false: 'fa fa-times red-icon'}[formValues.Password.length >= 8]" aria-hidden="true"></i>
+                  The password must be at least 8 characters long
+                </span>
+              </div>
+            </div>
+            <!-- !note -->
+            <!-- actions -->
+            <div class="form-group">
+              <div class="col-sm-12">
+                <button type="submit" class="btn btn-primary btn-sm" ng-disabled="formValues.Password.length < 8 || formValues.Password !== formValues.ConfirmPassword" ng-click="createAdminUser()"><i class="fa fa-user-plus" aria-hidden="true"></i> Create user</button>
+                <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+              </div>
+            </div>
+            <!-- !actions -->
+          </form>
+          <!-- !init password form -->
+        </div>
+      </div>
+      <!-- !init password panel -->
+    </div>
+  </div>
+  <!-- !simple box -->
+</div>
diff --git a/app/components/initAdmin/initAdminController.js b/app/components/initAdmin/initAdminController.js
new file mode 100644
index 000000000..a78fa7854
--- /dev/null
+++ b/app/components/initAdmin/initAdminController.js
@@ -0,0 +1,33 @@
+angular.module('initAdmin', [])
+.controller('InitAdminController', ['$scope', '$state', '$sanitize', 'Notifications', 'Authentication', 'StateManager', 'UserService',
+function ($scope, $state, $sanitize, Notifications, Authentication, StateManager, UserService) {
+
+  $scope.logo = StateManager.getState().application.logo;
+
+  $scope.formValues = {
+    Username: 'admin',
+    Password: '',
+    ConfirmPassword: ''
+  };
+
+  $scope.createAdminUser = function() {
+    $('#createResourceSpinner').show();
+    var username = $sanitize($scope.formValues.Username);
+    var password = $sanitize($scope.formValues.Password);
+
+    UserService.initAdministrator(username, password)
+    .then(function success() {
+      return Authentication.login(username, password);
+    })
+    .then(function success() {
+      $state.go('init.endpoint');
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to create administrator user');
+    })
+    .finally(function final() {
+      $('#createResourceSpinner').hide();
+    });
+  };
+
+}]);
diff --git a/app/components/endpointInit/endpointInit.html b/app/components/initEndpoint/initEndpoint.html
similarity index 59%
rename from app/components/endpointInit/endpointInit.html
rename to app/components/initEndpoint/initEndpoint.html
index 8c7abf963..1f87d0570 100644
--- a/app/components/endpointInit/endpointInit.html
+++ b/app/components/initEndpoint/initEndpoint.html
@@ -12,51 +12,74 @@
       <div class="panel panel-default">
         <div class="panel-body">
           <!-- init-endpoint form -->
-          <form class="form-horizontal" style="margin: 20px;" enctype="multipart/form-data" method="POST">
-            <!-- comment -->
-            <div class="form-group" style="text-align: center;">
-              <h4>Connect Portainer to a Docker engine or Swarm cluster endpoint</h4>
-            </div>
-            <!-- !comment input -->
-            <!-- endpoin-type radio -->
+          <form class="simple-box-form form-horizontal">
+            <!-- note -->
             <div class="form-group">
-              <div class="radio">
-                <label><input type="radio" name="endpointType" value="local" ng-model="formValues.endpointType" ng-click="resetErrorMessage()">Manage the Docker instance where Portainer is running</label>
-              </div>
-              <div class="radio">
-                <label><input type="radio" name="endpointType" value="remote" ng-model="formValues.endpointType" ng-click="resetErrorMessage()">Manage a remote Docker instance</label>
+              <div class="col-sm-12">
+                <span class="small text-muted">
+                  Connect Portainer to the Docker environment you want to manage.
+                </span>
               </div>
             </div>
-            <!-- endpoint-type radio -->
-            <!-- local-endpoint -->
-            <div ng-if="formValues.endpointType === 'local'" style="margin-top: 25px;">
-              <div class="form-group">
-                <i class="fa fa-exclamation-triangle" aria-hidden="true" style="margin-right: 5px;"></i>
-                <span class="small text-primary">This feature is not yet available for native Docker Windows containers.</span>
-                <div class="small text-primary">On Linux and when using Docker for Mac or Docker for Windows or Docker Toolbox, ensure that you have started Portainer container with the following Docker flag <code>-v "/var/run/docker.sock:/var/run/docker.sock"</code></div>
+            <!-- !note -->
+            <!-- endpoint-type -->
+            <div class="form-group" style="margin-bottom: 0">
+              <div class="boxselector_wrapper">
+                <div>
+                  <input type="radio" id="local_endpoint" ng-model="formValues.EndpointType" value="local">
+                  <label for="local_endpoint">
+                    <div class="boxselector_header">
+                      <i class="fa fa-bolt" aria-hidden="true" style="margin-right: 2px;"></i>
+                      Local
+                    </div>
+                    <p>Manage the Docker environment where Portainer is running</p>
+                  </label>
+                </div>
+                <div>
+                  <input type="radio" id="remote_endpoint" ng-model="formValues.EndpointType" value="remote">
+                  <label for="remote_endpoint">
+                    <div class="boxselector_header">
+                      <i class="fa fa-plug" aria-hidden="true" style="margin-right: 2px;"></i>
+                      Remote
+                    </div>
+                    <p>Manage a remote Docker environment</p>
+                  </label>
+                </div>
               </div>
-              <!-- connect button -->
-              <div class="form-group" style="margin-top: 10px;">
-                <div class="col-sm-12 controls">
-                  <p class="pull-left text-danger" ng-if="state.error" style="margin: 5px;">
-                    <i class="fa fa-exclamation-circle" aria-hidden="true"></i> {{ state.error }}
-                  </p>
-                  <span class="pull-right">
-                    <i id="initEndpointSpinner" class="fa fa-cog fa-spin" style="margin-right: 5px; display: none;"></i>
-                    <button type="submit" class="btn btn-primary" ng-click="createLocalEndpoint()"><i class="fa fa-plug" aria-hidden="true"></i> Connect</button>
+            </div>
+            <!-- !endpoint-type  -->
+            <!-- local-endpoint -->
+            <div ng-if="formValues.EndpointType === 'local'">
+              <div class="form-group">
+                <div class="col-sm-12">
+                  <span class="small">
+                    <p class="text-muted">
+                      <i class="fa fa-exclamation-triangle orange-icon" aria-hidden="true" style="margin-right: 2px;"></i>
+                      This feature is not yet available for <u>native Docker Windows containers</u>.
+                    </p>
+                    <p class="text-primary">
+                      Please ensure that you have started the Portainer container with the following Docker flag <code>-v "/var/run/docker.sock:/var/run/docker.sock"</code> in order to connect to the local Docker environment.
+                    </p>
                   </span>
                 </div>
               </div>
-              <!-- !connect button -->
+              <!-- actions -->
+              <div class="form-group">
+                <div class="col-sm-12">
+                  <button type="submit" class="btn btn-primary btn-sm" ng-click="createLocalEndpoint()"><i class="fa fa-bolt" aria-hidden="true"></i> Connect</button>
+                  <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+                </div>
+              </div>
+              <!-- !actions -->
             </div>
             <!-- !local-endpoint -->
             <!-- remote-endpoint -->
-            <div ng-if="formValues.endpointType === 'remote'" style="margin-top: 25px;">
+            <div ng-if="formValues.EndpointType === 'remote'">
               <!-- name-input -->
               <div class="form-group">
-                <label for="container_name" class="col-sm-4 col-lg-3 control-label text-left">Name</label>
+                <label for="endpoint_name" class="col-sm-4 col-lg-3 control-label text-left">Name</label>
                 <div class="col-sm-8 col-lg-9">
-                  <input type="text" class="form-control" id="container_name" ng-model="formValues.Name" placeholder="e.g. docker-prod01">
+                  <input type="text" class="form-control" id="endpoint_name" ng-model="formValues.Name" placeholder="e.g. docker-prod01">
                 </div>
               </div>
               <!-- !name-input -->
@@ -127,19 +150,14 @@
                 <!-- !key-input -->
               </div>
               <!-- !tls-certs -->
-              <!-- connect button -->
-              <div class="form-group" style="margin-top: 10px;">
-                <div class="col-sm-12 controls">
-                  <p class="pull-left text-danger" ng-if="state.error" style="margin: 5px;">
-                    <i class="fa fa-exclamation-circle" aria-hidden="true"></i> {{ state.error }}
-                  </p>
-                  <span class="pull-right">
-                    <i id="initEndpointSpinner" class="fa fa-cog fa-spin" style="margin-right: 5px; display: none;"></i>
-                    <button type="submit" class="btn btn-primary" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && (!formValues.TLSCACert || !formValues.TLSCert || !formValues.TLSKey))" ng-click="createRemoteEndpoint()"><i class="fa fa-plug" aria-hidden="true"></i> Connect</button>
-                  </span>
+              <!-- actions -->
+              <div class="form-group">
+                <div class="col-sm-12">
+                  <button type="submit" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && (!formValues.TLSCACert || !formValues.TLSCert || !formValues.TLSKey))" ng-click="createRemoteEndpoint()"><i class="fa fa-plug" aria-hidden="true"></i> Connect</button>
+                  <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
                 </div>
               </div>
-              <!-- !connect button -->
+              <!-- !actions -->
             </div>
             <!-- !remote-endpoint -->
           </form>
diff --git a/app/components/endpointInit/endpointInitController.js b/app/components/initEndpoint/initEndpointController.js
similarity index 51%
rename from app/components/endpointInit/endpointInitController.js
rename to app/components/initEndpoint/initEndpointController.js
index c99a9a86c..d653f6869 100644
--- a/app/components/endpointInit/endpointInitController.js
+++ b/app/components/initEndpoint/initEndpointController.js
@@ -1,13 +1,15 @@
-angular.module('endpointInit', [])
-.controller('EndpointInitController', ['$scope', '$state', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications',
+angular.module('initEndpoint', [])
+.controller('InitEndpointController', ['$scope', '$state', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications',
 function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notifications) {
+
+  $scope.logo = StateManager.getState().application.logo;
+
   $scope.state = {
-    error: '',
     uploadInProgress: false
   };
 
   $scope.formValues = {
-    endpointType: 'remote',
+    EndpointType: 'remote',
     Name: '',
     URL: '',
     TLS: false,
@@ -20,51 +22,31 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
     $state.go('dashboard');
   }
 
-  $scope.resetErrorMessage = function() {
-    $scope.state.error = '';
-  };
 
-  function showErrorMessage(message) {
-    $scope.state.uploadInProgress = false;
-    $scope.state.error = message;
-  }
+  $scope.createLocalEndpoint = function() {
+    $('#createResourceSpinner').show();
+    var name = 'local';
+    var URL = 'unix:///var/run/docker.sock';
 
-  function updateEndpointState(endpointID) {
-    EndpointProvider.setEndpointID(endpointID);
-    StateManager.updateEndpointState(false)
+    EndpointService.createLocalEndpoint(name, URL, false, true)
+    .then(function success(data) {
+      var endpointID = data.Id;
+      EndpointProvider.setEndpointID(endpointID);
+      return StateManager.updateEndpointState(false);
+    })
     .then(function success(data) {
       $state.go('dashboard');
     })
     .catch(function error(err) {
-      EndpointService.deleteEndpoint(endpointID)
-      .then(function success() {
-        showErrorMessage('Unable to connect to the Docker endpoint');
-      });
-    });
-  }
-
-  $scope.createLocalEndpoint = function() {
-    $('#initEndpointSpinner').show();
-    $scope.state.error = '';
-    var name = 'local';
-    var URL = 'unix:///var/run/docker.sock';
-    var TLS = false;
-
-    EndpointService.createLocalEndpoint(name, URL, TLS, true)
-    .then(function success(data) {
-      var endpointID = data.Id;
-      updateEndpointState(data.Id);
-    }, function error() {
-      $scope.state.error = 'Unable to create endpoint';
+      Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
     })
     .finally(function final() {
-      $('#initEndpointSpinner').hide();
+      $('#createResourceSpinner').hide();
     });
   };
 
   $scope.createRemoteEndpoint = function() {
-    $('#initEndpointSpinner').show();
-    $scope.state.error = '';
+    $('#createResourceSpinner').show();
     var name = $scope.formValues.Name;
     var URL = $scope.formValues.URL;
     var PublicURL = URL.split(':')[0];
@@ -76,16 +58,17 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
     EndpointService.createRemoteEndpoint(name, URL, PublicURL, TLS, TLSCAFile, TLSCertFile, TLSKeyFile)
     .then(function success(data) {
       var endpointID = data.Id;
-      updateEndpointState(endpointID);
-    }, function error(err) {
-      showErrorMessage(err.msg);
-    }, function update(evt) {
-      if (evt.upload) {
-        $scope.state.uploadInProgress = evt.upload;
-      }
+      EndpointProvider.setEndpointID(endpointID);
+      return StateManager.updateEndpointState(false);
+    })
+    .then(function success(data) {
+      $state.go('dashboard');
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
     })
     .finally(function final() {
-      $('#initEndpointSpinner').hide();
+      $('#createResourceSpinner').hide();
     });
   };
 }]);
diff --git a/app/services/api/userService.js b/app/services/api/userService.js
index 7e3bf2b66..50680d7df 100644
--- a/app/services/api/userService.js
+++ b/app/services/api/userService.js
@@ -134,5 +134,26 @@ angular.module('portainer.services')
     return deferred.promise;
   };
 
+  service.initAdministrator = function(username, password) {
+    return Users.initAdminUser({ Username: username, Password: password }).$promise;
+  };
+
+  service.administratorExists = function() {
+    var deferred = $q.defer();
+
+    Users.checkAdminUser({}).$promise
+    .then(function success(data) {
+      deferred.resolve(true);
+    })
+    .catch(function error(err) {
+      if (err.status === 404) {
+        deferred.resolve(false);
+      }
+      deferred.reject({ msg: 'Unable to verify administrator account existence', err: err });
+    });
+
+    return deferred.promise;
+  };
+
   return service;
 }]);
diff --git a/assets/css/app.css b/assets/css/app.css
index 2b2f4bb80..795b5a722 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -254,11 +254,11 @@ a[ng-click]{
   margin-bottom: 10px;
 }
 
-.login-form > div {
+.simple-box-form > div {
   margin-bottom: 25px;
 }
 
-.login-form > div:last-child {
+.simple-box-form > div:last-child {
   margin-top: 10px;
   margin-bottom: 10px;
 }
diff --git a/index.html b/index.html
index 3219c5fbd..3008dc9c1 100644
--- a/index.html
+++ b/index.html
@@ -29,8 +29,11 @@
 </head>
 
 <body ng-controller="MainController">
-  <div id="page-wrapper" ng-class="{open: toggle && $state.current.name !== 'auth' && $state.current.name !== 'endpointInit' && $state.current.name !== 'init', nopadding: $state.current.name === 'auth' || $state.current.name === 'endpointInit' || $state.current.name === 'init' || applicationState.loading }" ng-cloak>
-
+  <div id="page-wrapper" ng-class="{
+    open: toggle && ['auth', 'init', 'init.endpoint', 'init.admin'].indexOf($state.current.name) === -1,
+    nopadding: ['auth', 'init', 'init.endpoint', 'init.admin'].indexOf($state.current.name) > -1 || applicationState.loading
+  }"
+  ng-cloak>
     <div id="sideview" ui-view="sidebar" ng-if="!applicationState.loading"></div>
 
     <div id="content-wrapper">

From 0e8da2db182c28ee742047f093e9e4f825aa109a Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 29 Aug 2017 09:11:19 +0200
Subject: [PATCH 09/33] docs(swagger): update UserAdminInitRequest definition

---
 api/swagger.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/api/swagger.yaml b/api/swagger.yaml
index 28e0dc3f1..21f4dac79 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -2454,10 +2454,14 @@ definitions:
   UserAdminInitRequest:
     type: "object"
     properties:
+      Username:
+        type: "string"
+        example: "admin"
+        description: "Username of the initial administrator account"
       Password:
         type: "string"
         example: "admin-password"
-        description: "Password for the admin user"
+        description: "Password of the initial administrator account"
   TemplateListResponse:
     type: "array"
     items:

From ef8edfb67b05374517e0bdbca43187ca4dff3f87 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Mon, 4 Sep 2017 19:04:30 +0200
Subject: [PATCH 10/33] feat(api): display version in startup logs (#1175)

---
 api/cmd/portainer/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go
index aced452a7..bb9839907 100644
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -245,7 +245,7 @@ func main() {
 		SSLKey:                 *flags.SSLKey,
 	}
 
-	log.Printf("Starting Portainer on %s", *flags.Addr)
+	log.Printf("Starting Portainer %s on %s", portainer.APIVersion, *flags.Addr)
 	err = server.Start()
 	if err != nil {
 		log.Fatal(err)

From 9a0f0a97012b3936849022c29ddf79375e13ffc5 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 5 Sep 2017 09:57:49 +0200
Subject: [PATCH 11/33] feat(favicon): fix favicon display (#1177)

---
 api/http/handler/file.go                    |   1 +
 assets/ico/android-chrome-192x192.png       | Bin 0 -> 1639 bytes
 assets/ico/android-chrome-256x256.png       | Bin 0 -> 1976 bytes
 assets/ico/apple-touch-icon-precomposed.png | Bin 539 -> 0 bytes
 assets/ico/apple-touch-icon.png             | Bin 0 -> 1244 bytes
 assets/ico/browserconfig.xml                |   9 +++++++++
 assets/ico/favicon-16x16.png                | Bin 0 -> 378 bytes
 assets/ico/favicon-32x32.png                | Bin 0 -> 525 bytes
 assets/ico/favicon.ico                      | Bin 880 -> 15086 bytes
 assets/ico/manifest.json                    |  18 ++++++++++++++++++
 assets/ico/mstile-150x150.png               | Bin 0 -> 1361 bytes
 assets/ico/safari-pinned-tab.svg            |   1 +
 assets/images/logo_ico.png                  | Bin 0 -> 7174 bytes
 index.html                                  |  10 ++++++++--
 14 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 assets/ico/android-chrome-192x192.png
 create mode 100644 assets/ico/android-chrome-256x256.png
 delete mode 100644 assets/ico/apple-touch-icon-precomposed.png
 create mode 100644 assets/ico/apple-touch-icon.png
 create mode 100644 assets/ico/browserconfig.xml
 create mode 100644 assets/ico/favicon-16x16.png
 create mode 100644 assets/ico/favicon-32x32.png
 create mode 100644 assets/ico/manifest.json
 create mode 100644 assets/ico/mstile-150x150.png
 create mode 100644 assets/ico/safari-pinned-tab.svg
 create mode 100644 assets/images/logo_ico.png

diff --git a/api/http/handler/file.go b/api/http/handler/file.go
index 488a3968e..2191169ac 100644
--- a/api/http/handler/file.go
+++ b/api/http/handler/file.go
@@ -30,6 +30,7 @@ func NewFileHandler(assetPath string) *FileHandler {
 			"/js":     true,
 			"/images": true,
 			"/fonts":  true,
+			"/ico":    true,
 		},
 	}
 	return h
diff --git a/assets/ico/android-chrome-192x192.png b/assets/ico/android-chrome-192x192.png
new file mode 100644
index 0000000000000000000000000000000000000000..abf81c516a9b13cec07ce21f6e7c8d1d4aed67b7
GIT binary patch
literal 1639
zcmV-t2AKJYP)<h;3K|Lk000e1NJLTq006)M006)Q0{{R3pz?7v00004XF*Lt006O%
z3;baP00001b5ch_0Itp)=>Px#9#BkFMK#<1Olfg7+y6D&|25nHHQWC++y6D&|25nH
zHQWDpB57v;000VfQchF<02r#q;W2bqkDv8$ZU6uP32;bRa{vGf6951U69E94oEQKA
z1zAZ%K~#9!?VHVW+Bg)z)!H&}w9_$gbP|$sbDEEt-bkU{_U7h;rZ-5)?DmGU?U3A{
zyJ^!~vK=zr|F*Ve8)L97q^IoC@nZ%9ljvtj?@RI%QUwdj0q}rwv-M0UU<Dy12jqbN
zH$b~ZNHPQhu8||}!~uH9lh>jEYsi;9F@Ula0MI`o0F_Dm2#??adc$q`*eA$cXn?Dr
zj*2?daAJC&3}C<~@4iQ_p;f%TyfZ)ne|sZu6H6wueF6zM3v`FLin{mp6&zsFpzn*$
zD3uj0qM#>HXBP|^2tbcaYUoY<NrwPvQMC*KzS?&A0otdiVNK!z=~v0%23${#b|m0b
zD3p}~(3{qmXhhr0R#rr*pnLN}CQ;UBJOE;|uajc3*FAi}4)DEBa?rod@ZA{z-JDUB
z7=S2ivhPL|9(ww}<7vyBd!Pr*>;Ft%G&_pa0HUB5S&7$-9?$~T=IY>_%&wl2Xv6`l
z6WJtox*8J)P>lcPc~*4qel#)w4HOfMC?t|?9HaxZ2I7=oA7BXvsNc6|Wfyzz$No3R
zwB0vpd#-FT1e}`Wy~`0hcrtsd91)E)oda?}4#)wi(!m2q`T_xd@Dw*hco*-Y9f5OD
zs7e)C7YZolfCmNW10vn8<az-OsQ3wpZIY`34`@2CL(4X$hTM=%0f4SGGVQ)??sp#7
zlqc{2JOMls0zh#99^)~ftC$7&yMV#~WumS>gaPKP(Q?4U0UnD1Y@;{Ud(Tx!rhF>^
z;5$2iK?n};-St)IuAu=L0x(2JN5{_V<!IdUuCLaQTCN<53pn7u=n~yqd!}u+`^915
zT&YPt`2+qPFdi83cu-!lh=v|KqUC^J4<OzSzE~HHEyt1%hRS)drqoI+aveXFm&X^8
zy;vurS>C>EyGDMHpa7b`Uu*=|;D@CNIMt>XUt0d9)!Ol|BOt&qY0vcq5Fl}Pxd;Q$
z6L*be7(g|7UwQ-rs3imLKmfyJz*`W&Z8AUs0i-;lD1ZP`9#NDa0D8*P4H*JZ`7Z(3
zSO!3O>3fhm$;L8hQJNh{qAghx?TbKMh1!od+x&NMwPS@blN->94a*l-b<~ZIVD5T-
zs{Qxf;P*4AfHM`7-J&J!kHMwejUG_QjOwXdv$47BemeZ@#5%7x`pvgJzP!ks0NPIb
zR#-i$PyU7r(22T+N&Tc>BBgDd8eY*0J76X9d|orBJ(2e9rG;DfZhaR=`X1hNcUq;|
zsy+^NYlS0y?}tgmbddr+4O5zup?+ou1Y@)xvx%_Ol(LR85fD^wjM9=Yn*-pdr*dj+
zDDePvi%dZ+tpwzbXN}e)nP@)^P~-t<=F#&jTTL%?>GG^H^{nvh$QJi9wwewo@&TS+
zZI9CdGS?7&q$nlovIBIJrdG*j257fb#ZddqfOWcRt2Qe@r!4eRSOFc%da)vRz{!vT
zBY<)S*a3aP0Qy=!#yO}W!GI1m;D8M<qy{irvPliNV*)HtulWLemC2G=@BpX+!a`dK
zER%rP&45l%xq46(4Je78WSIq^F97hicLW+5m7emr3P!+i0l)}&a~!4zWx<oY$Sh;Q
zL7&YIqAPtNmb}Or1ceQto<oMTw1qgx0%30Yz6PhI2`ijyp}DCVoB|ZL!f^<HSui7%
zyo}wr8Qk>v7dYw9lXYHKngxh^4QwvD1k3`&yhb5%hMV@Re#Vi#M$EA4p`W80pv-6b
z>v7*!Cw(}iZ9fYT-8Us?1NA>!$ITyx3IvFroDWZ^uBr=2X4ykMApE8>Np@YurZ>^}
zUKIsUwXffwU!JPs0DO`IGUX?|oTf>zEGc^c0038dR9JLUVRs;Ka&Km7Y-J#Hd2nSQ
zX>fF7004NL<MIp$aaJfO%1_J8N##-i10xGAV+#`_6HAj60}~)bfHcEo10%CkAj{a)
l$i&RV9K;99fJmT9E&%Em5p?oGHI)DW002ovPDHLkV1mUX-uwUn

literal 0
HcmV?d00001

diff --git a/assets/ico/android-chrome-256x256.png b/assets/ico/android-chrome-256x256.png
new file mode 100644
index 0000000000000000000000000000000000000000..8770d7d3b05a0f4866ad5e33bf6e098074286f2e
GIT binary patch
literal 1976
zcmZ8idpy%^8^3@1jm?HIhvg9yX^)T=BQ54UIju!eyheEPyd~$uO#MREVVxX`MNNt7
zmBb>Feuc`Z=-@4c5y?9hPs!n_z3ct+{d}(b`rg-loj>>Ib6v;Sex7OseF6YL&5Py6
z0RU25A%KMyP#tn7PyyIKoPC`ExP6-Vcev6oZ6e3h1ynyX_^1$6;#k3n01!#P4g^Fc
zWW^(y?GxZ`J1F;wiC6Idqud+je<^J6NgTiJa&VRvJ869H*sVSp0LryqZq5N|12d)G
z83PU)x!*MS&GeLamd1MZAui3f#s>AVDv`TMnB8LEh2<yo1!Wp*j^&^x@-6edqUW{o
zuNVuJNEW>uXfqeXX8UJSGK)cSj-(#L1_UM)LPI8ubNc5%cTHybw<xG+op$l?IhZ?A
zc0Z8+J8&&{<G&K9cfJW?pjs2MhP_Dfc^vb51XR^JUtFSDn1aTWRlYw%H8hJM8Bca_
z8+Dj8)j|asMOZN&9sd5rKTHG3S4Kl=$35S>tD-HLGb1*?Jx-i!z$3x^pU09IdlEd%
zkn~TjW;|~3N8M_GYb_;c35*S_K^y63yA#LFb!o_F1=pyFuS`)>H-Jt#M(rSpaQ9oG
z(X^7p%dd8Ab1*R<N9+R`m8!S`5HDG@I5&~uHgge&d<<`UE^R`dt=x7DuqD=I2_9{u
z2+l7B%bXBi6T-TdJ$XZ_M7B+R(H-NI>H?*s+k0#~#tImAB)Cm$;o`pJkiW-;V6CIp
z!F0drUmh2$R(yS$LtDv|1qF2k2Z$-8PB$>$(aXWc<%!g}Ni>PhxxGhoXu9094QY<=
z28lv<V!r3l1B<-wyK*lMVt;0pNI>=NdT`&0$nMuhFbf$#Sm{xg=|gXHf{F2VC!@*N
z_1E51GwuqNEZbVXdhY464&2pZmmh~hl*B;cq4>1XG03!H{6Z`@yU7Asx{Wqj1HJu>
zn}@$vNH&QVW7~s#ePck==N+!VpAI;HfNW+qF>M?=yu&EWTDN|h^p@pHCW#<^P&Tc4
zG6O>9r#>bIgdSJArvH!LXUUeJ_vBLH%#WI0IYzvOs;vk1W*7b(4UB%lqgWjBdvxQv
z4f4hmvL7t9ZP>pF9GT!L3bVrg3b@5MGsiqN+@a;0MDv9p0;=ILX-My;USA6b&$^9a
z6ws4ZeA@irsh%m*^*_>=IC<u}MW<$O1W}Nmh`GA{3fDl!m#oylwODeMgqgSLeARKC
z|252n?k4;P#$-^~?anVUj@3%*DpRvk!|BblE{(E~EW<N5j~YhI+Ofh2uXA1m-rffi
z6L~v1;}<ug-xGhUGcSR5{n3!S$cJ{cWxQMfMIY>*{Akq~T~0^LcOnNqKuOiW>S4t@
zx<8_`sP1J2=pAO0ww@p#%k9)eSHCUiwQGt!FzgBZmr|_wk>+SAmU&)%^iVjWtAbR3
z78)8hrWCeG!!k-RCfWzQQ|LBPu(nriM}6Or9~Q6GOwC*+n{qH3S`%DB%~Ni<Ajvj3
zT}M6XFN_|19%|V)yU>{+G#h*k%RY^6;B7du9a@W+I0>IEx7c23Ss>A89(&jIrO>1`
zjPKUYl_dF9Lsdbsp>w?vKMl!l4-YCx<Xrp0gXPo&1k-HPUa}@ON+g0+xvNsphd(?s
zHgHo#gFX9g)(dJtqpLv2C-Ug2`P3ArtM8Via<VJteZX7&d~vpOjc3dm)!azs-Pfun
z+KeW(C+#!V1>2ayY{bX$MugspU8FEO?7G+UwI*z*OQlX_P*r!oj#eg`;w8Nvap%Hu
z|J7%gFlub?N@gh*+&K)5MOQ|yx#CuaLbB`;k&o%xf7+rr-7V$&?Rr{fPkh<;O<x~v
z30=rZep%&n<WQt5j~qIV<&rKP_}mJ=dH3P*Q8JgHZY>u#EnOyTQSmIWJ1~U;*Xa{Z
zd^QmLJa@$LbO?J%g!2Fu|DrlV5YIv{)JF<@{AuWB@8z#=LE$NRGx(E5V|vrktu&;g
z-?2oGpRYDb!&H@lpaa;ftseDH@V&~I8uB3SB`gfb$KubiYW14yFaeP;`?(8Nq(a6(
z_NcZp>VDY_N?S2i3+;8?2BGVt!2lckDOci6nqskL1ig)bfJWdJun@N&esvbVOY<;v
zH&1{B>$v(p(yG(IBbizuFeHhDYjRf)d@zfAuGU_;XPzGb!Q2p|u)|PIU`OwYj%1hV
zt9{qEe&nDAjL>z4bC)ockj(fqlRuySuyiOPlY7s1yMBYFy}bJ=KkZLO>dq2AvQQp)
z+MjHSyEZ!w#_FQ)Zs`3Kx4g?98s)rv?OatZ-@2XvNQ2VG`|e32@7;*V*$%0&>)<_u
zF1@a8z`*I@G0DFf!y}8GUl(K48S`H@d&v3(0<&9(_}O+$sc?65vQhAbN{6}Pk)D1#
zu5hyZdf|va)etQ@R8SHh1*tCoUKBqtU%#J)!D|dR5l5`wL&ycih>}B-jjx9N)=Tdx
zHrh^JKu{7VJe3lca3DHnUlb)NJuZq86PL6HfV7hFIaPf84l1?NzpLA8f&*X^qSYQE
z$%N#cuMLwZZir25By3U_K<Rq(>S<edn?W0{3t@@3T7hXj&7?UO+d@SO;N|Y;R_(&g
F`Y!-AS8V_Q

literal 0
HcmV?d00001

diff --git a/assets/ico/apple-touch-icon-precomposed.png b/assets/ico/apple-touch-icon-precomposed.png
deleted file mode 100644
index 4da47e22ce3b996fcde039ff23211f69d5002ada..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 539
zcmV+$0_6RPP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F80005vNkl<Zcmc)M
zL$n-07{&3}wrxAv#J0JOma%Qywr$(CZ9C8S-hVMRs%H9}-+21oW>q{DOSPv`8R_B$
zYa#p(Y6T-WEe=5N5mf^foDmc7620*mlW`pfQB`Mncl^UNq%nN<9<`AeP4E@lkyKS^
zd{o3KTt^9;@86+@&1XyT3SE%K+rZMej8g_zAO=Tq97k{(#}JO2IDpeQiNp8`!Ao2~
z4{wffJG8RV1l!RD`_KgS@dIn{7>&^iw%Vekio-G4@I1rj5cI?OKwJUSumTS(K6{UW
zxS%p987iU@@}e?IV;TgayFf97AqMji3&C`R<5!>yh(Th@%Ts58{J4hO7=k-^fMytr
z5xVz4al}Bd7-BFFf>_-J^5ZdHU<6*_HHP2~9_ubp7Z30d*YMEh^(*AmSztB9jk#J1
zu%e_m3UT9-t^$d$2ja#torj>mP1phS#c+(nT(m?&Y(i%oSAE}q3BeU~Lo~!749D>a
zU-1I1RTqelrDy{2P$rcHCg2JFK|C~1Rd`Q`54Nhh3JyYiuuIi_;0VMA-;h&9iQy0*
z{6aw$1rlQs#7hrUUy4~!8wVjaej@}i2EUM9*JLy$7T^`$VLfu740@t7QtF-&CqObJ
dM*<b=j037YCfk7ICA|Ou002ovPDHLkV1m<b<_iD-

diff --git a/assets/ico/apple-touch-icon.png b/assets/ico/apple-touch-icon.png
new file mode 100644
index 0000000000000000000000000000000000000000..6ca3086cda092c301de32452d0dd20ddba9b3389
GIT binary patch
literal 1244
zcmV<21S9*2P)<h;3K|Lk000e1NJLTq006WA006WE0{{R3&*K{b00004XF*Lt006O%
z3;baP00001b5ch_0Itp)=>Px#8&FJCMgRZ*HrxMK;s0pl|Ap!Q!}R~)`TwEr|M30)
zts>jY000C0Nkl<ZXx{Cc%TwY&5XQ4&Fvp#Q5Rb(2btI*wSF=!yN63nJjH^bEM6u!#
zELQ*R%?v^w1j1&z%g0V10#;c+lb)}?>6wX=BtnD;5hA`|Y_wWf=n_%!(AuZG>(7XO
zCh8D}ESrQJp^(cK3F8!jtk{Ib6Fk|UkcrxcMmuC0nhQ(5qR<DT(yUZKWiqDZpP{bV
zSnfeuUMRazceG@v0?7`XpsfjxRpTpr04PDz1RKL?p<lyEkjbv%MjrADOoCK)T03q}
z4v++??9_h3`J(6Gm)&W~RA<@ek{uzD-9>&4Ai*ReHWeiPWMLmQGH01FpTjCC$4E?I
zvEeNc_bHJj=SGJ^-gBi<O3aNM61<*!;#7;H{G$Zr=35My?GKu<2on_lvGqWIWjp+~
zTFOhLK<uxCUKi+8nRuzNPs59OLBEELnfIG$-dq$kK|36N#hm%|8eoqt&;tDx(bjQm
zFd#T+<`OswdDO0S9|wI=S^wU_LYFo_0eWKDcjbu{gQ6!BjXq)@by&1&SIh%_6kb%j
z28-6e)oo87)%?3ksRpW$6dF?34E-`igH~e_-3w^A80gdn(SM8faL}ryku80snOnrF
z!=e*~4vJp7g~*5AIHb#oqcOcU`VWofVWZ(<Bm}k^jZxjc(MS9CxwcjdFQsY+rO+{*
z58SU`1o~Za4XBWczhedZNVfvjso5>nG3@q-uf}qh#)Zs2+U(jLet745-kOg(4BF4w
zJJ3PUO4hc727=zm-12BcptE<M`Vi>LOmqzb-N{5(A<%v%T8BW}nP>w7ZDpb>5NK1N
zSIM>U!4-n2>kb||;UQYk?e=~^6?)wH_Sl@LoB`QW%&&Js>`m7jN@EyPEk{}&O0P5-
z+pgr$Wr5sla?Xu*WdE;|`qA1-)THpBFK42V&FKCm<#rI9OOnI2Oq$(vB=KEIrl}#v
zL*;;H@5y?b#A5@hde&4ke<bdVRI`g`m#YDj8RMi(7PbwXHqu^jW~FnXX_D1pwwVys
z<zhRB!Q%qsPVNZsRwZagB<ba*w+PMm8j*5lE;&u((TH-t^q}s9XB3y80d7Kf*dXKR
zqoL)zLs0{`cLzaR1S=uA`6!OgKcugsrMkF3`FLm>FW0#ODQ<mc{)+^Cz|}ucvRAn4
zDq5}!k7K?<3Y$p2uGvZtry2{ROL%A*FV`zb#K5yY#JQk`HluU&IC*^t;b?;$9PO>p
z^KmU_Sf^@YbgHbs_Qv2HPVS`8=SL^jjd~}x-M}Al5%#BV=<~j>J6Ahle#`7t$zvCU
z9PKPj-YLBa9?!wfG^QfK_#cQ{df)1kgc0Rl&~+sdB1DJ~@viX~_~ejZP%ZIJ00012
zdQ@0+Qek%>aB^>EX>4U6ba`-PAZc)PV*mhnoa6Eg2ys>@D9TUE%t_@^00ScnE@KN5
zBNI!L6ay0=M1VBIWCJ6!R3OXP)X2ol#2my2%YaCrN-hBE7ZG&wLN%2D0000<MNUMn
GLSTYBJXCc6

literal 0
HcmV?d00001

diff --git a/assets/ico/browserconfig.xml b/assets/ico/browserconfig.xml
new file mode 100644
index 000000000..f9aefe5b5
--- /dev/null
+++ b/assets/ico/browserconfig.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<browserconfig>
+    <msapplication>
+        <tile>
+            <square150x150logo src="/ico/mstile-150x150.png"/>
+            <TileColor>#2d89ef</TileColor>
+        </tile>
+    </msapplication>
+</browserconfig>
diff --git a/assets/ico/favicon-16x16.png b/assets/ico/favicon-16x16.png
new file mode 100644
index 0000000000000000000000000000000000000000..192339c2468026a16676f7f4ae32b81f9883c6ef
GIT binary patch
literal 378
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!73?$#)eFPF<Nq6*hWMJ6X&;2Kn7072S4sv&5
zSa(k5C6J>Y;1lBNlUZnb`#(YSd+qE?KrOr_L4Lsue=FqMPMc=%Oj`FSEX|MW4N!u!
zz$3Dlfq`2Xgc%uT&5-~KCV09yhHzX@PGD$a<`GB`Nnu!adv5n#>4uU^I!jNi%2W`1
zmZZLc=lsW$0&LGG@o+SsWYxMPwTt(VhlofJlku*_P0O51Sh>6!C9gF#UE&omZEE6F
zV5?RLX=%*7nW(_Y@aU58?~fNx+y>eeUKJ8i5|mi3P*9YgmYI{PP*Pcts*qVwlFYzR
zG3W6o9*)8=4UJR&r_Xpk4Pszc=GIH*7FHJao-D#Ftl-jMayW%qd2@)u=^Iy09657D
i<_P=g29E_^dJM0`1xr3TnN9^-!QkoY=d#Wzp$Pyl0g4U)

literal 0
HcmV?d00001

diff --git a/assets/ico/favicon-32x32.png b/assets/ico/favicon-32x32.png
new file mode 100644
index 0000000000000000000000000000000000000000..25c2aeeb1c65b807ddbdd78b1e76b9e2c774f566
GIT binary patch
literal 525
zcmeAS@N?(olHy`uVBq!ia0vp^3LwnF3?v&v(vJfvmUKs7M+SzC{oH>NS%G}U;vjb?
zhIQv;UIIBP0X`wFKADB4xBufu9b8&1K=nK&L4Lsu|5zIO9k$F(R=)Il7v~IKpg3oN
zM`SSr1Gg{;GcwGYBLNir?&;zfqH#Vsp`mFek4A&%!8x9ckq(W?+XaP<=9flBmNEFW
zczQM(?>;yu`8LZAJ+;+rtio!2M+5eGb#9;0d0I>O`H{D535==fkH39+5_;NK$44rm
zZIheXj3r8U4jef0>du2nr<N>XF->`PW~CmZhnB>dyWXb)SbThJOhhNJp7AkqQeUvD
zK-2y5qn@l4(Un$R3)eI`Y+z74aD-9lMuV2ZUO~@>#^8WkH*PFoK6$~Z)5URm>NE~U
zQQ--ii#iPEZW2&YX!~F{LtlfHKVXA(1JjCk3{4EIDbtx8nQdOlC^88P%rj*E=sIEX
zu7C}j_b_&@KO)KboPl9cntA(|ziWVD!4O^*5>XPASgue|l%JNFld4csS&*ubSx}P9
zz)&&g@h2XR!Y~buQ~syVcs>ncU{>bVOXe0<7WSSj!Yr)d(qM8pg;{xXh{EX`S56!`
kb42C{`{@Rc1zvg#ufzpQJ~^3A1zN%2>FVdQ&MBb@0Ox$i3IG5A

literal 0
HcmV?d00001

diff --git a/assets/ico/favicon.ico b/assets/ico/favicon.ico
index 942ba394b6226ccd43c26f698566e2f16a2aeff3..512d8b51b01f11d260fb65e5e3397f0740c38084 100644
GIT binary patch
literal 15086
zcmdU#v2PSt5XRSXBsY<urm-awB_(o1lp>O^;!mKUNhBKn1PUaah7u&#^hpCvC{o2J
ziR2=YBGCi|DUgtkhKK?pj5ptJ_kF9m_3qv6-R<7xq+#aGdo%ORym`Bim9uOk+srOp
z$i#QDZ$8YjPqQrB*-7KGS@wr?XT_Pn_Fk6V(t?k*Mkd*pBJ{=YgOc^}Z~psdiah?S
z>+0k2)x(UyU>r%lA$}x!oH*li5sk)`P1Fx5gCWLCn82Mk5V`D%$OZXj;`hYIa*ICu
zmWeI8BDy33OA~hMz-&2k^t*jyt@~F@YT1S<;+sWgPsaAM9&edr#X1npf~(7#D`4z9
z5BaB$yWpC2?LnXTT^DisW>!pH*4-Ege;>U=o|gu~-$(tAz~1LC^iLoC-#h+T8|AX>
z9(o-84<V-<mi7F<Hw0$KsPz)>-$l>FAkTjA2khXc{=7S9xj(c$O9!iczz*JshkF}$
zp|*Y^N6t)~M`qs!y}v0QcVF;C{K()V2jc`E#F%`sV;-5kLk9mK&mP4o?pNaV+Q&TD
z2e7fm1V-}k`)OA)HgN8&L*t+Itb#e_=KH~_@zW0x*EHFA{9o}qzjeV+e;ZR5zS8~=
z?=GGje*VxK?hniLF*&l{=YJ*rZ~W;U#vX7EILi=Y%k?qqirOdJmEji-*AR?6`ylW^
z9$Od3#r<H-@W*<Cf6{mz@w?8hf1P_Cz83g>2EY^g1>A95;FT`!NA-P2`dtxc8qV55
z-oL4L+xkDA2Qc|rS*&;7Yu5kN-8HVu+<mC8sk&n(-8$4C%#(<_T+tum>)8Ls&K~%E
z5Ov7jpS8jt`#H+O>+?bXP<!XIcKE?+O6RirrY}AFLH|(yf;&%*cSS4df8#WkIu|b2
zAN;;=R&ug$#E-4*>wZ0+Ht%)wa{CvrFh?1`8aLvfH)a<*#XgtfgQ1OBL*E>T>M}Ou
zM*qO+E$*hQYx7svpL(ZE%R#=~7vLiHDyj9|I71%P$^S2poV<MRr>1^?#Wj{)e{86&
z_2$;$hdSYxwVtouh12kMnU{ZZI}j0*o~Z8p(U0`tV@+cn(Tn{5Bm6BDul!Zd%_tkA
zbl`LC;KkjIwX8|=r|>8JDZ6A-#dMrLxG|=f^oe__s$&EGxNoeF@4C)sb<w=Y0ZKU_
z`^*>EG_Lwba?Fu+(Qa_;F?VB0c~E2S6F!fTqpx~A+C_h>k|Q3;)ZS-v?2N~CtHL@d
zuJNTDPMzOLw(B&P@N*U#pP%c5wGE5+qHTT=eO~<ZoX+n^5<l5IQ}E+#tKiSF&4TY&
zd}C~!Rr>n6a{MsO+uz^G?+@8_;peNZ*QLL=UzdEd<XMgHr?L6d*X6p0TP1&cI6nUA
zW;r&0lEz;D%NON*ew6rciRU%`q#RRZ>T`Va@TjQM-r*g1e&_qWf<OPRz@Pv7ZOM<f
zN}iW_=J{b7o9B%AJFOkjNL2lumj0Hj%a8srVJG>#Xaw)#XVJ9@!(H){Kv%&bLJwVC
zG)~=KKFRgA=z%E4Zj*1<eat&faogfd(l5L>icQ{=VoaJV_CfZY-}|-^XKyFPm^3${
z=JwU4{<aaHH~&Xn;<c>>hv<=LQl3q7*mSOY6At;|Y|;B&a6D-8HII%wQvChIoARye
zM#RE)o|w@_KH~F+eyl$OsEzBx95@#~dkH_akGZ`_{#^^=?x(e2GrkeJd4KX#)Ghgo
z@hyV`V*G+Q;>JV`M)Sr_zNW=Dj$Yy$J9&s=tR}fQ>&wjF@l!3>V`}R6TU{QdbxW&%
zEx!Gl7d<CDaA>Ibj%V(A3=!Ywn%KykGkOCm&bqkk!+e1$)^T1r__cp95TEDbc{sks
zJ>N%sd=l3+w_L^QF+MrgX_WAQW7Jpv@;&zc@R*n)VpDV9a~MOhCe^)J`bq}xB0u>e
zK15v{A1q_>7mNX3`-GdWN~RCU)0{c(2PX8<78{QXywk90J@Ls0U*>-25ZnHkgB%;Z
zZID@8yeE==e_HIedD*)r#B$x^`MZlP>k=n#)`DZKm)c@PJvNa%Cms7vUev=lio8Qy
z=2&w+*cJXfo`=g{m51b!i2R7-UNEka{cEnWv2IZweM+Xz<O@}`mb~=15jXxFBgL)u
z-}<<|Pg(KkiE6LA#?r@vJpXY|pA63A#|?BM-AT5cACE*EPet%Vo8qQz$&kkRt3>)l
z@n&aZ?@cBLzkV+LCwYFX&p>>-$oE8f&UXqvOYDfM?-Vocp7Opfx-YsYx-8n3o2fso
zyC(Ws^sYvKY5e{q2bw2V-7bzVPO;yXJ#nIq<*D)UEn9MJ!he5K>}30XijO_DgHy)?
z(X|=uoASrLpc(9mPfQaz<MWp2`ZW8L1F={Sft#9kvB!qou^~2?y4X{Hh(78Z-#N+_
z-1wLozt)1+`$Z0}J@qX1P#isSYcFb!oQX}|bsXp?o`YHrU~nJJbOvp2F8j-toA^6@
j(|oy?WzP~J|9MlCm;4{e&qeP<x#-nLlAo3`-$VZcraD1B

literal 880
zcmV-$1CRWPP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F800006VoOIv0RI60
z0RN!9r;`8x010qNS#tmY3ljhU3ljkVnw%H_000McNliru;0YZCBLK~j>6-um02y>e
zSad^gZEa<4bO1wgWnpw>WFU8GbZ8()Nlj2!fese{00P)aL_t(o!?o8<h+IVw2k>9-
zOq|6iDw+s-Q4jABQ9>ZQEhvHr5f6&qJs1#CL=ZKiIpm;%N(2Q3jd;+5AP9;dD-v^%
z<nZD}Pzm9Q7!0n69%3+>$$qq#9(W8pvv0osF!Y=5_o}L^{#9Mg1c+7Yjk{x&E+0q6
z+$74&BJ}=#jh%I)nj(y=I4imgAK-5Mj{C|Y9G{5?VwLL3uf&V^4u|mv-p8A<N=vay
zi~V7m*nqMKJ>?JK6fVNfvIwtX6<^^Nyn)YRl|G79>eRfoA=;b7wl^2B3kPv27Rw@>
zsJ)V~Ru*9eOV}Q(bO<M7mG<LvoZU!%7~t-k@DBdVQx{_)KOfGXTSEscxD6*V54K_*
z7qZdY@Jn8MuPnl$p&rOs&bwXho4<g)nRpN4^=!Z{{D4I~kqzrd3nv@r_K@|L^7v|P
z?sTluld($2MwLIe5!p6DD^}@U+|`%PttM&RFTXv+(s|sNh5m`{IG>mIni7Vk;dMBM
z<9Irc-)DomI5TSl235^x%OcE|MYtlT=R{}^S?l6QY{74N_igNnRa(GGS%l|jX~29=
zuQ`;sInVFGW4ZXu)PVE&spf%GISkAAwN|8N#(^7hwd>-Ztngplk8|k6DqTBE4?KV!
zn|%Ka9-q1gVwF0$ros2SXBC3AhB5wUCLt(`uo|m$G{?S&B^=2oV<&e*M`D#)IEvHb
z5OWv@4&qT<k8klY-pVz<mnA!Da|?KCP){*ZPgrZc0^Y_a_@d#awv|QrYa$NRtbYNw
z<HHfWdSEJbAXe#NJck08j3D#sQQGrCY1qcSV-kBy!@gpu2U<0<jfz`GsgQ#>(9Nke
zZfeg@<1BbNr`V`iE{pK<Gz?fNi||M$)gAb9gLnSU2h@80oxz=>kT5j8fW|6q#Vh$9
z*v2>5hpY09=qx@hi*Rn@LNuf>&E+duK({QydXt;gF#HctmjyD~9oB{b0000<MNUMn
GLSTZ4*O5E`

diff --git a/assets/ico/manifest.json b/assets/ico/manifest.json
new file mode 100644
index 000000000..e753aeb6b
--- /dev/null
+++ b/assets/ico/manifest.json
@@ -0,0 +1,18 @@
+{
+    "name": "Portainer",
+    "icons": [
+        {
+            "src": "/ico/android-chrome-192x192.png",
+            "sizes": "192x192",
+            "type": "image/png"
+        },
+        {
+            "src": "/ico/android-chrome-256x256.png",
+            "sizes": "256x256",
+            "type": "image/png"
+        }
+    ],
+    "theme_color": "#ffffff",
+    "background_color": "#ffffff",
+    "display": "standalone"
+}
\ No newline at end of file
diff --git a/assets/ico/mstile-150x150.png b/assets/ico/mstile-150x150.png
new file mode 100644
index 0000000000000000000000000000000000000000..f3670168ab6e9ec34033991ac9fb0c642c56aa69
GIT binary patch
literal 1361
zcmZ`(dpOez7@kL^2g|J()|z%=shE<sOdgtMt~EO@kz(c6j*K0C+FasP6wO`Q&Qeb9
zxt_yQoE*$ub1=;%LnF-Xj1eJco&WrC-sk(C?|HxPeZKdv?@PSwga<3?D1tyBFu@i_
z1cBrZe9t}dvd*LDlUcH|$KT4)3IwWTDsB1fm2tT+BHkKQ#)Hnvi0)+vl8r+kb?1LD
zm8dx>lkKMwom@bBNRwfD++0+CkG*W|H3H6x1Pm{*d%}j%2iuP6oO6rp>-H|Hj%9-X
ze!_ILu7h?EpTUMIs0>P$<M^O&#j3ws)%)^s)W}7t>FAPwYm)W>#%GTu3xb-Dvdm-`
zMyP6Wj_k%)hhWB2p1|OA<0*-1XS`?b1n%@K^=@)e#_2=cqwMRpjxPI&VApJnz~OR`
z*YW$6i~{eaSsa@F3LznK#D(nC#00xs`~#lnS-Ve$1$_y>v6bBDGo^Z+!joi|)zP;c
zv0>VuCYBq$Jx66xGB<Q4h}GlGbK<9<MO_!#T1sN!bj)Ub=RkeW6ox@|y*X$9IGR;5
zs(q*fW?jABd24J8AnBi}IrS000?&?k{9^MXCe7t0MPgKPq~)j7PBE{2W=4Ex<f#^?
zY<kfnkiNLr+5lhswZZ&^(IjL0bKcj|(OI^oKg4j^GCdS{x_skFZHM&8&%c(iG=_rP
zX>(`F{mLHDO02JYY!|j;Vn`uiKC?c7Rx*@1pt3L#92G>sLa;MfFD|)X6z|3w9)B^H
z4~8Y%thelAI*&DJWdYDDk<hyAwy&Ya^bCor!RY{kb1N0Ka@=C8gTY_zo3&vLih7nr
zTEZqvs998#M2}(oWqrZ1U&UA3eVlssiWKq(o>eX|{v8%vNy(F<q3Uf2hxnpwoQUQ$
z+bH&dJP8sXtJhye!;oIvp*f?9#nUeh4s)V&Hhx)Anb<MW-4HUa-r?~V%%9hnH3asp
zWhcK4wvVYq!T=+CrXCf0m7p3aw)6XjOjS!&*nwVfXtDz6n;|ZOTHFegh{U$$eb9_B
zh4DmDjoJnOj6Y;rs6PXs3zUpCBzC!`p@nWW(K{+xx0`6pH-}wJlc+5K?6gVy3X$Z4
zI<sX51FK0=@gcmU3^38TEAE1RDFd}`s$X0%_pQ%0$_C{vP&(ff&5{CS{@bYcZE<fD
z(sheB+5}sJ?u^fq{$Rs<6Oo}D)XIFqea#}p0tu?9@<j7WQ#7ZPSC#voO^tr^njHR)
zvwa-1xat<^Ldu{w_pg@5b#FLbOQts!;<HR1%X@tAS628T7`#~rOGKR{7QH#v-%N=M
zFoVwns+qt^<=f~Z@qOu<5446`Hb&Cqe9fTS2274LNl+PDtgjF>c0dJYu^<t$6)aQ2
zxuO8(!$#`WD&h5r^YIf%k8>$Ng+()e1`S>VAoE+icX^C`y4^wmLP60jeB%?%GhGj+
z^d&-UthTGp!CJB5U(yp5>onYngHbQ@{<7>{_vf0=>zaq}lmCQs?RL&7OnMH1`3bJD
zG2YW()R_%W15;l|+SU)7kn^dd$pidry`hT`ImVAY#Qc~vgou7A4!JfvnWJNz{4nM=
zt|8FNsJ0w~_-0-sj1HJ;@C>_uq8%#@Pr6~YWyBg<W*+|UJMFsm-J}6&393%gxs+Xa
z&qOwHyGwGX5q%=yA)$Bt0x7rPw8)TK@W2on83Y2@qGjd%R97Uj)48jgFhvB(Bb1ED
zN*V|a`}BkI8gN{!Y4c5aL^TQCHOO!0c5|Uzg|1lJTstF>SWAtzY<)KKyE(ze30G!)
GBko^FBaHa~

literal 0
HcmV?d00001

diff --git a/assets/ico/safari-pinned-tab.svg b/assets/ico/safari-pinned-tab.svg
new file mode 100644
index 000000000..79ce7b6fa
--- /dev/null
+++ b/assets/ico/safari-pinned-tab.svg
@@ -0,0 +1 @@
+<svg version="1" xmlns="http://www.w3.org/2000/svg" width="420" height="420" viewBox="0 0 315.000000 315.000000"><path d="M163 13.3v6.4l-38.3 22.1-38.2 22.1h-34c-2.8.1-3 .3-3.2 4.5-.2 3.4.1 4.5 1.5 4.8.9.2 16 .3 33.5.2 17.4 0 31.7.2 31.8.5.1.3.2 10.3.4 22.1.1 11.8.3 21.8.4 22.2 0 .5 5.5.8 12 .8h11.9l-.1-22.8-.1-22.7 11.2-.1H163V204l3.5.1c1.9.1 4.1.2 4.7.3 1 .1 1.3-13.7 1.3-65.3V73.7l3.3-.3 3.2-.2.1 66.6v66.7l4.8 3.1 4.7 3.2v-69c-.1-38 .1-69.3.4-69.7.3-.4 17.2-.7 37.5-.7h37l.3-4.6.3-4.6-8.3-.3-8.3-.4-37-21.4c-20.3-11.8-37.2-21.6-37.5-21.8-.3-.3-.5-2.8-.6-5.6-.1-2.9-.2-5.8-.3-6.5-.1-.7-1.7-1.2-4.6-1.2H163v6.3zm0 34.1v16.5h-28.2c-28 0-28.3 0-25.8-1.9 1.4-1 4.3-2.8 6.5-4 2.2-1.1 13.5-7.6 25-14.4 11.6-6.9 21.3-12.5 21.8-12.5.4-.1.7 7.3.7 16.3zm28.6-5.4c7.5 4.4 13.7 8 13.9 8 .1 0 4.5 2.5 9.6 5.7 5.2 3.1 10.5 6.2 11.9 6.9 2.1 1.1-2 1.3-26 1.1l-28.5-.2V47.3l-.1-16.1 2.8 1.4c1.5.8 8.9 5 16.4 9.4zm-55.4 40.5c0 4.9-.1 9.7-.1 10.5-.1 1.3-1.5 1.6-7.3 1.5l-7.3-.1-.5-10.5-.5-10.6 7.8.1 7.9.1v9zm-12.3 23.9c.1 6.6-.2 8.5-1.4 9-.8.3-1.5.2-1.6-.2-.4-3.4-.5-15-.1-16 .2-.6 1-1.2 1.7-1.2.9 0 1.3 2.3 1.4 8.4zm6.7.4c0 4.5-.3 8.2-.8 8.2-.4 0-1.1.1-1.5.2-.5.2-.8-3.7-.9-8.5 0-7.5.2-8.7 1.5-8.5 1.3.3 1.6 1.9 1.7 8.6zm6.9 0c.1 7.2-.1 8.2-1.6 8.2-1.6 0-1.8-1-1.7-8.5.1-7.3.3-8.5 1.7-8.3 1.3.3 1.6 1.8 1.6 8.6z"/><path d="M61.9 108c0 .3-.1 5.7-.2 12l-.1 11.5 12.2.3 12.2.3v-24.6H74c-6.6 0-12 .2-12.1.5zm7.1 11.4c0 8-1 11.1-2.6 8.5-.5-.9-.8-8.6-.5-15.2.1-.9.8-1.7 1.6-1.7 1.2 0 1.5 1.6 1.5 8.4zm7-.1c0 8.6-.3 9.9-2.3 9.1-.8-.3-1.1-3-1-7.7.2-10 .1-9.7 1.8-9.7 1.2 0 1.5 1.6 1.5 8.3zm6.8-.3c.3 8.4-.2 10.7-2.1 9.2-.9-.7-1.2-3.6-1.1-8.9.2-9.2.1-8.6 1.7-8.1.8.3 1.3 3 1.5 7.8zM89.4 107.9c-.2.2-.4 5.8-.4 12.3V132h24.5l-.1-11.3c-.1-6.1-.2-11.7-.3-12.2-.1-1-22.7-1.5-23.7-.6zm7.2 11.2c.1 8.6-.3 10-2.2 9.2-1-.4-1.4-2.5-1.4-8.2 0-4.3.3-8.1.7-8.5 1.8-1.8 2.8.7 2.9 7.5zm6.5-7.4c.4 3.9.3 15.7-.2 16.5-1.7 2.7-2.9-.9-2.9-8.8 0-6.8.3-8.4 1.5-8.4.8 0 1.5.3 1.6.7zm7 .5c.5 5.5.3 13.6-.4 15.1-1.6 3.6-2.7.4-2.7-7.9 0-6.8.3-8.4 1.5-8.4.8 0 1.5.6 1.6 1.2zM94.3 134.8l-5.3.3v12c0 8.8.3 11.9 1.3 12 1.7.1 15.5.1 19.7 0l3.5-.1-.1-10.8c-.1-5.9-.2-11.4-.3-12.2-.1-1.5-6.2-1.9-18.8-1.2zm2.2 12.3c0 6.8-.3 8.4-1.5 8.4s-1.6-1.6-1.8-7.3c-.4-8.1.1-10.6 2.1-9.9.8.2 1.2 2.9 1.2 8.8zm6.6-7.4c.5 5.9.3 14.6-.2 15.5-.4.6-1.2.7-1.8.4-1.2-.8-1.6-15.8-.4-16.9 1.2-1.2 2.3-.7 2.4 1zm7-1c0 .5.1 4.4.2 8.8 0 6.3-.2 8-1.4 8-1.1 0-1.5-1.9-1.7-8.8-.2-7.3 0-8.7 1.3-8.7.8 0 1.5.3 1.6.7zM120 134.8l-3.5.3-.1 11.9c0 7.6.4 12 1.1 12.1 4.6.3 21.5 0 22.3-.5.5-.3 1-5.7 1-12.1l.1-11.5-5.7-.1c-3.1 0-7-.1-8.7-.2-1.6-.1-4.6-.1-6.5.1zm3.4 4.8c1 2.7.7 15.2-.5 15.9-.6.4-1.3.4-1.6.1-.7-.7-1.2-15.7-.6-16.9.7-1.2 2.1-.8 2.7.9zm7.3 6c.2 7.9-.4 10.7-2 10.1-.8-.2-1.2-3.2-1.3-8.3-.1-8.5.1-9.7 1.9-9.1.7.2 1.3 3.1 1.4 7.3zm6.9 0c.2 8.5-.3 10.5-2.2 9.7-1.1-.4-1.4-2.2-1.3-8.2.2-8.3.5-9.4 2.2-8.8.8.2 1.2 3 1.3 7.3zM61.9 136.7c-.4 9-.3 21.6.3 21.9.7.4 13.9.7 21.1.5l2.7-.1v-24H74c-10.7 0-12 .2-12.1 1.7zM69 147c0 5-.4 9-.9 9-1.6 0-2.2-1.7-2.2-7.2-.2-9.6 0-10.8 1.6-10.8 1.2 0 1.5 1.7 1.5 9zm6.8-.5c.3 7.2-.7 10.9-2.4 9.2-.4-.4-.7-3.5-.7-6.9.1-10.2.2-11 1.6-10.6.8.3 1.3 3.1 1.5 8.3zm7 0c.2 4.7-.1 8.2-.8 8.9-1.8 1.8-2.6-.8-2.4-8.6.2-9.3.2-9 1.7-8.6.8.3 1.3 3.1 1.5 8.3zM59.4 166.7c-3.1 7.2-4.3 13.6-4 21.2.5 12.5 4.9 22.4 13.7 31.1 4.1 4.1 5.4 4.8 7.2 4.1 1.2-.4 3.9-.7 5.9-.6 3.6.1 3.8-.1 6.8-6.2 8.2-16.7 29.1-23.3 47.6-15.2 2.4 1.1 4.6 2.4 4.9 2.9 2.5 4.1 5.4-3.3 5.9-15.3.4-8-.6-14-3.5-20.7l-2.1-5H61l-1.6 3.7z"/><path d="M118.5 202.8c-6 .9-11 2.8-15.1 5.7-5.2 3.7-11 11.3-11.9 15.6-.6 2.4-1.2 2.9-3.8 3-9.6.2-17.3 3.5-23.7 10-6 6.2-8.4 12.1-8.6 20.9-.3 10.2 2.1 16.5 9.1 23.5 6.6 6.6 12.5 9 22 9 6.7 0 7.1.1 8.9 3 2.6 4.2 7.3 8.3 13.1 11.3 4.2 2.2 6.3 2.6 13 2.6 9.5 0 16.9-2.9 22.8-8.9l3.7-3.8 6.1 3.3c13 6.9 29.4 3.7 38.8-7.6 5.3-6.5 7.2-11.7 7.3-20.4.2-7-.2-8.6-2.8-13.7-2.6-5-2.9-6.4-2.1-9.3 2.3-8.9-1.7-22.2-8.9-29.4-9.8-9.8-22.8-11.7-38.1-5.5-3 1.2-3.4 1.1-5.8-1.4-5.1-5-17.1-9-24-7.9z"/></svg>
\ No newline at end of file
diff --git a/assets/images/logo_ico.png b/assets/images/logo_ico.png
new file mode 100644
index 0000000000000000000000000000000000000000..c233495c2ee7fea76a9f9ef4c0d5e17e2d00c18b
GIT binary patch
literal 7174
zcmZ{J2|U#67xx%DGn7Wgo?9t5vL&)s>dKW-WDhge?2|HPtRppwTNI75tC-7J23f~4
z_fA6y6~kDDk!#74iBOT=$Nhgk@B9AW<->eto@eHHo^#G~&iS72`Q5vOvVuz}NI)PE
zxb=l|_7I4G$?i)`1k5}eSMLOGBHlJu=O90K{|Z|v8DK^nd%^Vv1R}X__ay+y&P9Sr
z(VNz`=S8Q)kkZ03x=ES48z=`}ak*(39vbQwb`uOC5X%TZ%uPSv15trDuN|<mw!P$g
z+)oq&Q4F#^cjgLybeS8KdDyYF;d6i;)*pFV?*jgzPEO&Yb6U4}vWJf!I`~1hD!NO%
z@E?{D<ABH^@#wBIRpY6JN39>VIb%e|&+Toz#VWK!AhE9rB@-59{v%4w0nPO9Hw*Z&
zL&m|;&CS$>?Tu5D6I)l7e@#DR{pf%GiyU@=)}?4_dkS=D@;cj|dK<BV0t-99Wcu|V
zc-sf{7Zv`vOg{YxbHtjIcSs)h$d_aNUjx0RLtV5Ck|kNLXLHS}(_ITrl7qgzkUWm(
zVR_fkXDxOh?GmxdjYce;PKj=sgNYFLIHQa4Ytq+s3uy8SWQnV_JT8cxz9ohg;cHvc
znhON1ijgX{HF`^fzp6DH!u~=tw2Ub&8BWX~W;npATm$8C3Z?0af=Uo2Y0ZgOwq{aF
z0$20BkCwN<OyB`;L&bBY%FX`B$wPf3OqkUZVI~G9|2T=F1nX6cJdP426T37>0ik=r
zCJX8ALQkMd(3UD;+{eS{U-{1wO!xY9%n>%c2@)&(Rf-lO`N>-<_8<$JSK-I8PJ%bz
zC+a7{$Iww#qEfcHroKJ$IQs<4Fk#*nBOgfK4x!fa9PB*>_E$DlL=jb?M_wR3X@}t^
zrB&&Qc7&A9%Zyjq)R?_SMG^(WF8m5aTGij5_Mk(0L;IoXf^w(U%hw2M5cr9CoS;fM
zv<&sOSNJ%@J7wx6f;skMyVcMhW(83dsjT>RlPuCF_^Er<Ti<<{mhpPko2#iEFMU-i
zmNvUkBA{4;+)!BxRMQ}tvS?;B_@&LYhIL|2ZA+tOPwL~)P$r5iA7SH1xGse?q!D`A
zW+F=uy*ZjJerFM<9l?Y%j2VVyYS)$Ng3^8jU4x#~J0Wpk&E5!~nwGD|d>xwh`fN=b
z>YM9Wwg#z(6z$~z3#TCCAs3;2#im7gT8CgKG@)zNJ8dCTK_0j8ws1_MF)bo{*xSH4
zN}l#x3MMFJYTf@+R0_r^1!I90<jrPN-S;*ko{(o)R&kC<+(LPJPUZ}&jsa)5fi=?n
zE(B9WgVdS4MtFhzRNN9f7{+*R;M^dN4Is<O`4Xzjt7Mp{W#x!ef5LS=K7{50l(Hd+
zQ__l&C24~<e%D24ki4!G#f2DTs+2=w;je33j7)n{H@}qyTEwfo<Ej~^M5GKilv=PB
zL%UrOlfUb>7`^^M$Pq3Gh`O0F_2Nu<%wb*(tXKT4w1di?ral|%ky?jEQLZ{eIdiU=
z4R2l~N>h+hsv&RTmUb(j5lp#6Ta7f$VcmPHO6`j^EiOII85qhCtVtGJLgs3Ac%%hB
zL5y>fMe|5e3s0Ua@NSg-YQ%TsJ<X<$DKu*Lqz=@!xV&-B0*l0&#9cj=Y)*+rrv2+X
z2$v%)Y#g2a3rok4h1K1oF}Km?;S=d|bOpD8CChF36Ld$Nb1;;LlFeKV3f@+DAy?BR
zD<Ycx0>S(!_~Zk-tZ36dW$Gx;l3@UBh`>r=qsVeOTV?u7CtB1RJjrr~4*82tQ3``v
z3@ZoNRteHS(mu}~1{5@RhTEu?H#J8lP6iOJH#zi!*s}PC+_(C{v|IYaA_|)T`x={q
zSzFkyd+^x1v08#^No>xFAH5&3Fangg_{A}h6L`%sEQBnVY@e@C9o4%L2RC{EOh3c5
zX9g{dJk7Ma+Fwcflw^><Dzm=pLw1yW5UJUPV<L^JMzZ*XUbe^Yr&x=({p~&nO}&jd
z&cZ@y=KL+-KmuR2(apOe!Oj2iCd;*#m=1^D&!*BvIVV`OfRrh5s-y;Ki)bfEw@+9Y
z>Bw~GKmKOb`xG^pQ<|W*xudC#D$e~-7YaN_aNA@CQRQCoDF#|~LHFvJQ|n7P>^%uI
z=*+2j0$I+=m!R7xAuVlTd96KN@%$;fwR322Z!xI}sL#=*!ujq4C8_Yw@s*HVq1fwU
zPKHUVxvb#4X#alH&)AGOna0%Bs}0R(qO`yn2i?@>N6RUjz9~~)8dY~AoO{_7Qdi;Q
z=`*ZRr(xRSM!LI3Pin#C{KfisAedN4o;Syw#iy|=WTP7d3JP1EoaL4VxZ9)5w$6~{
zQr$h6m1Aea&XVOi9Z;XY$M&*YPZNqCM3${}oj8$bXvpIGbe9Gkaa4uFhOTwr*jDLV
z^|shGFjwYg%oVjLC7q&<vRQl2vRL3Cq8g;A@-T<9E5!)rJ7BHKvZm(48vUQ?M|x82
zT){~WmSI0MwM%w|v+redVIk?>9Bmdqm#s{Gn*$O`wE}skX?9^qAU<n`r453BwV;5@
zlZoi@C0sY35uL~xy2`zXZa^?8_OOJS=7TcP?L{r;r~eu(h_099qsekdjMv}Lg6Gl|
zb7okW(<nlvJ6FTgfml~&^C;L?aAg_6l-8i+=bdjY4VWf&0TJ8g2lbhi+*@HL-5Iy+
zigplHKTC2yM1l+or;gbdZC*{8Vw6!f>AT+2DAWitTiUK7Y|F6wn%b4mO^3CBNFEGz
z4U)Doi#lVu5|2&|axt!*T{sE-^m_G!_pYrfkP$2Ws~>K5i*Jn$Ughd%4m>dT%v&km
z5Nr8`#kT<l&Pa3)u3ViwYUg<BeQChjTw?<MY#3r@?)nj^&G1#OJ3~Ixp~dqP&A5(r
zvsx{_?-*oKxb1`xHRd*m69bf4ZGfSS_H6G_?Pr8fdxW?KjAW4bac*xTuiLGFOz62r
zDh7e80KC!Ac)i>*2IuOjDWLh@n_d@daB(C|Y{(#Kb!YE@@%FmWb5%2X#!<V*<-xvA
z6yu#GKl!>8-+?DOXtF+Y55ZJoR!08)=_*?FC(hb3YzD#fk@7hV(EJb+^$2ES{U2!G
z9RT#t3%!_ZnzmM&@G;ll?QZm@g7V!^VtMD!$&%a*6PGPPv#PSsIx~k!*;6vzTRLz0
zi!-C97kZy+;%EQ5&qy=bjx&4sT@Lw#;!}xTz5_A7NR|tLimrbhQq&-c8w^Eh)57{`
z7j#3oFXE~q)rgwfJ0h`If%cyOlh3r-D|P(-Uq#1%4gQyy|0VN(2B2aY#B{jadazG%
z$Kqs9>W$#?a2DxjRmeR*PN}TsF#qQ}hPh?qPO)b7zlTsT5jNVBF|gN(&$9dyg#Eu%
zS1RFOPQ^sIdxJ9Nyt5#+1UUqe3UtBkr$wh=WUxWZn&)McuCk5edZ4<YZds;aQ0wbo
zNPYtju=8F$5PR5-#4*k1{}0iCp$ChbBX-jv6+%Br(5JjHN!IE~t%BN|yzXvDL4M-T
zXv*X64?)@{muQQh*D;Jy+wq~jM9h&>e?0c(lv0{(U52u5O&pmu^l^WL2@r=ofyaV6
zOMxSUr*zglWu&lcv<<f>xD0Q0jfSAohX*421xgGwO&Z-M^%zO;9$Xo@LdrC>)|$jU
z%`Nc$>P18_!-;b-nmJ@|e9iaoHKa*8$T!}qJ+pH)2+N1wc-h91>#lXGwZxyp(_7&$
zkd@_RGw66A*kQLg^zgrD-d0(AG00>h>Dihx!1J>VYRjg6X9j??$E$^%JMf<404{z(
zL$O4^Obi7#->S;#tPy7v#c8@r7`<QZ!jvBxsT~lDmdDrMTTJ*%riV6g*GBiEh`PJ@
z?sxyEWBzMa(%VLY7s$#A$g!~+QkC4xa<4H(hOrf>UU2DS8O`}eWV6g4&amVeKNtao
zO-FNF&*}#?-gVv@ygdqFX1{&kugKTF-y~~VjNmR}M$MR!Vpq@YC#xUwygq*Zu_@pT
zQkH?vz13fyKZ4N(Od8WxM0uQVU*4irUeyl?^)330sI#9NjyX$P|0jO_(W$3y?{~S0
zY}ov){u4tO$g1(>v|6Q1DR<kb!G||I*NfHVam?dAsl~+g9B#}-T?BjMq=-7Wb^x>f
zPGfHSTuSeaMVqs*Y2nK9xMhqb@4I^V^EujjEP7czY*DN`=G|F>#G5m~AMP`T+9C(T
zOi!!*8@ZLWEy7FUu|h^In2}UQJ-fz1fovuaTjRDdDae^%GmKA*n7*ei<p#yMLuwVs
z%3fMy^7x8^vG2!dm+M-+3^eJI9Egi_V+Cd;lD!fOeI0l2HEj{rKtUb{C2zX7(c`E|
z+H5w0xvoJHC2GLiH!~2-FF_-N0wF7}5X>JMq%p$E#gu94kFTn{Rh7vEeU?t0+r}|o
z!uO^MNqd+E3u}S(X4Zi4NVurGU7B^^C#o(j3KFm-^AIyEpYm<H9r>ys?i*uSy<9Zm
zls5+~_5UFq|F<{Lcf{7dCH!aoj|m)EE@@-}y_rDkw+*uP(G-9v`Vl@m^5W6Q&`(u*
zZ~*@UfEV-t9qKf-!$dqG4-^<1ZI5SI)r_;5n}5uIjB)kMbzElVo3&X;eGMbaIYTmt
z{TnyjxBLhXiOz}Bz<%J@7tzPD7nwDspiUFKSlG1rG95<8R5I@XpGG!5OY`dyFob)@
zxI3mzY`d?|_g)r+ITC+bPRf11D%x0==I0J+*m|GNbon>mVnU8J3UWe_4GnTLb2oZd
z8&tds1h!l5jb$&7{YLW0xuCl(_~hgtWAqqg!@Af?tIyMabcSRu)C3F{0f?>ZVs@i8
z(-2Gt@)?pxuqZcz@e?{7x^pH6xW5}fbj>?T9rcw=c=M=}=mrg@x8&B~+yJAs_nIGS
zdpg6q)^mVaX`q}^z=l6IAaXU6VDzCywwAckwG8P}4OdV6IWLk&>PT`#K9$rr$~gJ&
zDc^4OauF(jrelWBT5{@$X`FG}YCs27xMa-mFXrJ6hP}T?`T23`eychTp^pvP`o)0(
zQCcu~WYD%Qjx3k|{vb2#c4(l!A@>~G2S^a+8#m}*-)C=ln=5j%Hj->?yaaR;x_h$L
z%%pT62DdnEW|!O(1Ypl!-j_2nhCO;r9%oydVjI$0942Ox>^S7UkV11GSFfJ{K(VOB
z>@zGVZ-ALh#@0;eEycz^f+bCD+_E(-_jiTL;|@-r&%wKx1&D*KYW0^6G5hlKm@Zv3
zs!zRbNIz<UMC%FlX70XkW!Q#rK&B&Q7mRe#6vZ`2u8hghS<Gc#zze;lC2nLQC}nPF
zCb_Yn9LGOMfYg7wHFqj!RljzQnlKk<rr`1{t@Bd-&x*D@U(Wq<DzQ}A$aj064!lwL
zNxnBe`oJ;3<X|)@ng-2!ePz{PBd|IA2#{~l9Iej(>tuq;jl|$Y$wYU1Se-v0&JzNk
zN>u{<344i;sc*-GIf;qf@@v`ut~koN1TvN^_Ck*N9an}hqe+8gmE%fTNc;OD?~$gq
zlc1DHn}lWy(JMi`ak3%9&9&hw^ketQ@wrZ7EAg>Ctn-Ba{CBZ-D|=Wn<d{IR^VUFC
zj;WDa46XuW%!koJ6qgp2csJ32$30Hmi6G1EOY~DvNp(=6;g#@EJSc;LEG$=qd4rnT
zeUOqXX&qC`=i2~a)pcCj$OBAOD3;2KTF0R$5ti+CS)j_-;0-VW$~u1qBzMH|Yp+l|
z{3^hj_;>@M2R*Ca3Rvqj3ne?KAsiEqQ{%-kjL^@*FU#Wuqoj1?k(0N!PRbd{7@4tj
z8dT5J9ipkuB;H;ZZR%xFJB=B0#GjyWQ|H<9$`H(+xZ4xq0Ewz3TC|7-F!mlmz}%Q?
zxsdWp@M1%udg#QLQ0iY|+%LX>AIfnkEZkxw53mO6_v)WiNV2`k370?bZGHKTJ!YcM
z!rG{A=_weAG@fATJU>6W8Ls*D&#g3jnCQ15!zE+0r6K6f_*wcFC0bmHnijg<$3STE
z@s!1%UmSRM5lsEiw{4Rm51yGm9HkA=Z?fTmfM7w}gC24TLL7Yj8Bj6*si`d`@JSe_
zTD0+9hJOh#JLlFWr?AN`Hf_71t&Yt$qyKu^sUkXR`Zuhh|1RlQac9JP!a|15&d~R9
zELhm6-jgm5B8EDWiNy*k!u%`RX-^pi)HMOQmpi8k_Fq1>!h)Aa0BFnN9TI)4uC1*=
z+`p{5y3{4a2n4*#wmK-uV<4C#f`4v4WArg*Gxbk6ss2;1`rI^N^>?&e<ZXQXn6h*(
zY}*U;1{83Tj;-{^R_Ha+5@cU?f19#I?x={LsU8cv3SDSXqiOT+s0(dc9F=}{RphE+
zyNVZC&Px<U^;{w4VTL0U8}{*gFcV967!$3ny40fK>+I(qv64oWb88=UZ|6cobS`dv
z7VS<t+R#U7jVdzrn1wPcP3|vzn2SHm_hL4-wk)vMWp7emy1u<EJQ~Q}={FgT6P!6y
z2q#^)I0-EQY}Jn}7re0{s6je*)UItKsC#3nxhASX2P;Y&(g_KpAefKimO8~9u`dBl
z40k8!987rjJvS)f!A0E`j!lJ?NgAMILk#zv)uTT8cJK3~LWZoW!h(6xUMZHJ)VgmV
z16(8`w{&n5{Mr6Y)n|qSQ*lDv-!lsi2F_QAkAvh((YgbpCx}cO&MbIpz?=an86)0Y
zooOYL^-?(7|2nS(TsIA&x3u%|LU*b#tZrrV^N(=*cv|JGf-T`;62aLAWYhIlI@D;-
z*Ux(@H}-b-<Qr}*ke|04C?WNqVPMFA(H!LQHxd)7NLiK!x0jcFhr3Q}67PPW_X{9Y
zSNQ2HT@jg3>h4;ZlRD2?e@}J4GpoAi@(L6i7-?PzGbu(+h-^@D9Zqp>)cC*Mf;Xp$
zcDT*#tv!mhCCk~kq<q@4p?m|Oq|fM2WR->Y7PVvyscNhQ>*hq{&xY_S7J6SI`NN<p
zfG@f!;72X=w5GZdOcao6fNmKiL(`h+>f9_rdMf@Cy&=+9`%KHH7Ll|`H&`0H{kBE?
zYx(1A^7mGuWp|3_W2Go0?RoNx+`E<ggZ49u$}yDesr?ElZ*JnZNyRe<r|ImF{ipt5
z$3jD&2Dvor(PGm&Maw#`@roC8R~UEP`r9-_ENsBWd$1X0o}&*K9YeH(FAzx%n=lhU
zLbVZAjHXDdm;GoYOp8sK3bc9G1n9vx(m1~RTTO;WRbf%zkLT@X*tTMwrDm;veiMj+
z9?{b?oO#C|dq=y091A_uAjRK@Hlx0CoDd?TbX!6+j58?tEhh6gNSOY7^Lrz-O%IwA
z8U6Z>ruKuPmTAtpWAE!szYhM@yrWOo)K<SVaeqOwO{sZemCT?m4i@H!ZIdHL)4vGV
z@O0`ACRb)=p$+GK`}=5%*Bpo*apIu*lJX!dSd-;U1f4nCK{}#HXOC>JjipiZ`61!>
zpaH7f^F(oA=*8QGih|p)m8If|R)Llvc^DnVH$dCwc*H%KaZH8NQS)ru7cI3}g8>{@
z5I_5rBs2pug3a^mgh(Fr%>}Z+gO^Qp5KnM&aEz6J<k+|y(ZU7%FfS(ZId+2jeJ%<J
z92}tdA=gTa<G_FcE$eEPL;cq&&U1lBz#e0N`8!#R2Z|fJTlL?s2#a|#_GTejG;!S?
z7Vat$gIm64lH>B@<$mmK;Ebc}pp(@i=-&bNaTj4$Dih-L;IE8$OACKj>Mg-cB474H
za@@cdTzq_<$n*i5w*=#Qx+nbngiy!m8->DC3{eM|oy+d7XzL_Y(g_7lzaA2|?EObC
zRbc}_%FEp|{wfbL`UT$cp3w}<6HH($Kg+Ma=g6Gh)kDs1<W<>}1Nf-FGzd3$^^m?y
z^61&3+m<Wrr{wA%V^+?X1?{7%2TUPxp;IC`E(ThD;xIZ6tIdDXTdqK^2UhE$9<Pn7
z>(vAq5c}fe?>VkgK5RH9N|Jxew&F~5mkba{FEegzA}@&l<uJ3dB32RKIXiR!@7;_U
zc50=|Gn!6<vV>Wwm<ws~&gj9EV}?Jr(gPARLL=mHBo9L)xc1hIotP6We)g_9)lr)g
zeAz<UN4B){?hWP%u0-=L<aqApP&i6>XJB?X_Kir1>#o^iqJ(MM>9OK}O1D>{E@WYb
zHxf5RX!|^6&r4z8^y6YJltfq~GwW6~et+Wxuw34Ld;+B<b?|VT(v_##-gx%zobd~;
zq>+N1%}1O*aZSr|PMpl+f*!CEb}#J(d;WJi==z4qFO5W6YOe&L4R|JuMW+|kae?i>
z^*FVQ9i9^sj4R!)ayyv$*c=KntQrPXN}fn2`XnwViaWhHXp7Q~?F8riY8ejY%cHG$
zH}DC!P@nbD{R_S~0NWO8d&l^VF~sQ31TD!;mzPtW0RnbTX_TYV@k=4H?tgO`{+`@d
zv;p2Ntha1*xIluPZVQ_htAw@C=?c34CnXUMe8f$HiRzVnRY6oNe|49j!ck{oDaG?r
zDi|fuAXiNEa=W+pGlZ|3)JGfOpL!CZ;!nZv{c4-KGHt-<&>*#cTLpd5*jD<HM30Yu
zjG4As6K+QzLnpYc-CkM|09n&>gFPI#{iaeF6kHI#YUnm%7D_Kc#<QnSo$pRP7F#a7
zv2vNmM<mrATp9_yod?ey=-5g)-CszJt~f;#*C|$*cyN1!F~!Ih$y*w!L#>1%_?A54
z$+7iP4brq6e|*A@;5Q!*>46WVe~0m6G)N<D&7hR><Oz58KOUVSot_ieT929q{lDo%
zZNcPsxi?@d!j(eDQM!2HAbDKq9=z3M&&XoOu{kZY9u~AL`VJIKA42ymeAZ_Coy18y
z#n8&ky43zFOJ~3t@Rkk9R)VvgXEh7A?8&nM6pzGjdQjYAx--hCVd$~jd+bpaTcR^3
z=pCJL8l<_ny4SSepA7d~t7T0UI%&8tgID>ZMn7!zmQGw@j(QNo1+U-6P47ilA()}{
zcXyw~eCe?FJog396J)*|5!KMXoPbK1l65}=s%rf&`=L0BY1y|@^^gyK-HUV&q47@!
z6QI!{dn??J=ar~TTqjl=I7LZf)v$LO_JaO_lT;hvbAAjF#`{bwy{tb~Rv`M+&gXD1
ni-p+B|JzfpL)HuIpQ0L5>DT*<A3xuH9A|wVb*}O(`quvdP6727

literal 0
HcmV?d00001

diff --git a/index.html b/index.html
index 3008dc9c1..f120e0164 100644
--- a/index.html
+++ b/index.html
@@ -24,8 +24,14 @@
   <!-- endbuild -->
 
   <!-- Fav and touch icons -->
-  <link rel="shortcut icon" href="ico/favicon.ico">
-  <link rel="apple-touch-icon-precomposed" href="ico/apple-touch-icon-precomposed.png">
+  <link rel="apple-touch-icon" sizes="180x180" href="/ico/apple-touch-icon.png">
+  <link rel="icon" type="image/png" sizes="32x32" href="/ico/favicon-32x32.png">
+  <link rel="icon" type="image/png" sizes="16x16" href="/ico/favicon-16x16.png">
+  <link rel="manifest" href="/ico/manifest.json">
+  <link rel="mask-icon" href="/ico/safari-pinned-tab.svg" color="#5bbad5">
+  <link rel="shortcut icon" href="/ico/favicon.ico">
+  <meta name="msapplication-config" content="/ico/browserconfig.xml">
+  <meta name="theme-color" content="#ffffff">
 </head>
 
 <body ng-controller="MainController">

From bf6b398a278dd5aaca782a0bc641d024993442a4 Mon Sep 17 00:00:00 2001
From: Sylvain MOUQUET <sylvain.mouquet@gmail.com>
Date: Tue, 5 Sep 2017 10:10:16 +0200
Subject: [PATCH 12/33] feat(containers): add a button to display the full name
 of containers (#1164)

---
 app/components/containers/containers.html         | 7 +++++--
 app/components/containers/containersController.js | 9 +++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/components/containers/containers.html b/app/components/containers/containers.html
index 3cd1a3aee..9ad0faf61 100644
--- a/app/components/containers/containers.html
+++ b/app/components/containers/containers.html
@@ -61,6 +61,9 @@
                   <span ng-show="sortType == 'Names' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                   <span ng-show="sortType == 'Names' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                 </a>
+				<a data-toggle="tooltip" title="More" ng-click="truncateMore();" ng-show="showMore">
+					<i class="fa fa-plus-square" aria-hidden="true"></i>
+				</a>
               </th>
               <th>
                 <a ui-sref="containers" ng-click="order('Image')">
@@ -106,8 +109,8 @@
                 <span ng-if="['starting','healthy','unhealthy'].indexOf(container.Status) !== -1" class="label label-{{ container.Status|containerstatusbadge }} interactive" uib-tooltip="This container has a health check">{{ container.Status }}</span>
                 <span ng-if="['starting','healthy','unhealthy'].indexOf(container.Status) === -1" class="label label-{{ container.Status|containerstatusbadge }}">{{ container.Status }}</span>
               </td>
-              <td ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM'"><a ui-sref="container({id: container.Id})">{{ container|swarmcontainername|truncate: 40}}</a></td>
-              <td ng-if="applicationState.endpoint.mode.provider !== 'DOCKER_SWARM'"><a ui-sref="container({id: container.Id})">{{ container|containername|truncate: 40}}</a></td>
+              <td ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM'"><a ui-sref="container({id: container.Id})">{{ container|swarmcontainername|truncate: truncate_size}}</a></td>
+              <td ng-if="applicationState.endpoint.mode.provider !== 'DOCKER_SWARM'"><a ui-sref="container({id: container.Id})">{{ container|containername|truncate: truncate_size}}</a></td>
               <td><a ui-sref="image({id: container.Image})">{{ container.Image | hideshasum }}</a></td>
               <td ng-if="state.displayIP">{{ container.IP ? container.IP : '-' }}</td>
               <td ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM'">{{ container.hostIP }}</td>
diff --git a/app/components/containers/containersController.js b/app/components/containers/containersController.js
index 82dd10b64..afd310b9e 100644
--- a/app/components/containers/containersController.js
+++ b/app/components/containers/containersController.js
@@ -8,6 +8,9 @@ angular.module('containers', [])
   $scope.sortType = 'State';
   $scope.sortReverse = false;
   $scope.state.selectedItemCount = 0;
+  $scope.truncate_size = 40;
+  $scope.showMore = true;
+  
   $scope.order = function (sortType) {
     $scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
     $scope.sortType = sortType;
@@ -160,6 +163,12 @@ angular.module('containers', [])
   $scope.removeAction = function () {
     batch($scope.containers, Container.remove, 'Removed');
   };
+  
+  
+  $scope.truncateMore = function(size) {
+    $scope.truncate_size = 80;
+    $scope.showMore = false;
+  };
 
   $scope.confirmRemoveAction = function () {
     var isOneContainerRunning = false;

From be4beacdf7dd89c95164e4e5fa0eb03773b52779 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 5 Sep 2017 16:42:20 +0200
Subject: [PATCH 13/33] feat(container-creation): display a warning message
 when editing a container with an unknow registry (#1143)

---
 .../createContainerController.js              |  1 -
 .../createContainer/createcontainer.html      | 38 +++++++++++--------
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/app/components/createContainer/createContainerController.js b/app/components/createContainer/createContainerController.js
index ecc556182..5997747f7 100644
--- a/app/components/createContainer/createContainerController.js
+++ b/app/components/createContainer/createContainerController.js
@@ -403,7 +403,6 @@ function ($q, $scope, $state, $stateParams, $filter, Container, ContainerHelper,
   }
 
   function loadFromContainerImageConfig(d) {
-    // If no registry found, we let default DockerHub and let full image path
     var imageInfo = ImageHelper.extractImageAndRegistryFromRepository($scope.config.Image);
     RegistryService.retrieveRegistryFromRepository($scope.config.Image)
     .then(function success(data) {
diff --git a/app/components/createContainer/createcontainer.html b/app/components/createContainer/createcontainer.html
index fdae6b4de..fd282d5b8 100644
--- a/app/components/createContainer/createcontainer.html
+++ b/app/components/createContainer/createcontainer.html
@@ -21,24 +21,30 @@
           <div class="col-sm-12 form-section-title">
             Image configuration
           </div>
-          <!-- image-and-registry -->
-          <div class="form-group">
-            <por-image-registry image="config.Image" registry="formValues.Registry" ng-if="formValues.Registry"></por-image-registry>
+          <div ng-if="!formValues.Registry && fromContainer">
+            <i class="fa fa-exclamation-triangle orange-icon" aria-hidden="true"></i>
+            <span class="small text-danger" style="margin-left: 5px;">The Docker registry for the <code>{{ config.Image }}</code> image is not registered inside Portainer, you will not be able to create a container. Please register that registry first.</span>
           </div>
-          <!-- !image-and-registry -->
-          <!-- always-pull -->
-          <div class="form-group">
-            <div class="col-sm-12">
-              <label for="ownership" class="control-label text-left">
-                Always pull the image
-                <portainer-tooltip position="bottom" message="When enabled, Portainer will automatically try to pull the specified image before creating the container."></portainer-tooltip>
-              </label>
-              <label class="switch" style="margin-left: 20px;">
-                <input type="checkbox" ng-model="formValues.alwaysPull"><i></i>
-              </label>
+          <div ng-if="formValues.Registry || !fromContainer">
+            <!-- image-and-registry -->
+            <div class="form-group">
+              <por-image-registry image="config.Image" registry="formValues.Registry" ng-if="formValues.Registry"></por-image-registry>
             </div>
+            <!-- !image-and-registry -->
+            <!-- always-pull -->
+            <div class="form-group">
+              <div class="col-sm-12">
+                <label for="ownership" class="control-label text-left">
+                  Always pull the image
+                  <portainer-tooltip position="bottom" message="When enabled, Portainer will automatically try to pull the specified image before creating the container."></portainer-tooltip>
+                </label>
+                <label class="switch" style="margin-left: 20px;">
+                  <input type="checkbox" ng-model="formValues.alwaysPull"><i></i>
+                </label>
+              </div>
+            </div>
+            <!-- !always-pull -->
           </div>
-          <!-- !always-pull -->
           <div class="col-sm-12 form-section-title">
             Ports configuration
           </div>
@@ -106,7 +112,7 @@
           </div>
           <div class="form-group">
             <div class="col-sm-12">
-              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!config.Image" ng-click="create()">Start container</button>
+              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!config.Image || (!formValues.Registry && fromContainer)" ng-click="create()">Start container</button>
               <a type="button" class="btn btn-default btn-sm" ui-sref="containers">Cancel</a>
               <i id="createContainerSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
               <span class="text-danger" ng-if="state.formValidationError" style="margin-left: 5px;">{{ state.formValidationError }}</span>

From b9b32f05269f812e9189ea311c9e992752b52e61 Mon Sep 17 00:00:00 2001
From: Liam Cottam <killtheidols@hotmail.co.uk>
Date: Wed, 6 Sep 2017 14:11:38 +0100
Subject: [PATCH 14/33] feat(network-creation): network dropdown for drivers
 (#1016) (#1062)

---
 .../createNetwork/createNetworkController.js  | 27 ++++++++++++++--
 .../createNetwork/createnetwork.html          | 11 +++++--
 app/services/docker/pluginService.js          | 32 +++++++++++++++++++
 3 files changed, 65 insertions(+), 5 deletions(-)

diff --git a/app/components/createNetwork/createNetworkController.js b/app/components/createNetwork/createNetworkController.js
index 01b0b3c7a..ee0a1e838 100644
--- a/app/components/createNetwork/createNetworkController.js
+++ b/app/components/createNetwork/createNetworkController.js
@@ -1,6 +1,7 @@
 angular.module('createNetwork', [])
-.controller('CreateNetworkController', ['$scope', '$state', 'Notifications', 'Network', 'LabelHelper',
-function ($scope, $state, Notifications, Network, LabelHelper) {
+.controller('CreateNetworkController', ['$q', '$scope', '$state', 'PluginService', 'Notifications', 'Network', 'LabelHelper',
+function ($q, $scope, $state, PluginService, Notifications, Network, LabelHelper) {
+
   $scope.formValues = {
     DriverOptions: [],
     Subnet: '',
@@ -8,6 +9,8 @@ function ($scope, $state, Notifications, Network, LabelHelper) {
     Labels: []
   };
 
+  $scope.availableNetworkDrivers = [];
+
   $scope.config = {
     Driver: 'bridge',
     CheckDuplicate: true,
@@ -89,4 +92,24 @@ function ($scope, $state, Notifications, Network, LabelHelper) {
     var config = prepareConfiguration();
     createNetwork(config);
   };
+
+  function initView() {
+    $('#loadingViewSpinner').show();
+    var endpointProvider = $scope.applicationState.endpoint.mode.provider;
+    var apiVersion = $scope.applicationState.endpoint.apiVersion;
+    if(endpointProvider !== 'DOCKER_SWARM') {
+      PluginService.networkPlugins(apiVersion < 1.25)
+      .then(function success(data){
+          $scope.availableNetworkDrivers = data;
+      })
+      .catch(function error(err) {
+        Notifications.error('Failure', err, 'Unable to retrieve network drivers');
+      })
+      .finally(function final() {
+        $('#loadingViewSpinner').hide();
+      });
+    }
+  }
+
+  initView();
 }]);
diff --git a/app/components/createNetwork/createnetwork.html b/app/components/createNetwork/createnetwork.html
index a9f1ef7d4..c01da87e2 100644
--- a/app/components/createNetwork/createnetwork.html
+++ b/app/components/createNetwork/createnetwork.html
@@ -1,5 +1,7 @@
 <rd-header>
-  <rd-header-title title="Create network"></rd-header-title>
+  <rd-header-title title="Create network">
+    <i id="loadingViewSpinner" class="fa fa-cog fa-spin"></i>
+  </rd-header-title>
   <rd-header-content>
     <a ui-sref="networks">Networks</a> &gt; Add network
   </rd-header-content>
@@ -39,8 +41,11 @@
           <!-- driver-input -->
           <div class="form-group">
             <label for="network_driver" class="col-sm-2 col-lg-1 control-label text-left">Driver</label>
-            <div class="col-sm-10">
-              <input type="text" class="form-control" ng-model="config.Driver" id="network_driver" placeholder="e.g. driverName">
+            <div class="col-sm-11">
+              <select class="form-control" ng-options="driver for driver in availableNetworkDrivers" ng-model="config.Driver" ng-if="availableNetworkDrivers.length > 0">
+                <option disabled hidden value="">Select a driver</option>
+              </select>
+              <input type="text" class="form-control" ng-model="config.Driver" id="network_driver" placeholder="e.g. driverName" ng-if="availableNetworkDrivers.length === 0">
             </div>
           </div>
           <!-- !driver-input -->
diff --git a/app/services/docker/pluginService.js b/app/services/docker/pluginService.js
index d6e3325e6..690010d1a 100644
--- a/app/services/docker/pluginService.js
+++ b/app/services/docker/pluginService.js
@@ -52,5 +52,37 @@ angular.module('portainer.services')
     return deferred.promise;
   };
 
+  service.networkPlugins = function(systemOnly) {
+    var deferred = $q.defer();
+
+    $q.all({
+      system: SystemService.plugins(),
+      plugins: systemOnly ? [] : service.plugins()
+    })
+    .then(function success(data) {
+      var networkPlugins = [];
+      var systemPlugins = data.system;
+      var plugins = data.plugins;
+
+      if (systemPlugins.Network) {
+        networkPlugins = networkPlugins.concat(systemPlugins.Network);
+      }
+
+      for (var i = 0; i < plugins.length; i++) {
+        var plugin = plugins[i];
+        if (plugin.Enabled && _.includes(plugin.Config.Interface.Types, 'docker.networkdriver/1.0')) {
+          networkPlugins.push(plugin.Name);
+        }
+      }
+
+      deferred.resolve(networkPlugins);
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: err.msg, err: err });
+    });
+
+    return deferred.promise;
+  };
+
   return service;
 }]);

From c0d282e85be0ee9a0d5edf3df612bdd9f1431b9f Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Sat, 9 Sep 2017 18:49:21 +0200
Subject: [PATCH 15/33] feat(container-stats): overhaul (#1183)

---
 app/app.js                                    |   6 +-
 .../containerStats/containerStats.html        | 123 +++++++++
 .../containerStatsController.js               | 159 +++++++++++
 app/components/stats/stats.html               |  94 -------
 app/components/stats/statsController.js       | 220 ---------------
 app/models/docker/containerStats.js           |  12 +
 app/rest/docker/container.js                  |   9 +-
 app/rest/docker/containerTop.js               |  17 --
 app/services/chartService.js                  | 251 ++++++++++++++++++
 app/services/docker/containerService.js       |  47 +++-
 assets/js/legend.js                           |  19 --
 bower.json                                    |   4 +-
 vendor.yml                                    |   7 +-
 13 files changed, 607 insertions(+), 361 deletions(-)
 create mode 100644 app/components/containerStats/containerStats.html
 create mode 100644 app/components/containerStats/containerStatsController.js
 delete mode 100644 app/components/stats/stats.html
 delete mode 100644 app/components/stats/statsController.js
 create mode 100644 app/models/docker/containerStats.js
 delete mode 100644 app/rest/docker/containerTop.js
 create mode 100644 app/services/chartService.js
 delete mode 100644 assets/js/legend.js

diff --git a/app/app.js b/app/app.js
index 059b41344..49e424aff 100644
--- a/app/app.js
+++ b/app/app.js
@@ -23,6 +23,7 @@ angular.module('portainer', [
   'container',
   'containerConsole',
   'containerLogs',
+  'containerStats',
   'serviceLogs',
   'containers',
   'createContainer',
@@ -54,7 +55,6 @@ angular.module('portainer', [
   'settings',
   'settingsAuthentication',
   'sidebar',
-  'stats',
   'swarm',
   'task',
   'team',
@@ -158,8 +158,8 @@ angular.module('portainer', [
       url: '^/containers/:id/stats',
       views: {
         'content@': {
-          templateUrl: 'app/components/stats/stats.html',
-          controller: 'StatsController'
+          templateUrl: 'app/components/containerStats/containerStats.html',
+          controller: 'ContainerStatsController'
         },
         'sidebar@': {
           templateUrl: 'app/components/sidebar/sidebar.html',
diff --git a/app/components/containerStats/containerStats.html b/app/components/containerStats/containerStats.html
new file mode 100644
index 000000000..63619a917
--- /dev/null
+++ b/app/components/containerStats/containerStats.html
@@ -0,0 +1,123 @@
+<rd-header>
+  <rd-header-title title="Container statistics">
+    <i id="loadingViewSpinner" class="fa fa-cog fa-spin"></i>
+  </rd-header-title>
+  <rd-header-content>
+    <a ui-sref="containers">Containers</a> &gt; <a ui-sref="container({id: container.Id})">{{ container.Name|trimcontainername }}</a> &gt; Stats
+  </rd-header-content>
+</rd-header>
+
+<div class="row">
+  <div class="col-md-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-info-circle" title="About statistics">
+      </rd-widget-header>
+      <rd-widget-body>
+        <form class="form-horizontal">
+          <div class="form-group">
+            <div class="col-sm-12">
+              <span class="small text-muted">
+                This view displays real-time statistics about the container <b>{{ container.Name|trimcontainername }}</b> as well as a list of the running processes
+                inside this container.
+              </span>
+            </div>
+          </div>
+          <div class="form-group">
+            <label for="refreshRate" class="col-sm-3 col-md-2 col-lg-2 margin-sm-top control-label text-left">
+              Refresh rate
+            </label>
+            <div class="col-sm-3 col-md-2">
+              <select id="refreshRate" ng-model="state.refreshRate" ng-change="changeUpdateRepeater()" class="form-control">
+                <option value="5">5s</option>
+                <option value="10">10s</option>
+                <option value="30">30s</option>
+                <option value="60">60s</option>
+              </select>
+            </div>
+            <span>
+              <i id="refreshRateChange" class="fa fa-check green-icon" aria-hidden="true" style="margin-top: 7px; display: none;"></i>
+            </span>
+          </div>
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>
+
+<div class="row">
+  <div class="col-lg-4 col-md-6 col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-area-chart" title="Memory usage"></rd-widget-header>
+      <rd-widget-body>
+        <div class="chart-container" style="position: relative;">
+          <canvas id="memoryChart" width="770" height="300"></canvas>
+        </div>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+  <div class="col-lg-4 col-md-6 col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-area-chart" title="CPU usage"></rd-widget-header>
+      <rd-widget-body>
+        <div class="chart-container" style="position: relative;">
+          <canvas id="cpuChart" width="770" height="300"></canvas>
+        </div>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+  <div class="col-lg-4 col-md-12 col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-area-chart" title="Network usage"></rd-widget-header>
+      <rd-widget-body>
+        <div class="chart-container" style="position: relative;">
+          <canvas id="networkChart" width="770" height="300"></canvas>
+        </div>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+  <div class="col-sm-12" ng-if="applicationState.endpoint.mode.provider !== 'VMWARE_VIC'">
+    <rd-widget>
+      <rd-widget-header icon="fa-tasks" title="Processes">
+        <div class="pull-right">
+          Items per page:
+          <select ng-model="state.pagination_count" ng-change="changePaginationCount()">
+            <option value="0">All</option>
+            <option value="10">10</option>
+            <option value="25">25</option>
+            <option value="50">50</option>
+            <option value="100">100</option>
+          </select>
+        </div>
+      </rd-widget-header>
+      <rd-widget-body classes="no-padding">
+        <table class="table table-striped">
+          <thead>
+            <tr>
+              <th ng-repeat="title in processInfo.Titles">
+                <a ng-click="order(title)">
+                  {{ title }}
+                  <span ng-show="sortType == title && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
+                  <span ng-show="sortType == title && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
+                </a>
+              </th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr dir-paginate="processDetails in state.filteredProcesses = (processInfo.Processes | orderBy:sortType:sortReverse |  itemsPerPage: state.pagination_count)">
+              <td ng-repeat="procInfo in processDetails track by $index">{{ procInfo }}</td>
+            </tr>
+            <tr ng-if="!processInfo.Processes">
+              <td colspan="processInfo.Titles.length" class="text-center text-muted">Loading...</td>
+            </tr>
+            <tr ng-if="state.filteredProcesses.length === 0">
+              <td colspan="processInfo.Titles.length" class="text-center text-muted">No processes available.</td>
+            </tr>
+          </tbody>
+        </table>
+        <div ng-if="processInfo.Processes" class="pagination-controls">
+          <dir-pagination-controls></dir-pagination-controls>
+        </div>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>
diff --git a/app/components/containerStats/containerStatsController.js b/app/components/containerStats/containerStatsController.js
new file mode 100644
index 000000000..a48383507
--- /dev/null
+++ b/app/components/containerStats/containerStatsController.js
@@ -0,0 +1,159 @@
+angular.module('containerStats', [])
+.controller('ContainerStatsController', ['$q', '$scope', '$stateParams', '$document', '$interval', 'ContainerService', 'ChartService', 'Notifications', 'Pagination',
+function ($q, $scope, $stateParams, $document, $interval, ContainerService, ChartService, Notifications, Pagination) {
+
+  $scope.state = {
+    refreshRate: '5'
+  };
+
+  $scope.state.pagination_count = Pagination.getPaginationCount('stats_processes');
+  $scope.sortType = 'CMD';
+  $scope.sortReverse = false;
+
+  $scope.order = function (sortType) {
+    $scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
+    $scope.sortType = sortType;
+  };
+
+  $scope.changePaginationCount = function() {
+    Pagination.setPaginationCount('stats_processes', $scope.state.pagination_count);
+  };
+
+  $scope.$on('$destroy', function() {
+    stopRepeater();
+  });
+
+  function stopRepeater() {
+    var repeater = $scope.repeater;
+    if (angular.isDefined(repeater)) {
+      $interval.cancel(repeater);
+      repeater = null;
+    }
+  }
+
+  function updateNetworkChart(stats, chart) {
+    var rx = stats.Networks[0].rx_bytes;
+    var tx = stats.Networks[0].tx_bytes;
+    var label = moment(stats.Date).format('HH:mm:ss');
+
+    ChartService.UpdateNetworkChart(label, rx, tx, chart);
+  }
+
+  function updateMemoryChart(stats, chart) {
+    var label = moment(stats.Date).format('HH:mm:ss');
+    var value = stats.MemoryUsage;
+
+    ChartService.UpdateMemoryChart(label, value, chart);
+  }
+
+  function updateCPUChart(stats, chart) {
+    var label = moment(stats.Date).format('HH:mm:ss');
+    var value = calculateCPUPercentUnix(stats);
+
+    ChartService.UpdateCPUChart(label, value, chart);
+  }
+
+  function calculateCPUPercentUnix(stats) {
+    var cpuPercent = 0.0;
+    var cpuDelta = stats.CurrentCPUTotalUsage - stats.PreviousCPUTotalUsage;
+    var systemDelta = stats.CurrentCPUSystemUsage - stats.PreviousCPUSystemUsage;
+
+    if (systemDelta > 0.0 && cpuDelta > 0.0) {
+      cpuPercent = (cpuDelta / systemDelta) * stats.CPUCores * 100.0;
+    }
+
+    return cpuPercent;
+  }
+
+  $scope.changeUpdateRepeater = function() {
+    var networkChart = $scope.networkChart;
+    var cpuChart = $scope.cpuChart;
+    var memoryChart = $scope.memoryChart;
+
+    stopRepeater();
+    setUpdateRepeater(networkChart, cpuChart, memoryChart);
+    $('#refreshRateChange').show();
+    $('#refreshRateChange').fadeOut(1500);
+  };
+
+  function startChartUpdate(networkChart, cpuChart, memoryChart) {
+    $('#loadingViewSpinner').show();
+    $q.all({
+      stats: ContainerService.containerStats($stateParams.id),
+      top: ContainerService.containerTop($stateParams.id)
+    })
+    .then(function success(data) {
+      var stats = data.stats;
+      $scope.processInfo = data.top;
+      updateNetworkChart(stats, networkChart);
+      updateMemoryChart(stats, memoryChart);
+      updateCPUChart(stats, cpuChart);
+      setUpdateRepeater(networkChart, cpuChart, memoryChart);
+    })
+    .catch(function error(err) {
+      stopRepeater();
+      Notifications.error('Failure', err, 'Unable to retrieve container statistics');
+    })
+    .finally(function final() {
+      $('#loadingViewSpinner').hide();
+    });
+  }
+
+  function setUpdateRepeater(networkChart, cpuChart, memoryChart) {
+    var refreshRate = $scope.state.refreshRate;
+    $scope.repeater = $interval(function() {
+      $q.all({
+        stats: ContainerService.containerStats($stateParams.id),
+        top: ContainerService.containerTop($stateParams.id)
+      })
+      .then(function success(data) {
+        var stats = data.stats;
+        $scope.processInfo = data.top;
+        updateNetworkChart(stats, networkChart);
+        updateMemoryChart(stats, memoryChart);
+        updateCPUChart(stats, cpuChart);
+      })
+      .catch(function error(err) {
+        stopRepeater();
+        Notifications.error('Failure', err, 'Unable to retrieve container statistics');
+      });
+    }, refreshRate * 1000);
+  }
+
+  function initCharts() {
+    var networkChartCtx = $('#networkChart');
+    var networkChart = ChartService.CreateNetworkChart(networkChartCtx);
+    $scope.networkChart = networkChart;
+
+    var cpuChartCtx = $('#cpuChart');
+    var cpuChart = ChartService.CreateCPUChart(cpuChartCtx);
+    $scope.cpuChart = cpuChart;
+
+    var memoryChartCtx = $('#memoryChart');
+    var memoryChart = ChartService.CreateMemoryChart(memoryChartCtx);
+    $scope.memoryChart = memoryChart;
+
+    startChartUpdate(networkChart, cpuChart, memoryChart);
+  }
+
+  function initView() {
+    $('#loadingViewSpinner').show();
+
+    ContainerService.container($stateParams.id)
+    .then(function success(data) {
+      $scope.container = data;
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to retrieve container information');
+    })
+    .finally(function final() {
+      $('#loadingViewSpinner').hide();
+    });
+
+    $document.ready(function() {
+      initCharts();
+    });
+  }
+
+  initView();
+}]);
diff --git a/app/components/stats/stats.html b/app/components/stats/stats.html
deleted file mode 100644
index 47168d464..000000000
--- a/app/components/stats/stats.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<rd-header>
-  <rd-header-title title="Container stats"></rd-header-title>
-  <rd-header-content>
-    <a ui-sref="containers">Containers</a> &gt; <a ui-sref="container({id: container.Id})">{{ container.Name|trimcontainername }}</a> &gt; Stats
-  </rd-header-content>
-</rd-header>
-
-<div class="row">
-  <div class="col-lg-12 col-md-12 col-xs-12">
-    <rd-widget>
-      <rd-widget-body>
-        <div class="widget-icon grey pull-left">
-          <i class="fa fa-server"></i>
-        </div>
-        <div class="title">{{ container.Name|trimcontainername }}</div>
-        <div class="comment">
-          Name
-        </div>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>
-
-<div class="row">
-  <div class="col-lg-6">
-    <rd-widget>
-      <rd-widget-header icon="fa-area-chart" title="CPU usage"></rd-widget-header>
-      <rd-widget-body>
-        <canvas id="cpu-stats-chart" width="770" height="230"></canvas>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-  <div class="col-lg-6">
-    <rd-widget>
-      <rd-widget-header icon="fa-area-chart" title="Memory usage"></rd-widget-header>
-      <rd-widget-body>
-        <canvas id="memory-stats-chart" width="770" height="230"></canvas>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>
-
-<div class="row">
-  <div class="col-lg-6">
-    <rd-widget>
-      <rd-widget-header icon="fa-area-chart" title="Network usage"></rd-widget-header>
-      <rd-widget-body>
-        <canvas id="network-stats-chart" width="770" height="230"></canvas>
-        <div class="comment">
-          <div id="network-legend" style="margin-bottom: 20px;"></div>
-        </div>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-  <div class="col-lg-6" ng-if="applicationState.endpoint.mode.provider !== 'VMWARE_VIC'">
-    <rd-widget>
-      <rd-widget-header icon="fa-tasks" title="Processes">
-        <div class="pull-right">
-          Items per page:
-          <select ng-model="state.pagination_count" ng-change="changePaginationCount()">
-            <option value="0">All</option>
-            <option value="10">10</option>
-            <option value="25">25</option>
-            <option value="50">50</option>
-            <option value="100">100</option>
-          </select>
-        </div>
-      </rd-widget-header>
-      <rd-widget-body classes="no-padding">
-        <table class="table table-striped">
-          <thead>
-            <tr>
-              <th ng-repeat="title in containerTop.Titles">
-                <a ui-sref="stats({id: container.Id})" ng-click="order(title)">
-                  {{title}}
-                  <span ng-show="sortType == title && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
-                  <span ng-show="sortType == title && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
-                </a>
-              </th>
-            </tr>
-          </thead>
-          <tbody>
-            <tr dir-paginate="processInfos in state.filteredProcesses = (containerTop.Processes | orderBy:sortType:sortReverse |  itemsPerPage: state.pagination_count)">
-              <td ng-repeat="processInfo in processInfos track by $index">{{processInfo}}</td>
-            </tr>
-          </tbody>
-        </table>
-        <div ng-if="containerTop.Processes" class="pagination-controls">
-          <dir-pagination-controls></dir-pagination-controls>
-        </div>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>
diff --git a/app/components/stats/statsController.js b/app/components/stats/statsController.js
deleted file mode 100644
index 1b8de729d..000000000
--- a/app/components/stats/statsController.js
+++ /dev/null
@@ -1,220 +0,0 @@
-angular.module('stats', [])
-.controller('StatsController', ['Pagination', '$scope', 'Notifications', '$timeout', 'Container', 'ContainerTop', '$stateParams', 'humansizeFilter', '$sce', '$document',
-function (Pagination, $scope, Notifications, $timeout, Container, ContainerTop, $stateParams, humansizeFilter, $sce, $document) {
-  // TODO: Force scale to 0-100 for cpu, fix charts on dashboard,
-  // TODO: Force memory scale to 0 - max memory
-  $scope.ps_args = '';
-  $scope.state = {};
-  $scope.state.pagination_count = Pagination.getPaginationCount('stats_processes');
-  $scope.sortType = 'CMD';
-  $scope.sortReverse = false;
-  $scope.order = function (sortType) {
-    $scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
-    $scope.sortType = sortType;
-  };
-  $scope.changePaginationCount = function() {
-    Pagination.setPaginationCount('stats_processes', $scope.state.pagination_count);
-  };
-  $scope.getTop = function () {
-      ContainerTop.get($stateParams.id, {
-          ps_args: $scope.ps_args
-      }, function (data) {
-          $scope.containerTop = data;
-      });
-  };
-  var destroyed = false;
-  var timeout;
-  $document.ready(function(){
-    var cpuLabels = [];
-    var cpuData = [];
-    var memoryLabels = [];
-    var memoryData = [];
-    var networkLabels = [];
-    var networkTxData = [];
-    var networkRxData = [];
-    for (var i = 0; i < 20; i++) {
-      cpuLabels.push('');
-      cpuData.push(0);
-      memoryLabels.push('');
-      memoryData.push(0);
-      networkLabels.push('');
-      networkTxData.push(0);
-      networkRxData.push(0);
-    }
-    var cpuDataset = { // CPU Usage
-      fillColor: 'rgba(151,187,205,0.5)',
-      strokeColor: 'rgba(151,187,205,1)',
-      pointColor: 'rgba(151,187,205,1)',
-      pointStrokeColor: '#fff',
-      data: cpuData
-    };
-    var memoryDataset = {
-      fillColor: 'rgba(151,187,205,0.5)',
-      strokeColor: 'rgba(151,187,205,1)',
-      pointColor: 'rgba(151,187,205,1)',
-      pointStrokeColor: '#fff',
-      data: memoryData
-    };
-    var networkRxDataset = {
-      label: 'Rx Bytes',
-      fillColor: 'rgba(151,187,205,0.5)',
-      strokeColor: 'rgba(151,187,205,1)',
-      pointColor: 'rgba(151,187,205,1)',
-      pointStrokeColor: '#fff',
-      data: networkRxData
-    };
-    var networkTxDataset = {
-      label: 'Tx Bytes',
-      fillColor: 'rgba(255,180,174,0.5)',
-      strokeColor: 'rgba(255,180,174,1)',
-      pointColor: 'rgba(255,180,174,1)',
-      pointStrokeColor: '#fff',
-      data: networkTxData
-    };
-    var networkLegendData = [
-      {
-        //value: '',
-        color: 'rgba(151,187,205,0.5)',
-        title: 'Rx Data'
-      },
-      {
-        //value: '',
-        color: 'rgba(255,180,174,0.5)',
-        title: 'Tx Data'
-      }
-    ];
-
-    legend($('#network-legend').get(0), networkLegendData);
-
-    Chart.defaults.global.animationSteps = 30; // Lower from 60 to ease CPU load.
-    var cpuChart = new Chart($('#cpu-stats-chart').get(0).getContext('2d')).Line({
-      labels: cpuLabels,
-      datasets: [cpuDataset]
-    }, {
-      responsive: true
-    });
-
-    var memoryChart = new Chart($('#memory-stats-chart').get(0).getContext('2d')).Line({
-      labels: memoryLabels,
-      datasets: [memoryDataset]
-    },
-    {
-      scaleLabel: function (valueObj) {
-        return humansizeFilter(parseInt(valueObj.value, 10), 2);
-      },
-      responsive: true
-      //scaleOverride: true,
-      //scaleSteps: 10,
-      //scaleStepWidth: Math.ceil(initialStats.memory_stats.limit / 10),
-      //scaleStartValue: 0
-    });
-    var networkChart = new Chart($('#network-stats-chart').get(0).getContext('2d')).Line({
-      labels: networkLabels,
-      datasets: [networkRxDataset, networkTxDataset]
-    }, {
-      scaleLabel: function (valueObj) {
-        return humansizeFilter(parseInt(valueObj.value, 10), 2);
-      },
-      responsive: true
-    });
-    $scope.networkLegend = $sce.trustAsHtml(networkChart.generateLegend());
-
-
-    function updateStats() {
-      Container.stats({id: $stateParams.id}, function (d) {
-        var arr = Object.keys(d).map(function (key) {
-          return d[key];
-        });
-        if (arr.join('').indexOf('no such id') !== -1) {
-          Notifications.error('Unable to retrieve stats', {}, 'Is this container running?');
-          return;
-        }
-
-        // Update graph with latest data
-        $scope.data = d;
-        updateCpuChart(d);
-        updateMemoryChart(d);
-        updateNetworkChart(d);
-        setUpdateStatsTimeout();
-      }, function () {
-        Notifications.error('Unable to retrieve stats', {}, 'Is this container running?');
-        setUpdateStatsTimeout();
-      });
-    }
-
-
-    $scope.$on('$destroy', function () {
-      destroyed = true;
-      $timeout.cancel(timeout);
-    });
-
-    updateStats();
-
-    function updateCpuChart(data) {
-      cpuChart.addData([calculateCPUPercent(data)], new Date(data.read).toLocaleTimeString());
-      cpuChart.removeData();
-    }
-
-    function updateMemoryChart(data) {
-      memoryChart.addData([data.memory_stats.usage], new Date(data.read).toLocaleTimeString());
-      memoryChart.removeData();
-    }
-
-    var lastRxBytes = 0, lastTxBytes = 0;
-
-    function updateNetworkChart(data) {
-      // 1.9+ contains an object of networks, for now we'll just show stats for the first network
-      // TODO: Show graphs for all networks
-      if (data.networks) {
-        $scope.networkName = Object.keys(data.networks)[0];
-        data.network = data.networks[$scope.networkName];
-      }
-      if(data.network) {
-        var rxBytes = 0, txBytes = 0;
-        if (lastRxBytes !== 0 || lastTxBytes !== 0) {
-          // These will be zero on first call, ignore to prevent large graph spike
-          rxBytes = data.network.rx_bytes - lastRxBytes;
-          txBytes = data.network.tx_bytes - lastTxBytes;
-        }
-        lastRxBytes = data.network.rx_bytes;
-        lastTxBytes = data.network.tx_bytes;
-        networkChart.addData([rxBytes, txBytes], new Date(data.read).toLocaleTimeString());
-        networkChart.removeData();
-      }
-    }
-
-    function calculateCPUPercent(stats) {
-      // Same algorithm the official client uses: https://github.com/docker/docker/blob/master/api/client/stats.go#L195-L208
-      var prevCpu = stats.precpu_stats;
-      var curCpu = stats.cpu_stats;
-
-      var cpuPercent = 0.0;
-
-      // calculate the change for the cpu usage of the container in between readings
-      var cpuDelta = curCpu.cpu_usage.total_usage - prevCpu.cpu_usage.total_usage;
-      // calculate the change for the entire system between readings
-      var systemDelta = curCpu.system_cpu_usage - prevCpu.system_cpu_usage;
-
-      if (systemDelta > 0.0 && cpuDelta > 0.0) {
-        cpuPercent = (cpuDelta / systemDelta) * curCpu.cpu_usage.percpu_usage.length * 100.0;
-      }
-      return cpuPercent;
-    }
-
-    function setUpdateStatsTimeout() {
-      if(!destroyed) {
-        timeout = $timeout(updateStats, 5000);
-      }
-    }
-  });
-
-  Container.get({id: $stateParams.id}, function (d) {
-    $scope.container = d;
-  }, function (e) {
-    Notifications.error('Failure', e, 'Unable to retrieve container info');
-  });
-  var endpointProvider = $scope.applicationState.endpoint.mode.provider;
-  if (endpointProvider !== 'VMWARE_VIC') {
-    $scope.getTop();
-  }
-}]);
diff --git a/app/models/docker/containerStats.js b/app/models/docker/containerStats.js
new file mode 100644
index 000000000..aad3b48b3
--- /dev/null
+++ b/app/models/docker/containerStats.js
@@ -0,0 +1,12 @@
+function ContainerStatsViewModel(data) {
+  this.Date = data.read;
+  this.MemoryUsage = data.memory_stats.usage;
+  this.PreviousCPUTotalUsage = data.precpu_stats.cpu_usage.total_usage;
+  this.PreviousCPUSystemUsage = data.precpu_stats.system_cpu_usage;
+  this.CurrentCPUTotalUsage = data.cpu_stats.cpu_usage.total_usage;
+  this.CurrentCPUSystemUsage = data.cpu_stats.system_cpu_usage;
+  if (data.cpu_stats.cpu_usage.percpu_usage) {
+    this.CPUCores = data.cpu_stats.cpu_usage.percpu_usage.length;
+  }
+  this.Networks = _.values(data.networks);
+}
diff --git a/app/rest/docker/container.js b/app/rest/docker/container.js
index 1bad5758f..d8786cb03 100644
--- a/app/rest/docker/container.js
+++ b/app/rest/docker/container.js
@@ -13,7 +13,14 @@ angular.module('portainer.rest')
     kill: {method: 'POST', params: {id: '@id', action: 'kill'}},
     pause: {method: 'POST', params: {id: '@id', action: 'pause'}},
     unpause: {method: 'POST', params: {id: '@id', action: 'unpause'}},
-    stats: {method: 'GET', params: {id: '@id', stream: false, action: 'stats'}, timeout: 5000},
+    stats: {
+      method: 'GET', params: { id: '@id', stream: false, action: 'stats' },
+      timeout: 4500
+    },
+    top: {
+      method: 'GET', params: { id: '@id', action: 'top' },
+      timeout: 4500
+    },
     start: {
       method: 'POST', params: {id: '@id', action: 'start'},
       transformResponse: genericHandler
diff --git a/app/rest/docker/containerTop.js b/app/rest/docker/containerTop.js
deleted file mode 100644
index 57e51d51c..000000000
--- a/app/rest/docker/containerTop.js
+++ /dev/null
@@ -1,17 +0,0 @@
-angular.module('portainer.rest')
-.factory('ContainerTop', ['$http', 'API_ENDPOINT_ENDPOINTS', 'EndpointProvider', function ($http, API_ENDPOINT_ENDPOINTS, EndpointProvider) {
-  'use strict';
-  return {
-    get: function (id, params, callback, errorCallback) {
-      $http({
-        method: 'GET',
-        url: API_ENDPOINT_ENDPOINTS + '/' + EndpointProvider.endpointID() + '/docker/containers/' + id + '/top',
-        params: {
-          ps_args: params.ps_args
-        }
-      }).success(callback).error(function (data, status, headers, config) {
-        console.log(data);
-      });
-    }
-  };
-}]);
diff --git a/app/services/chartService.js b/app/services/chartService.js
new file mode 100644
index 000000000..5dcacce80
--- /dev/null
+++ b/app/services/chartService.js
@@ -0,0 +1,251 @@
+angular.module('portainer.services')
+.factory('ChartService', [function ChartService() {
+  'use strict';
+
+  // Max. number of items to display on a chart
+  var CHART_LIMIT = 600;
+
+  var service = {};
+
+  service.CreateCPUChart = function(context) {
+    return new Chart(context, {
+      type: 'line',
+      data: {
+        labels: [],
+        datasets: [
+          {
+            label: 'CPU',
+            data: [],
+            fill: true,
+            backgroundColor: 'rgba(151,187,205,0.4)',
+            borderColor: 'rgba(151,187,205,0.6)',
+            pointBackgroundColor: 'rgba(151,187,205,1)',
+            pointBorderColor: 'rgba(151,187,205,1)',
+            pointRadius: 2,
+            borderWidth: 2
+          }
+        ]
+      },
+      options: {
+        animation: {
+          duration: 0
+        },
+        responsiveAnimationDuration: 0,
+        responsive: true,
+        tooltips: {
+          mode: 'index',
+          intersect: false,
+          position: 'nearest',
+          callbacks: {
+            label: function(tooltipItem, data) {
+              var datasetLabel = data.datasets[tooltipItem.datasetIndex].label;
+              return percentageBasedTooltipLabel(datasetLabel, tooltipItem.yLabel);
+            }
+          }
+        },
+        hover: {
+          animationDuration: 0
+        },
+        scales: {
+          yAxes: [
+            {
+              ticks: {
+                beginAtZero: true,
+                callback: percentageBasedAxisLabel
+              }
+            }
+          ]
+        }
+      }
+    });
+  };
+
+  service.CreateMemoryChart = function(context) {
+    return new Chart(context, {
+      type: 'line',
+      data: {
+        labels: [],
+        datasets: [
+          {
+            label: 'Memory',
+            data: [],
+            fill: true,
+            backgroundColor: 'rgba(151,187,205,0.4)',
+            borderColor: 'rgba(151,187,205,0.6)',
+            pointBackgroundColor: 'rgba(151,187,205,1)',
+            pointBorderColor: 'rgba(151,187,205,1)',
+            pointRadius: 2,
+            borderWidth: 2
+          }
+        ]
+      },
+      options: {
+        animation: {
+          duration: 0
+        },
+        responsiveAnimationDuration: 0,
+        responsive: true,
+        tooltips: {
+          mode: 'index',
+          intersect: false,
+          position: 'nearest',
+          callbacks: {
+            label: function(tooltipItem, data) {
+              var datasetLabel = data.datasets[tooltipItem.datasetIndex].label;
+              return byteBasedTooltipLabel(datasetLabel, tooltipItem.yLabel);
+            }
+          }
+        },
+        hover: {
+          animationDuration: 0
+        },
+        scales: {
+          yAxes: [
+            {
+              ticks: {
+                beginAtZero: true,
+                callback: byteBasedAxisLabel
+              }
+            }
+          ]
+        }
+      }
+    });
+  };
+
+  service.CreateNetworkChart = function(context) {
+    return new Chart(context, {
+      type: 'line',
+      data: {
+        labels: [],
+        datasets: [
+          {
+            label: 'RX on eth0',
+            data: [],
+            fill: false,
+            backgroundColor: 'rgba(151,187,205,0.4)',
+            borderColor: 'rgba(151,187,205,0.6)',
+            pointBackgroundColor: 'rgba(151,187,205,1)',
+            pointBorderColor: 'rgba(151,187,205,1)',
+            pointRadius: 2,
+            borderWidth: 2
+          },
+          {
+            label: 'TX on eth0',
+            data: [],
+            fill: false,
+            backgroundColor: 'rgba(255,180,174,0.5)',
+            borderColor: 'rgba(255,180,174,0.7)',
+            pointBackgroundColor: 'rgba(255,180,174,1)',
+            pointBorderColor: 'rgba(255,180,174,1)',
+            pointRadius: 2,
+            borderWidth: 2
+          }
+        ]
+      },
+      options: {
+        animation: {
+          duration: 0
+        },
+        responsiveAnimationDuration: 0,
+        responsive: true,
+        tooltips: {
+          mode: 'index',
+          intersect: false,
+          position: 'average',
+          callbacks: {
+            label: function(tooltipItem, data) {
+              var datasetLabel = data.datasets[tooltipItem.datasetIndex].label;
+              return byteBasedTooltipLabel(datasetLabel, tooltipItem.yLabel);
+            }
+          }
+        },
+        hover: {
+          animationDuration: 0
+        },
+        scales: {
+          yAxes: [{
+            ticks: {
+              beginAtZero: true,
+              callback: byteBasedAxisLabel
+            }
+          }]
+        }
+      }
+    });
+  };
+
+  service.UpdateMemoryChart = function(label, value, chart) {
+    chart.data.labels.push(label);
+    chart.data.datasets[0].data.push(value);
+
+    if (chart.data.datasets[0].data.length > CHART_LIMIT) {
+      chart.data.labels.pop();
+      chart.data.datasets[0].data.pop();
+    }
+
+    chart.update(0);
+  };
+
+  service.UpdateCPUChart = function(label, value, chart) {
+    chart.data.labels.push(label);
+    chart.data.datasets[0].data.push(value);
+
+    if (chart.data.datasets[0].data.length > CHART_LIMIT) {
+      chart.data.labels.pop();
+      chart.data.datasets[0].data.pop();
+    }
+
+    chart.update(0);
+  };
+
+  service.UpdateNetworkChart = function(label, rx, tx, chart) {
+    chart.data.labels.push(label);
+    chart.data.datasets[0].data.push(rx);
+    chart.data.datasets[1].data.push(tx);
+
+    if (chart.data.datasets[0].data.length > CHART_LIMIT) {
+      chart.data.labels.pop();
+      chart.data.datasets[0].data.pop();
+      chart.data.datasets[1].data.pop();
+    }
+
+    chart.update(0);
+  };
+
+  function byteBasedTooltipLabel(label, value) {
+    var processedValue = 0;
+    if (value > 5) {
+      processedValue = filesize(value, {base: 10, round: 1});
+    } else {
+      processedValue = value.toFixed(1) + 'B';
+    }
+    return label + ': ' + processedValue;
+  }
+
+  function byteBasedAxisLabel(value, index, values) {
+    if (value > 5) {
+      return filesize(value, {base: 10, round: 1});
+    }
+    return value.toFixed(1) + 'B';
+  }
+
+  function percentageBasedAxisLabel(value, index, values) {
+    if (value > 1) {
+      return Math.round(value) + '%';
+    }
+    return value.toFixed(1) + '%';
+  }
+
+  function percentageBasedTooltipLabel(label, value) {
+    var processedValue = 0;
+    if (value > 1) {
+      processedValue = Math.round(value);
+    } else {
+      processedValue = value.toFixed(1);
+    }
+    return label + ': ' + processedValue + '%';
+  }
+
+  return service;
+}]);
diff --git a/app/services/docker/containerService.js b/app/services/docker/containerService.js
index ee946fec3..c9f302d56 100644
--- a/app/services/docker/containerService.js
+++ b/app/services/docker/containerService.js
@@ -3,6 +3,21 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
+  service.container = function(id) {
+    var deferred = $q.defer();
+
+    Container.get({ id: id }).$promise
+    .then(function success(data) {
+      var container = new ContainerDetailsViewModel(data);
+      deferred.resolve(container);
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: 'Unable to retrieve container information', err: err });
+    });
+
+    return deferred.promise;
+  };
+
   service.containers = function(all) {
     var deferred = $q.defer();
     Container.query({ all: all }).$promise
@@ -11,7 +26,7 @@ angular.module('portainer.services')
       deferred.resolve(containers);
     })
     .catch(function error(err) {
-      deferred.reject({ msg: 'Unable to retriever containers', err: err });
+      deferred.reject({ msg: 'Unable to retrieve containers', err: err });
     });
     return deferred.promise;
   };
@@ -105,5 +120,35 @@ angular.module('portainer.services')
     return deferred.promise;
   };
 
+  service.containerStats = function(id) {
+    var deferred = $q.defer();
+
+    Container.stats({id: id}).$promise
+    .then(function success(data) {
+      var containerStats = new ContainerStatsViewModel(data);
+      deferred.resolve(containerStats);
+    })
+    .catch(function error(err) {
+      deferred.reject(err);
+    });
+
+    return deferred.promise;
+  };
+
+  service.containerTop = function(id) {
+    var deferred = $q.defer();
+
+    Container.top({id: id}).$promise
+    .then(function success(data) {
+      var containerTop = data;
+      deferred.resolve(containerTop);
+    })
+    .catch(function error(err) {
+      deferred.reject(err);
+    });
+
+    return deferred.promise;
+  };
+
   return service;
 }]);
diff --git a/assets/js/legend.js b/assets/js/legend.js
deleted file mode 100644
index 7b7933a46..000000000
--- a/assets/js/legend.js
+++ /dev/null
@@ -1,19 +0,0 @@
-/*
- * legend.js v0.2.0
- * License: MIT
- */
-function legend(parent, data) {
-    parent.className = 'legend';
-    var datas = data.hasOwnProperty('datasets') ? data.datasets : data;
-
-    datas.forEach(function(d) {
-        var title = document.createElement('span');
-        title.className = 'title';
-        title.style.borderColor = d.hasOwnProperty('strokeColor') ? d.strokeColor : d.color;
-        title.style.borderStyle = 'solid';
-        parent.appendChild(title);
-
-        var text = document.createTextNode(d.title);
-        title.appendChild(text);
-    });
-}
diff --git a/bower.json b/bower.json
index a61ae1b8c..3fb1da483 100644
--- a/bower.json
+++ b/bower.json
@@ -24,7 +24,6 @@
     "tests"
   ],
   "dependencies": {
-    "Chart.js": "1.0.2",
     "angular": "~1.5.0",
     "angular-cookies": "~1.5.0",
     "angular-bootstrap": "~2.5.0",
@@ -49,7 +48,8 @@
     "bootbox.js": "bootbox#^4.4.0",
     "angular-multi-select": "~4.0.0",
     "toastr": "~2.1.3",
-    "xterm.js": "~2.8.1"
+    "xterm.js": "~2.8.1",
+    "chart.js": "~2.6.0"
   },
   "resolutions": {
     "angular": "1.5.11"
diff --git a/vendor.yml b/vendor.yml
index 4c1e83937..f4846a4e0 100644
--- a/vendor.yml
+++ b/vendor.yml
@@ -5,15 +5,14 @@ js:
   - bower_components/bootstrap/dist/js/bootstrap.js
   - bower_components/angular-multi-select/isteven-multi-select.js
   - bower_components/bootbox.js/bootbox.js
-  - bower_components/Chart.js/Chart.js
   - bower_components/filesize/lib/filesize.js
   - bower_components/lodash/dist/lodash.js
   - bower_components/moment/moment.js
+  - bower_components/chart.js/dist/Chart.js
   - bower_components/splitargs/src/splitargs.js
   - bower_components/toastr/toastr.js
   - bower_components/xterm.js/dist/xterm.js
   - bower_components/xterm.js/dist/addons/fit/fit.js
-  - assets/js/legend.js
   minified:
   - bower_components/jquery/dist/jquery.min.js
   - bower_components/bootstrap/dist/js/bootstrap.min.js
@@ -23,11 +22,11 @@ js:
   - bower_components/filesize/lib/filesize.min.js
   - bower_components/lodash/dist/lodash.min.js
   - bower_components/moment/min/moment.min.js
+  - bower_components/chart.js/dist/Chart.min.js
   - bower_components/splitargs/src/splitargs.js
   - bower_components/toastr/toastr.min.js
   - bower_components/xterm.js/dist/xterm.js
   - bower_components/xterm.js/dist/addons/fit/fit.js
-  - assets/js/legend.js
 css:
   regular:
   - bower_components/bootstrap/dist/css/bootstrap.css
@@ -71,4 +70,4 @@ angular:
   - bower_components/angular-ui-select/dist/select.min.js
   - bower_components/angular-ui-router/release/angular-ui-router.min.js
   - bower_components/angular-utils-pagination/dirPagination.js
-  - bower_components/ng-file-upload/ng-file-upload.min.js
\ No newline at end of file
+  - bower_components/ng-file-upload/ng-file-upload.min.js

From 56604a5445d929618392db469530a128fc360f25 Mon Sep 17 00:00:00 2001
From: Adrian Kirchner <mail@adrian-kirchner.com>
Date: Sun, 10 Sep 2017 10:00:48 +0200
Subject: [PATCH 16/33] fix(cli): fix wrong default value for --no-analytics
 (#1185)

---
 api/cli/cli.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/cli/cli.go b/api/cli/cli.go
index 80308d41a..dfca35923 100644
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -36,7 +36,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		Assets:            kingpin.Flag("assets", "Path to the assets").Default(defaultAssetsDirectory).Short('a').String(),
 		Data:              kingpin.Flag("data", "Path to the folder where the data is stored").Default(defaultDataDirectory).Short('d').String(),
 		NoAuth:            kingpin.Flag("no-auth", "Disable authentication").Default(defaultNoAuth).Bool(),
-		NoAnalytics:       kingpin.Flag("no-analytics", "Disable Analytics in app").Default(defaultNoAuth).Bool(),
+		NoAnalytics:       kingpin.Flag("no-analytics", "Disable Analytics in app").Default(defaultNoAnalytics).Bool(),
 		TLSVerify:         kingpin.Flag("tlsverify", "TLS support").Default(defaultTLSVerify).Bool(),
 		TLSCacert:         kingpin.Flag("tlscacert", "Path to the CA").Default(defaultTLSCACertPath).String(),
 		TLSCert:           kingpin.Flag("tlscert", "Path to the TLS certificate file").Default(defaultTLSCertPath).String(),

From be4f3ec81d57a367c12f1c0155d9e2b56ed99b0d Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Mon, 11 Sep 2017 10:36:18 +0200
Subject: [PATCH 17/33] fix(admin-init): do not redirect to endpoint-init if at
 least one endpoint is defined

---
 .../initAdmin/initAdminController.js          | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/components/initAdmin/initAdminController.js b/app/components/initAdmin/initAdminController.js
index a78fa7854..a396cbd17 100644
--- a/app/components/initAdmin/initAdminController.js
+++ b/app/components/initAdmin/initAdminController.js
@@ -1,6 +1,6 @@
 angular.module('initAdmin', [])
-.controller('InitAdminController', ['$scope', '$state', '$sanitize', 'Notifications', 'Authentication', 'StateManager', 'UserService',
-function ($scope, $state, $sanitize, Notifications, Authentication, StateManager, UserService) {
+.controller('InitAdminController', ['$scope', '$state', '$sanitize', 'Notifications', 'Authentication', 'StateManager', 'UserService', 'EndpointService', 'EndpointProvider',
+function ($scope, $state, $sanitize, Notifications, Authentication, StateManager, UserService, EndpointService, EndpointProvider) {
 
   $scope.logo = StateManager.getState().application.logo;
 
@@ -20,7 +20,23 @@ function ($scope, $state, $sanitize, Notifications, Authentication, StateManager
       return Authentication.login(username, password);
     })
     .then(function success() {
-      $state.go('init.endpoint');
+      return EndpointService.endpoints();
+    })
+    .then(function success(data) {
+      var endpoints = data;
+      if (endpoints.length > 0)  {
+        var endpoint = endpoints[0];
+        EndpointProvider.setEndpointID(endpoint.Id);
+        StateManager.updateEndpointState(true)
+        .then(function success(data) {
+          $state.go('dashboard');
+        })
+        .catch(function error(err) {
+          Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
+        });
+      } else {
+        $state.go('init.endpoint');
+      }
     })
     .catch(function error(err) {
       Notifications.error('Failure', err, 'Unable to create administrator user');

From 87825f7ebbaed55559cb61d2f4f898c37664d8f6 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Thu, 14 Sep 2017 08:04:59 +0200
Subject: [PATCH 18/33] feat(swarm-visualizer): add the swarm-visualizer view
 (#1190)

---
 app/app.js                                    | 19 ++++-
 app/components/swarm/swarm.html               |  7 ++
 .../swarmVisualizer/swarmVisualizer.html      | 83 +++++++++++++++++++
 .../swarmVisualizerController.js              | 74 +++++++++++++++++
 app/filters/filters.js                        | 14 ++++
 app/services/docker/nodeService.js            |  2 +-
 app/services/docker/serviceService.js         | 17 ++++
 app/services/docker/taskService.js            | 17 ++++
 assets/css/app.css                            | 77 +++++++++++++++++
 9 files changed, 307 insertions(+), 3 deletions(-)
 create mode 100644 app/components/swarmVisualizer/swarmVisualizer.html
 create mode 100644 app/components/swarmVisualizer/swarmVisualizerController.js

diff --git a/app/app.js b/app/app.js
index 49e424aff..a71659b44 100644
--- a/app/app.js
+++ b/app/app.js
@@ -56,6 +56,7 @@ angular.module('portainer', [
   'settingsAuthentication',
   'sidebar',
   'swarm',
+  'swarmVisualizer',
   'task',
   'team',
   'teams',
@@ -735,7 +736,7 @@ angular.module('portainer', [
       }
     })
     .state('swarm', {
-      url: '/swarm/',
+      url: '/swarm',
       views: {
         'content@': {
           templateUrl: 'app/components/swarm/swarm.html',
@@ -746,7 +747,21 @@ angular.module('portainer', [
           controller: 'SidebarController'
         }
       }
-    });
+    })
+    .state('swarm.visualizer', {
+      url: '/visualizer',
+      views: {
+        'content@': {
+          templateUrl: 'app/components/swarmVisualizer/swarmVisualizer.html',
+          controller: 'SwarmVisualizerController'
+        },
+        'sidebar@': {
+          templateUrl: 'app/components/sidebar/sidebar.html',
+          controller: 'SidebarController'
+        }
+      }
+    })
+    ;
   }])
   .run(['$rootScope', '$state', 'Authentication', 'authManager', 'StateManager', 'EndpointProvider', 'Notifications', 'Analytics', function ($rootScope, $state, Authentication, authManager, StateManager, EndpointProvider, Notifications, Analytics) {
     EndpointProvider.initialize();
diff --git a/app/components/swarm/swarm.html b/app/components/swarm/swarm.html
index f07b3d296..c585b0cb3 100644
--- a/app/components/swarm/swarm.html
+++ b/app/components/swarm/swarm.html
@@ -58,6 +58,13 @@
               <td>Go version</td>
               <td>{{ docker.GoVersion }}</td>
             </tr>
+            <tr ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE'">
+              <td colspan="2">
+                <div class="btn-group" role="group" aria-label="...">
+                  <a class="btn btn-outline-secondary" type="button" ui-sref="swarm.visualizer"><i class="fa fa-object-group space-right" aria-hidden="true"></i>Go to cluster visualizer</a>
+                </div>
+              </td>
+            </tr>
           </tbody>
         </table>
       </rd-widget-body>
diff --git a/app/components/swarmVisualizer/swarmVisualizer.html b/app/components/swarmVisualizer/swarmVisualizer.html
new file mode 100644
index 000000000..373f9f899
--- /dev/null
+++ b/app/components/swarmVisualizer/swarmVisualizer.html
@@ -0,0 +1,83 @@
+<rd-header>
+  <rd-header-title title="Swarm visualizer">
+    <a data-toggle="tooltip" title="Refresh" ui-sref="swarm.visualizer" ui-sref-opts="{reload: true}">
+      <i class="fa fa-refresh" aria-hidden="true"></i>
+    </a>
+    <i id="loadingViewSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+  </rd-header-title>
+  <rd-header-content>
+    <a ui-sref="swarm">Swarm</a> &gt; <a ui-sref="swarm.visualizer">Cluster visualizer</a>
+  </rd-header-content>
+</rd-header>
+
+<div class="row">
+  <div class="col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-object-group" title="Cluster information">
+        <div class="pull-right">
+          <button type="button" class="btn btn-sm btn-primary" ng-click="state.ShowInformationPanel = true;" ng-if="!state.ShowInformationPanel">Show</button>
+          <button type="button" class="btn btn-sm btn-primary" ng-click="state.ShowInformationPanel = false;" ng-if="state.ShowInformationPanel">Hide</button>
+        </div>
+      </rd-widget-header>
+      <rd-widget-body ng-if="state.ShowInformationPanel">
+        <table class="table">
+          <tbody>
+            <tr>
+              <td>Nodes</td>
+              <td>{{ nodes.length }}</td>
+            </tr>
+            <tr>
+              <td>Services</td>
+              <td>{{ services.length }}</td>
+            </tr>
+            <tr>
+              <td>Tasks</td>
+              <td>{{ tasks.length }}</td>
+            </tr>
+          </tbody>
+        </table>
+        <form class="form-horizontal">
+          <div class="col-sm-12 form-section-title">
+            Filters
+          </div>
+          <div class="form-group">
+            <div class="col-sm-12">
+              <label class="control-label text-left">
+                Only display running tasks
+              </label>
+              <label class="switch" style="margin-left: 20px;">
+                <input type="checkbox" ng-model="state.DisplayOnlyRunningTasks"><i></i>
+              </label>
+            </div>
+          </div>
+        </form>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>
+
+<div class="row" ng-if="visualizerData">
+  <div class="col-sm-12">
+    <rd-widget>
+      <rd-widget-header icon="fa-object-group" title="Cluster visualizer"></rd-widget-header>
+      <rd-widget-body>
+        <div class="visualizer_container">
+          <div class="node" ng-repeat="node in visualizerData.nodes track by $index">
+            <div class="node_info">
+              <div><b>{{ node.Hostname }}</b></div>
+              <div>{{ node.Role }}</div>
+            </div>
+            <div class="tasks">
+              <div class="task task_{{ task.Status.State | visualizerTask }}" ng-repeat="task in node.Tasks | filter: (state.DisplayOnlyRunningTasks || '') && { Status: { State: 'running' } }">
+                <div class="service_name">{{ task.ServiceName }}</div>
+                <div>Image: {{ task.Spec.ContainerSpec.Image | hideshasum }}</div>
+                <div>Status: {{ task.Status.State }}</div>
+                <div>Update: {{ task.Updated | getisodate }}</div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </rd-widget-body>
+    </rd-widget>
+  </div>
+</div>
diff --git a/app/components/swarmVisualizer/swarmVisualizerController.js b/app/components/swarmVisualizer/swarmVisualizerController.js
new file mode 100644
index 000000000..c4aabeb4c
--- /dev/null
+++ b/app/components/swarmVisualizer/swarmVisualizerController.js
@@ -0,0 +1,74 @@
+angular.module('swarmVisualizer', [])
+.controller('SwarmVisualizerController', ['$q', '$scope', '$document', 'NodeService', 'ServiceService', 'TaskService', 'Notifications',
+function ($q, $scope, $document, NodeService, ServiceService, TaskService, Notifications) {
+
+  $scope.state = {
+    ShowInformationPanel: true,
+    DisplayOnlyRunningTasks: false
+  };
+
+  function assignServiceName(services, tasks) {
+    for (var i = 0; i < services.length; i++) {
+      var service = services[i];
+
+      for (var j = 0; j < tasks.length; j++) {
+        var task = tasks[j];
+
+        if (task.ServiceId === service.Id) {
+          task.ServiceName = service.Name;
+        }
+      }
+    }
+  }
+
+  function assignTasksToNode(nodes, tasks) {
+    for (var i = 0; i < nodes.length; i++) {
+      var node = nodes[i];
+      node.Tasks = [];
+
+      for (var j = 0; j < tasks.length; j++) {
+        var task = tasks[j];
+
+        if (task.NodeId === node.Id) {
+          node.Tasks.push(task);
+        }
+      }
+    }
+  }
+
+  function prepareVisualizerData(nodes, services, tasks) {
+    var visualizerData = {};
+
+    assignServiceName(services, tasks);
+    assignTasksToNode(nodes, tasks);
+
+    visualizerData.nodes = nodes;
+    $scope.visualizerData = visualizerData;
+  }
+
+  function initView() {
+    $('#loadingViewSpinner').show();
+    $q.all({
+      nodes: NodeService.nodes(),
+      services: ServiceService.services(),
+      tasks: TaskService.tasks()
+    })
+    .then(function success(data) {
+      var nodes = data.nodes;
+      $scope.nodes = nodes;
+      var services = data.services;
+      $scope.services = services;
+      var tasks = data.tasks;
+      $scope.tasks = tasks;
+      prepareVisualizerData(nodes, services, tasks);
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'Unable to initialize cluster visualizer');
+    })
+    .finally(function final() {
+      $('#loadingViewSpinner').hide();
+    });
+  }
+
+  initView();
+}]);
diff --git a/app/filters/filters.js b/app/filters/filters.js
index b4cac3fe0..e1d61bd95 100644
--- a/app/filters/filters.js
+++ b/app/filters/filters.js
@@ -37,6 +37,20 @@ angular.module('portainer.filters', [])
     }
   };
 })
+.filter('visualizerTask', function () {
+  'use strict';
+  return function (text) {
+    var status = _.toLower(text);
+    if (includeString(status, ['new', 'allocated', 'assigned', 'accepted', 'complete', 'preparing'])) {
+      return 'info';
+    } else if (includeString(status, ['pending'])) {
+      return 'warning';
+    } else if (includeString(status, ['shutdown', 'failed', 'rejected'])) {
+      return 'stopped';
+    }
+    return 'running';
+  };
+})
 .filter('taskstatusbadge', function () {
   'use strict';
   return function (text) {
diff --git a/app/services/docker/nodeService.js b/app/services/docker/nodeService.js
index 2fb394a58..6ccafb318 100644
--- a/app/services/docker/nodeService.js
+++ b/app/services/docker/nodeService.js
@@ -3,7 +3,7 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
-  service.nodes = function(id) {
+  service.nodes = function() {
     var deferred = $q.defer();
 
     Node.query({}).$promise
diff --git a/app/services/docker/serviceService.js b/app/services/docker/serviceService.js
index 939f1875e..0020c3412 100644
--- a/app/services/docker/serviceService.js
+++ b/app/services/docker/serviceService.js
@@ -3,6 +3,23 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
+  service.services = function() {
+    var deferred = $q.defer();
+
+    Service.query().$promise
+    .then(function success(data) {
+      var services = data.map(function (item) {
+        return new ServiceViewModel(item);
+      });
+      deferred.resolve(services);
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: 'Unable to retrieve services', err: err });
+    });
+
+    return deferred.promise;
+  };
+
   service.service = function(id) {
     var deferred = $q.defer();
 
diff --git a/app/services/docker/taskService.js b/app/services/docker/taskService.js
index 55b9b4f67..44dab1922 100644
--- a/app/services/docker/taskService.js
+++ b/app/services/docker/taskService.js
@@ -3,6 +3,23 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
+  service.tasks = function() {
+    var deferred = $q.defer();
+
+    Task.query().$promise
+    .then(function success(data) {
+      var tasks = data.map(function (item) {
+        return new TaskViewModel(item);
+      });
+      deferred.resolve(tasks);
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: 'Unable to retrieve tasks', err: err });
+    });
+
+    return deferred.promise;
+  };
+
   service.task = function(id) {
     var deferred = $q.defer();
 
diff --git a/assets/css/app.css b/assets/css/app.css
index 795b5a722..74964a26b 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -474,6 +474,83 @@ ul.sidebar .sidebar-list .sidebar-sublist a.active {
   }
 }
 
+.visualizer_container {
+  display: flex;
+  flex-direction: row;
+  flex-wrap: wrap;
+  justify-content: space-around;
+}
+
+.visualizer_container .node {
+  border: 1px dashed #337ab7;
+  background-color: rgb(51, 122, 183);
+  background-color: rgba(51, 122, 183, 0.1);
+  border-radius: 4px;
+  box-shadow: 0 3px 10px -2px rgba(161, 170, 166, 0.5);
+  padding: 15px;
+  margin: 5px;
+}
+
+.visualizer_container .node .node_info {
+  display: flex;
+  flex-direction: column;
+  justify-content: center;
+  text-align: center;
+  border-bottom: 1px solid #777;
+  padding-bottom: 10px;
+}
+
+.visualizer_container .node .tasks {
+  display: flex;
+  flex-direction: column;
+  margin-top: 5px;
+}
+
+.visualizer_container .node .tasks .task {
+  border: 1px solid #333333;
+  border-radius: 2px;
+  box-shadow: 0 3px 10px -2px rgba(161, 170, 166, 0.5);
+  padding: 10px;
+  margin: 5px;
+}
+
+.visualizer_container .node .tasks .task div {
+  padding: 2px;
+}
+
+.visualizer_container .node .tasks .task_running {
+  border: 2px solid #23ae89;
+  border-radius: 4px;
+  background-color: rgb(35, 174, 137);
+  background-color: rgba(35, 174, 137, 0.2);
+}
+
+.visualizer_container .node .tasks .task_stopped {
+  border: 2px solid #ae2323;
+  border-radius: 4px;
+  background-color: rgb(174, 35, 35);
+  background-color: rgba(174, 35, 35, 0.2);
+}
+
+.visualizer_container .node .tasks .task_warning {
+  border: 2px solid #f0ad4e;
+  border-radius: 4px;
+  background-color: rgb(240, 173, 78);
+  background-color: rgba(240, 173, 78, 0.2);
+}
+
+.visualizer_container .node .tasks .task_info {
+  border: 2px solid #46b8da;
+  border-radius: 4px;
+  background-color: rgb(70, 184, 218);
+  background-color: rgba(70, 184, 218, 0.2);
+}
+
+.visualizer_container .node .tasks .task .service_name {
+  text-align: center;
+  margin-bottom: 5px;
+}
+
 /*bootbox override*/
 .modal-open {
   padding-right: 0 !important;

From 8d4807c9e7dae17d51607c73c4a299062915e513 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Thu, 14 Sep 2017 08:08:37 +0200
Subject: [PATCH 19/33] feat(api): TLS endpoint creation and init overhaul
 (#1173)

---
 api/bolt/migrate_dbversion2.go                |   2 +-
 api/bolt/migrate_dbversion3.go                |  27 ++
 api/bolt/migrator.go                          |  16 +-
 api/cmd/portainer/main.go                     |  15 +-
 api/cron/endpoint_sync.go                     |  67 ++-
 api/crypto/tls.go                             |  45 +-
 api/file/file.go                              |  25 +-
 api/http/handler/endpoint.go                  |  89 ++--
 api/http/handler/websocket.go                 |   4 +-
 api/http/proxy/factory.go                     |   2 +-
 api/http/proxy/manager.go                     |   2 +-
 api/ldap/ldap.go                              |   2 +-
 api/portainer.go                              |  49 ++-
 api/swagger.yaml                              | 400 +++++++++++-------
 app/components/endpoint/endpoint.html         |  73 +---
 app/components/endpoint/endpointController.js |  60 +--
 app/components/endpoints/endpoints.html       |  80 +---
 .../endpoints/endpointsController.js          |  25 +-
 .../initAdmin/initAdminController.js          |  17 +-
 app/components/initEndpoint/initEndpoint.html |  89 ++--
 .../initEndpoint/initEndpointController.js    |  33 +-
 .../endpointSecurity/por-endpoint-security.js |  12 +
 .../endpointSecurity/porEndpointSecurity.html | 126 ++++++
 .../porEndpointSecurityController.js          |  32 ++
 .../porEndpointSecurityModel.js               |   7 +
 app/services/api/endpointService.js           |  10 +-
 26 files changed, 828 insertions(+), 481 deletions(-)
 create mode 100644 api/bolt/migrate_dbversion3.go
 create mode 100644 app/directives/endpointSecurity/por-endpoint-security.js
 create mode 100644 app/directives/endpointSecurity/porEndpointSecurity.html
 create mode 100644 app/directives/endpointSecurity/porEndpointSecurityController.js
 create mode 100644 app/directives/endpointSecurity/porEndpointSecurityModel.js

diff --git a/api/bolt/migrate_dbversion2.go b/api/bolt/migrate_dbversion2.go
index 86059736d..38a3e4b50 100644
--- a/api/bolt/migrate_dbversion2.go
+++ b/api/bolt/migrate_dbversion2.go
@@ -2,7 +2,7 @@ package bolt
 
 import "github.com/portainer/portainer"
 
-func (m *Migrator) updateSettingsToVersion3() error {
+func (m *Migrator) updateSettingsToDBVersion3() error {
 	legacySettings, err := m.SettingsService.Settings()
 	if err != nil {
 		return err
diff --git a/api/bolt/migrate_dbversion3.go b/api/bolt/migrate_dbversion3.go
new file mode 100644
index 000000000..d8679ca68
--- /dev/null
+++ b/api/bolt/migrate_dbversion3.go
@@ -0,0 +1,27 @@
+package bolt
+
+import "github.com/portainer/portainer"
+
+func (m *Migrator) updateEndpointsToDBVersion4() error {
+	legacyEndpoints, err := m.EndpointService.Endpoints()
+	if err != nil {
+		return err
+	}
+
+	for _, endpoint := range legacyEndpoints {
+		endpoint.TLSConfig = portainer.TLSConfiguration{}
+		if endpoint.TLS {
+			endpoint.TLSConfig.TLS = true
+			endpoint.TLSConfig.TLSSkipVerify = false
+			endpoint.TLSConfig.TLSCACertPath = endpoint.TLSCACertPath
+			endpoint.TLSConfig.TLSCertPath = endpoint.TLSCertPath
+			endpoint.TLSConfig.TLSKeyPath = endpoint.TLSKeyPath
+		}
+		err = m.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/api/bolt/migrator.go b/api/bolt/migrator.go
index 297afb867..faba56157 100644
--- a/api/bolt/migrator.go
+++ b/api/bolt/migrator.go
@@ -30,7 +30,7 @@ func NewMigrator(store *Store, version int) *Migrator {
 func (m *Migrator) Migrate() error {
 
 	// Portainer < 1.12
-	if m.CurrentDBVersion == 0 {
+	if m.CurrentDBVersion < 1 {
 		err := m.updateAdminUserToDBVersion1()
 		if err != nil {
 			return err
@@ -38,7 +38,7 @@ func (m *Migrator) Migrate() error {
 	}
 
 	// Portainer 1.12.x
-	if m.CurrentDBVersion == 1 {
+	if m.CurrentDBVersion < 2 {
 		err := m.updateResourceControlsToDBVersion2()
 		if err != nil {
 			return err
@@ -50,8 +50,16 @@ func (m *Migrator) Migrate() error {
 	}
 
 	// Portainer 1.13.x
-	if m.CurrentDBVersion == 2 {
-		err := m.updateSettingsToVersion3()
+	if m.CurrentDBVersion < 3 {
+		err := m.updateSettingsToDBVersion3()
+		if err != nil {
+			return err
+		}
+	}
+
+	// Portainer 1.14.0
+	if m.CurrentDBVersion < 4 {
+		err := m.updateEndpointsToDBVersion4()
 		if err != nil {
 			return err
 		}
diff --git a/api/cmd/portainer/main.go b/api/cmd/portainer/main.go
index bb9839907..6f202ec32 100644
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -191,12 +191,15 @@ func main() {
 		}
 		if len(endpoints) == 0 {
 			endpoint := &portainer.Endpoint{
-				Name:            "primary",
-				URL:             *flags.Endpoint,
-				TLS:             *flags.TLSVerify,
-				TLSCACertPath:   *flags.TLSCacert,
-				TLSCertPath:     *flags.TLSCert,
-				TLSKeyPath:      *flags.TLSKey,
+				Name: "primary",
+				URL:  *flags.Endpoint,
+				TLSConfig: portainer.TLSConfiguration{
+					TLS:           *flags.TLSVerify,
+					TLSSkipVerify: false,
+					TLSCACertPath: *flags.TLSCacert,
+					TLSCertPath:   *flags.TLSCert,
+					TLSKeyPath:    *flags.TLSKey,
+				},
 				AuthorizedUsers: []portainer.UserID{},
 				AuthorizedTeams: []portainer.TeamID{},
 			}
diff --git a/api/cron/endpoint_sync.go b/api/cron/endpoint_sync.go
index 9fbb634dc..6b9926665 100644
--- a/api/cron/endpoint_sync.go
+++ b/api/cron/endpoint_sync.go
@@ -22,6 +22,16 @@ type (
 		endpointsToUpdate []*portainer.Endpoint
 		endpointsToDelete []*portainer.Endpoint
 	}
+
+	fileEndpoint struct {
+		Name          string `json:"Name"`
+		URL           string `json:"URL"`
+		TLS           bool   `json:"TLS,omitempty"`
+		TLSSkipVerify bool   `json:"TLSSkipVerify,omitempty"`
+		TLSCACert     string `json:"TLSCACert,omitempty"`
+		TLSCert       string `json:"TLSCert,omitempty"`
+		TLSKey        string `json:"TLSKey,omitempty"`
+	}
 )
 
 const (
@@ -55,6 +65,28 @@ func isValidEndpoint(endpoint *portainer.Endpoint) bool {
 	return false
 }
 
+func convertFileEndpoints(fileEndpoints []fileEndpoint) []portainer.Endpoint {
+	convertedEndpoints := make([]portainer.Endpoint, 0)
+
+	for _, e := range fileEndpoints {
+		endpoint := portainer.Endpoint{
+			Name:      e.Name,
+			URL:       e.URL,
+			TLSConfig: portainer.TLSConfiguration{},
+		}
+		if e.TLS {
+			endpoint.TLSConfig.TLS = true
+			endpoint.TLSConfig.TLSSkipVerify = e.TLSSkipVerify
+			endpoint.TLSConfig.TLSCACertPath = e.TLSCACert
+			endpoint.TLSConfig.TLSCertPath = e.TLSCert
+			endpoint.TLSConfig.TLSKeyPath = e.TLSKey
+		}
+		convertedEndpoints = append(convertedEndpoints, endpoint)
+	}
+
+	return convertedEndpoints
+}
+
 func endpointExists(endpoint *portainer.Endpoint, endpoints []portainer.Endpoint) int {
 	for idx, v := range endpoints {
 		if endpoint.Name == v.Name && isValidEndpoint(&v) {
@@ -66,22 +98,25 @@ func endpointExists(endpoint *portainer.Endpoint, endpoints []portainer.Endpoint
 
 func mergeEndpointIfRequired(original, updated *portainer.Endpoint) *portainer.Endpoint {
 	var endpoint *portainer.Endpoint
-	if original.URL != updated.URL || original.TLS != updated.TLS ||
-		(updated.TLS && original.TLSCACertPath != updated.TLSCACertPath) ||
-		(updated.TLS && original.TLSCertPath != updated.TLSCertPath) ||
-		(updated.TLS && original.TLSKeyPath != updated.TLSKeyPath) {
+	if original.URL != updated.URL || original.TLSConfig.TLS != updated.TLSConfig.TLS ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSSkipVerify != updated.TLSConfig.TLSSkipVerify) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSCACertPath != updated.TLSConfig.TLSCACertPath) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSCertPath != updated.TLSConfig.TLSCertPath) ||
+		(updated.TLSConfig.TLS && original.TLSConfig.TLSKeyPath != updated.TLSConfig.TLSKeyPath) {
 		endpoint = original
 		endpoint.URL = updated.URL
-		if updated.TLS {
-			endpoint.TLS = true
-			endpoint.TLSCACertPath = updated.TLSCACertPath
-			endpoint.TLSCertPath = updated.TLSCertPath
-			endpoint.TLSKeyPath = updated.TLSKeyPath
+		if updated.TLSConfig.TLS {
+			endpoint.TLSConfig.TLS = true
+			endpoint.TLSConfig.TLSSkipVerify = updated.TLSConfig.TLSSkipVerify
+			endpoint.TLSConfig.TLSCACertPath = updated.TLSConfig.TLSCACertPath
+			endpoint.TLSConfig.TLSCertPath = updated.TLSConfig.TLSCertPath
+			endpoint.TLSConfig.TLSKeyPath = updated.TLSConfig.TLSKeyPath
 		} else {
-			endpoint.TLS = false
-			endpoint.TLSCACertPath = ""
-			endpoint.TLSCertPath = ""
-			endpoint.TLSKeyPath = ""
+			endpoint.TLSConfig.TLS = false
+			endpoint.TLSConfig.TLSSkipVerify = false
+			endpoint.TLSConfig.TLSCACertPath = ""
+			endpoint.TLSConfig.TLSCertPath = ""
+			endpoint.TLSConfig.TLSKeyPath = ""
 		}
 	}
 	return endpoint
@@ -141,7 +176,7 @@ func (job endpointSyncJob) Sync() error {
 		return err
 	}
 
-	var fileEndpoints []portainer.Endpoint
+	var fileEndpoints []fileEndpoint
 	err = json.Unmarshal(data, &fileEndpoints)
 	if endpointSyncError(err, job.logger) {
 		return err
@@ -156,7 +191,9 @@ func (job endpointSyncJob) Sync() error {
 		return err
 	}
 
-	sync := job.prepareSyncData(storedEndpoints, fileEndpoints)
+	convertedFileEndpoints := convertFileEndpoints(fileEndpoints)
+
+	sync := job.prepareSyncData(storedEndpoints, convertedFileEndpoints)
 	if sync.requireSync() {
 		err = job.endpointService.Synchronize(sync.endpointsToCreate, sync.endpointsToUpdate, sync.endpointsToDelete)
 		if endpointSyncError(err, job.logger) {
diff --git a/api/crypto/tls.go b/api/crypto/tls.go
index 9c3f1f192..3d22091d8 100644
--- a/api/crypto/tls.go
+++ b/api/crypto/tls.go
@@ -4,31 +4,38 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"io/ioutil"
+
+	"github.com/portainer/portainer"
 )
 
 // CreateTLSConfiguration initializes a tls.Config using a CA certificate, a certificate and a key
-func CreateTLSConfiguration(caCertPath, certPath, keyPath string, skipTLSVerify bool) (*tls.Config, error) {
+func CreateTLSConfiguration(config *portainer.TLSConfiguration) (*tls.Config, error) {
+	TLSConfig := &tls.Config{}
 
-	config := &tls.Config{}
+	if config.TLS {
+		if config.TLSCertPath != "" && config.TLSKeyPath != "" {
+			cert, err := tls.LoadX509KeyPair(config.TLSCertPath, config.TLSKeyPath)
+			if err != nil {
+				return nil, err
+			}
 
-	if certPath != "" && keyPath != "" {
-		cert, err := tls.LoadX509KeyPair(certPath, keyPath)
-		if err != nil {
-			return nil, err
+			TLSConfig.Certificates = []tls.Certificate{cert}
 		}
-		config.Certificates = []tls.Certificate{cert}
+
+		if !config.TLSSkipVerify {
+			caCert, err := ioutil.ReadFile(config.TLSCACertPath)
+			if err != nil {
+				return nil, err
+			}
+
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM(caCert)
+
+			TLSConfig.RootCAs = caCertPool
+		}
+
+		TLSConfig.InsecureSkipVerify = config.TLSSkipVerify
 	}
 
-	if caCertPath != "" {
-		caCert, err := ioutil.ReadFile(caCertPath)
-		if err != nil {
-			return nil, err
-		}
-		caCertPool := x509.NewCertPool()
-		caCertPool.AppendCertsFromPEM(caCert)
-		config.RootCAs = caCertPool
-	}
-
-	config.InsecureSkipVerify = skipTLSVerify
-	return config, nil
+	return TLSConfig, nil
 }
diff --git a/api/file/file.go b/api/file/file.go
index 75bcb99ec..c143fce0b 100644
--- a/api/file/file.go
+++ b/api/file/file.go
@@ -95,7 +95,7 @@ func (service *Service) GetPathForTLSFile(folder string, fileType portainer.TLSF
 	return path.Join(service.fileStorePath, TLSStorePath, folder, fileName), nil
 }
 
-// DeleteTLSFiles deletes a folder containing the TLS files for an endpoint.
+// DeleteTLSFiles deletes a folder in the TLS store path.
 func (service *Service) DeleteTLSFiles(folder string) error {
 	storePath := path.Join(service.fileStorePath, TLSStorePath, folder)
 	err := os.RemoveAll(storePath)
@@ -105,6 +105,29 @@ func (service *Service) DeleteTLSFiles(folder string) error {
 	return nil
 }
 
+// DeleteTLSFile deletes a specific TLS file from a folder.
+func (service *Service) DeleteTLSFile(folder string, fileType portainer.TLSFileType) error {
+	var fileName string
+	switch fileType {
+	case portainer.TLSFileCA:
+		fileName = TLSCACertFile
+	case portainer.TLSFileCert:
+		fileName = TLSCertFile
+	case portainer.TLSFileKey:
+		fileName = TLSKeyFile
+	default:
+		return portainer.ErrUndefinedTLSFileType
+	}
+
+	filePath := path.Join(service.fileStorePath, TLSStorePath, folder, fileName)
+
+	err := os.Remove(filePath)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 // createDirectoryInStoreIfNotExist creates a new directory in the file store if it doesn't exists on the file system.
 func (service *Service) createDirectoryInStoreIfNotExist(name string) error {
 	path := path.Join(service.fileStorePath, name)
diff --git a/api/http/handler/endpoint.go b/api/http/handler/endpoint.go
index 07950d790..1b052847e 100644
--- a/api/http/handler/endpoint.go
+++ b/api/http/handler/endpoint.go
@@ -57,10 +57,12 @@ func NewEndpointHandler(bouncer *security.RequestBouncer, authorizeEndpointManag
 
 type (
 	postEndpointsRequest struct {
-		Name      string `valid:"required"`
-		URL       string `valid:"required"`
-		PublicURL string `valid:"-"`
-		TLS       bool
+		Name                string `valid:"required"`
+		URL                 string `valid:"required"`
+		PublicURL           string `valid:"-"`
+		TLS                 bool
+		TLSSkipVerify       bool
+		TLSSkipClientVerify bool
 	}
 
 	postEndpointsResponse struct {
@@ -73,10 +75,12 @@ type (
 	}
 
 	putEndpointsRequest struct {
-		Name      string `valid:"-"`
-		URL       string `valid:"-"`
-		PublicURL string `valid:"-"`
-		TLS       bool   `valid:"-"`
+		Name                string `valid:"-"`
+		URL                 string `valid:"-"`
+		PublicURL           string `valid:"-"`
+		TLS                 bool   `valid:"-"`
+		TLSSkipVerify       bool   `valid:"-"`
+		TLSSkipClientVerify bool   `valid:"-"`
 	}
 )
 
@@ -123,10 +127,13 @@ func (handler *EndpointHandler) handlePostEndpoints(w http.ResponseWriter, r *ht
 	}
 
 	endpoint := &portainer.Endpoint{
-		Name:            req.Name,
-		URL:             req.URL,
-		PublicURL:       req.PublicURL,
-		TLS:             req.TLS,
+		Name:      req.Name,
+		URL:       req.URL,
+		PublicURL: req.PublicURL,
+		TLSConfig: portainer.TLSConfiguration{
+			TLS:           req.TLS,
+			TLSSkipVerify: req.TLSSkipVerify,
+		},
 		AuthorizedUsers: []portainer.UserID{},
 		AuthorizedTeams: []portainer.TeamID{},
 	}
@@ -139,12 +146,19 @@ func (handler *EndpointHandler) handlePostEndpoints(w http.ResponseWriter, r *ht
 
 	if req.TLS {
 		folder := strconv.Itoa(int(endpoint.ID))
-		caCertPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCA)
-		endpoint.TLSCACertPath = caCertPath
-		certPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCert)
-		endpoint.TLSCertPath = certPath
-		keyPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileKey)
-		endpoint.TLSKeyPath = keyPath
+
+		if !req.TLSSkipVerify {
+			caCertPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCA)
+			endpoint.TLSConfig.TLSCACertPath = caCertPath
+		}
+
+		if !req.TLSSkipClientVerify {
+			certPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCert)
+			endpoint.TLSConfig.TLSCertPath = certPath
+			keyPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileKey)
+			endpoint.TLSConfig.TLSKeyPath = keyPath
+		}
+
 		err = handler.EndpointService.UpdateEndpoint(endpoint.ID, endpoint)
 		if err != nil {
 			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
@@ -284,18 +298,33 @@ func (handler *EndpointHandler) handlePutEndpoint(w http.ResponseWriter, r *http
 
 	folder := strconv.Itoa(int(endpoint.ID))
 	if req.TLS {
-		endpoint.TLS = true
-		caCertPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCA)
-		endpoint.TLSCACertPath = caCertPath
-		certPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCert)
-		endpoint.TLSCertPath = certPath
-		keyPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileKey)
-		endpoint.TLSKeyPath = keyPath
+		endpoint.TLSConfig.TLS = true
+		endpoint.TLSConfig.TLSSkipVerify = req.TLSSkipVerify
+		if !req.TLSSkipVerify {
+			caCertPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCA)
+			endpoint.TLSConfig.TLSCACertPath = caCertPath
+		} else {
+			endpoint.TLSConfig.TLSCACertPath = ""
+			handler.FileService.DeleteTLSFile(folder, portainer.TLSFileCA)
+		}
+
+		if !req.TLSSkipClientVerify {
+			certPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileCert)
+			endpoint.TLSConfig.TLSCertPath = certPath
+			keyPath, _ := handler.FileService.GetPathForTLSFile(folder, portainer.TLSFileKey)
+			endpoint.TLSConfig.TLSKeyPath = keyPath
+		} else {
+			endpoint.TLSConfig.TLSCertPath = ""
+			handler.FileService.DeleteTLSFile(folder, portainer.TLSFileCert)
+			endpoint.TLSConfig.TLSKeyPath = ""
+			handler.FileService.DeleteTLSFile(folder, portainer.TLSFileKey)
+		}
 	} else {
-		endpoint.TLS = false
-		endpoint.TLSCACertPath = ""
-		endpoint.TLSCertPath = ""
-		endpoint.TLSKeyPath = ""
+		endpoint.TLSConfig.TLS = false
+		endpoint.TLSConfig.TLSSkipVerify = true
+		endpoint.TLSConfig.TLSCACertPath = ""
+		endpoint.TLSConfig.TLSCertPath = ""
+		endpoint.TLSConfig.TLSKeyPath = ""
 		err = handler.FileService.DeleteTLSFiles(folder)
 		if err != nil {
 			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
@@ -350,7 +379,7 @@ func (handler *EndpointHandler) handleDeleteEndpoint(w http.ResponseWriter, r *h
 		return
 	}
 
-	if endpoint.TLS {
+	if endpoint.TLSConfig.TLS {
 		err = handler.FileService.DeleteTLSFiles(id)
 		if err != nil {
 			httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, handler.Logger)
diff --git a/api/http/handler/websocket.go b/api/http/handler/websocket.go
index dbc4fd9f0..b57f02806 100644
--- a/api/http/handler/websocket.go
+++ b/api/http/handler/websocket.go
@@ -71,8 +71,8 @@ func (handler *WebSocketHandler) webSocketDockerExec(ws *websocket.Conn) {
 
 	// Should not be managed here
 	var tlsConfig *tls.Config
-	if endpoint.TLS {
-		tlsConfig, err = crypto.CreateTLSConfiguration(endpoint.TLSCACertPath, endpoint.TLSCertPath, endpoint.TLSKeyPath, false)
+	if endpoint.TLSConfig.TLS {
+		tlsConfig, err = crypto.CreateTLSConfiguration(&endpoint.TLSConfig)
 		if err != nil {
 			log.Fatalf("Unable to create TLS configuration: %s", err)
 			return
diff --git a/api/http/proxy/factory.go b/api/http/proxy/factory.go
index dc733149f..210ef54a0 100644
--- a/api/http/proxy/factory.go
+++ b/api/http/proxy/factory.go
@@ -24,7 +24,7 @@ func (factory *proxyFactory) newHTTPProxy(u *url.URL) http.Handler {
 func (factory *proxyFactory) newHTTPSProxy(u *url.URL, endpoint *portainer.Endpoint) (http.Handler, error) {
 	u.Scheme = "https"
 	proxy := factory.createReverseProxy(u)
-	config, err := crypto.CreateTLSConfiguration(endpoint.TLSCACertPath, endpoint.TLSCertPath, endpoint.TLSKeyPath, false)
+	config, err := crypto.CreateTLSConfiguration(&endpoint.TLSConfig)
 	if err != nil {
 		return nil, err
 	}
diff --git a/api/http/proxy/manager.go b/api/http/proxy/manager.go
index 8710c7a44..bdba2b216 100644
--- a/api/http/proxy/manager.go
+++ b/api/http/proxy/manager.go
@@ -37,7 +37,7 @@ func (manager *Manager) CreateAndRegisterProxy(endpoint *portainer.Endpoint) (ht
 	}
 
 	if endpointURL.Scheme == "tcp" {
-		if endpoint.TLS {
+		if endpoint.TLSConfig.TLS {
 			proxy, err = manager.proxyFactory.newHTTPSProxy(endpointURL, endpoint)
 			if err != nil {
 				return nil, err
diff --git a/api/ldap/ldap.go b/api/ldap/ldap.go
index 786332c35..8a280f754 100644
--- a/api/ldap/ldap.go
+++ b/api/ldap/ldap.go
@@ -52,7 +52,7 @@ func searchUser(username string, conn *ldap.Conn, settings []portainer.LDAPSearc
 func createConnection(settings *portainer.LDAPSettings) (*ldap.Conn, error) {
 
 	if settings.TLSConfig.TLS || settings.StartTLS {
-		config, err := crypto.CreateTLSConfiguration(settings.TLSConfig.TLSCACertPath, "", "", settings.TLSConfig.TLSSkipVerify)
+		config, err := crypto.CreateTLSConfiguration(&settings.TLSConfig)
 		if err != nil {
 			return nil, err
 		}
diff --git a/api/portainer.go b/api/portainer.go
index 69d8e9290..13d8b82e1 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -155,16 +155,20 @@ type (
 	// Endpoint represents a Docker endpoint with all the info required
 	// to connect to it.
 	Endpoint struct {
-		ID              EndpointID `json:"Id"`
-		Name            string     `json:"Name"`
-		URL             string     `json:"URL"`
-		PublicURL       string     `json:"PublicURL"`
-		TLS             bool       `json:"TLS"`
-		TLSCACertPath   string     `json:"TLSCACert,omitempty"`
-		TLSCertPath     string     `json:"TLSCert,omitempty"`
-		TLSKeyPath      string     `json:"TLSKey,omitempty"`
-		AuthorizedUsers []UserID   `json:"AuthorizedUsers"`
-		AuthorizedTeams []TeamID   `json:"AuthorizedTeams"`
+		ID              EndpointID       `json:"Id"`
+		Name            string           `json:"Name"`
+		URL             string           `json:"URL"`
+		PublicURL       string           `json:"PublicURL"`
+		TLSConfig       TLSConfiguration `json:"TLSConfig"`
+		AuthorizedUsers []UserID         `json:"AuthorizedUsers"`
+		AuthorizedTeams []TeamID         `json:"AuthorizedTeams"`
+
+		// Deprecated fields
+		// Deprecated in DBVersion == 4
+		TLS           bool   `json:"TLS,omitempty"`
+		TLSCACertPath string `json:"TLSCACert,omitempty"`
+		TLSCertPath   string `json:"TLSCert,omitempty"`
+		TLSKeyPath    string `json:"TLSKey,omitempty"`
 	}
 
 	// ResourceControlID represents a resource control identifier.
@@ -172,20 +176,18 @@ type (
 
 	// ResourceControl represent a reference to a Docker resource with specific access controls
 	ResourceControl struct {
-		ID                 ResourceControlID   `json:"Id"`
-		ResourceID         string              `json:"ResourceId"`
-		SubResourceIDs     []string            `json:"SubResourceIds"`
-		Type               ResourceControlType `json:"Type"`
-		AdministratorsOnly bool                `json:"AdministratorsOnly"`
-
-		UserAccesses []UserResourceAccess `json:"UserAccesses"`
-		TeamAccesses []TeamResourceAccess `json:"TeamAccesses"`
+		ID                 ResourceControlID    `json:"Id"`
+		ResourceID         string               `json:"ResourceId"`
+		SubResourceIDs     []string             `json:"SubResourceIds"`
+		Type               ResourceControlType  `json:"Type"`
+		AdministratorsOnly bool                 `json:"AdministratorsOnly"`
+		UserAccesses       []UserResourceAccess `json:"UserAccesses"`
+		TeamAccesses       []TeamResourceAccess `json:"TeamAccesses"`
 
 		// Deprecated fields
-		// Deprecated: OwnerID field is deprecated in DBVersion == 2
-		OwnerID UserID `json:"OwnerId"`
-		// Deprecated: AccessLevel field is deprecated in DBVersion == 2
-		AccessLevel ResourceAccessLevel `json:"AccessLevel"`
+		// Deprecated in DBVersion == 2
+		OwnerID     UserID              `json:"OwnerId,omitempty"`
+		AccessLevel ResourceAccessLevel `json:"AccessLevel,omitempty"`
 	}
 
 	// ResourceControlType represents the type of resource associated to the resource control (volume, container, service).
@@ -325,6 +327,7 @@ type (
 	FileService interface {
 		StoreTLSFile(folder string, fileType TLSFileType, r io.Reader) error
 		GetPathForTLSFile(folder string, fileType TLSFileType) (string, error)
+		DeleteTLSFile(folder string, fileType TLSFileType) error
 		DeleteTLSFiles(folder string) error
 	}
 
@@ -344,7 +347,7 @@ const (
 	// APIVersion is the version number of the Portainer API.
 	APIVersion = "1.14.0"
 	// DBVersion is the version number of the Portainer database.
-	DBVersion = 3
+	DBVersion = 4
 	// DefaultTemplatesURL represents the default URL for the templates definitions.
 	DefaultTemplatesURL = "https://raw.githubusercontent.com/portainer/templates/master/templates.json"
 )
diff --git a/api/swagger.yaml b/api/swagger.yaml
index 21f4dac79..59ac0bdce 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -1,38 +1,61 @@
 ---
 swagger: "2.0"
 info:
-  description: "Portainer API is an HTTP API served by Portainer. It is used by the\
-    \ Portainer UI and everything you can do with the UI can be done using the HTTP\
-    \ API.  \nExamples are available at https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8\
-    \  \nYou can find out more about Portainer at [http://portainer.io](http://portainer.io)\
-    \ and get some support on [Slack](http://portainer.io/slack/).\n\n# Authentication\n\
-    \nMost of the API endpoints require to be authenticated as well as some level\
-    \ of authorization to be used.\nPortainer API uses JSON Web Token to manage authentication\
-    \ and thus requires you to provide a token in the **Authorization** header of\
-    \ each request\nwith the **Bearer** authentication mechanism.\n\nExample:\n```\n\
-    Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE\n\
-    ```\n\n# Security\n\nEach API endpoint has an associated access policy, it is\
-    \ documented in the description of each endpoint.\n\nDifferent access policies\
-    \ are available:\n* Public access\n* Authenticated access\n* Restricted access\n\
-    * Administrator access\n\n### Public access\n\nNo authentication is required to\
-    \ access the endpoints with this access policy.\n\n### Authenticated access\n\n\
-    Authentication is required to access the endpoints with this access policy.\n\n\
-    ### Restricted access\n\nAuthentication is required to access the endpoints with\
-    \ this access policy.\nExtra-checks might be added to ensure access to the resource\
-    \ is granted. Returned data might also be filtered.\n\n### Administrator access\n\
-    \nAuthentication as well as an administrator role are required to access the endpoints\
-    \ with this access policy.\n\n# Execute Docker requests\n\nPortainer **DO NOT**\
-    \ expose specific endpoints to manage your Docker resources (create a container,\
-    \ remove a volume, etc...).  \n\nInstead, it acts as a reverse-proxy to the Docker\
-    \ HTTP API. This means that you can execute Docker requests **via** the Portainer\
-    \ HTTP API.\n\nTo do so, you can use the `/endpoints/{id}/docker` Portainer API\
-    \ endpoint (which is not documented below due to Swagger limitations). This\n\
-    endpoint has a restricted access policy so you still need to be authenticated\
-    \ to be able to query this endpoint. Any query on this endpoint will be proxied\
-    \ to the\nDocker API of the associated endpoint (requests and responses objects\
-    \ are the same as documented in the Docker API).\n\n**NOTE**: You can find more\
-    \ information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/)\
-    \ as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).\n"
+  description: |
+    Portainer API is an HTTP API served by Portainer. It is used by the Portainer UI and everything you can do with the UI can be done using the HTTP API.
+    Examples are available at https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8
+    You can find out more about Portainer at [http://portainer.io](http://portainer.io) and get some support on [Slack](http://portainer.io/slack/).
+
+    # Authentication
+
+    Most of the API endpoints require to be authenticated as well as some level of authorization to be used.
+    Portainer API uses JSON Web Token to manage authentication and thus requires you to provide a token in the **Authorization** header of each request
+    with the **Bearer** authentication mechanism.
+
+    Example:
+    ```
+    Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTQ5OTM3NjE1NH0.NJ6vE8FY1WG6jsRQzfMqeatJ4vh2TWAeeYfDhP71YEE
+    ```
+
+    # Security
+
+    Each API endpoint has an associated access policy, it is documented in the description of each endpoint.
+
+    Different access policies are available:
+    * Public access
+    * Authenticated access
+    * Restricted access
+    * Administrator access
+
+    ### Public access
+
+    No authentication is required to access the endpoints with this access policy.
+
+    ### Authenticated access
+
+    Authentication is required to access the endpoints with this access policy.
+
+    ### Restricted access
+
+    Authentication is required to access the endpoints with this access policy.
+    Extra-checks might be added to ensure access to the resource is granted. Returned data might also be filtered.
+
+    ### Administrator access
+
+    Authentication as well as an administrator role are required to access the endpoints with this access policy.
+
+    # Execute Docker requests
+
+    Portainer **DO NOT** expose specific endpoints to manage your Docker resources (create a container, remove a volume, etc...).
+
+    Instead, it acts as a reverse-proxy to the Docker HTTP API. This means that you can execute Docker requests **via** the Portainer HTTP API.
+
+    To do so, you can use the `/endpoints/{id}/docker` Portainer API endpoint (which is not documented below due to Swagger limitations). This
+    endpoint has a restricted access policy so you still need to be authenticated to be able to query this endpoint. Any query on this endpoint will be proxied to the
+    Docker API of the associated endpoint (requests and responses objects are the same as documented in the Docker API).
+
+    **NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).
+
   version: "1.14.0"
   title: "Portainer API"
   contact:
@@ -75,8 +98,9 @@ paths:
       tags:
       - "auth"
       summary: "Authenticate a user"
-      description: "Use this endpoint to authenticate against Portainer using a username\
-        \ and password.  \n**Access policy**: public\n"
+      description: |
+        Use this endpoint to authenticate against Portainer using a username and password.
+        **Access policy**: public
       operationId: "AuthenticateUser"
       consumes:
       - "application/json"
@@ -117,8 +141,9 @@ paths:
       tags:
       - "dockerhub"
       summary: "Retrieve DockerHub information"
-      description: "Use this endpoint to retrieve the information used to connect\
-        \ to the DockerHub  \n**Access policy**: authenticated\n"
+      description: |
+        Use this endpoint to retrieve the information used to connect to the DockerHub
+        **Access policy**: authenticated
       operationId: "DockerHubInspect"
       produces:
       - "application/json"
@@ -136,8 +161,9 @@ paths:
       tags:
       - "dockerhub"
       summary: "Update DockerHub information"
-      description: "Use this endpoint to update the information used to connect to\
-        \ the DockerHub  \n**Access policy**: administrator\n"
+      description: |
+        Use this endpoint to update the information used to connect to the DockerHub
+        **Access policy**: administrator
       operationId: "DockerHubUpdate"
       consumes:
       - "application/json"
@@ -169,9 +195,11 @@ paths:
       tags:
       - "endpoints"
       summary: "List endpoints"
-      description: "List all endpoints based on the current user authorizations. Will\n\
-        return all endpoints if using an administrator account otherwise it will\n\
-        only return authorized endpoints.  \n**Access policy**: restricted      \n"
+      description: |
+        List all endpoints based on the current user authorizations. Will
+        return all endpoints if using an administrator account otherwise it will
+        only return authorized endpoints.
+        **Access policy**: restricted
       operationId: "EndpointList"
       produces:
       - "application/json"
@@ -189,8 +217,9 @@ paths:
       tags:
       - "endpoints"
       summary: "Create a new endpoint"
-      description: "Create a new endpoint that will be used to manage a Docker environment.\
-        \  \n**Access policy**: administrator\n"
+      description: |
+        Create a new endpoint that will be used to manage a Docker environment.
+        **Access policy**: administrator
       operationId: "EndpointCreate"
       consumes:
       - "application/json"
@@ -231,8 +260,9 @@ paths:
       tags:
       - "endpoints"
       summary: "Inspect an endpoint"
-      description: "Retrieve details abount an endpoint.  \n**Access policy**: administrator\
-        \      \n"
+      description: |
+        Retrieve details abount an endpoint.
+        **Access policy**: administrator
       operationId: "EndpointInspect"
       produces:
       - "application/json"
@@ -269,7 +299,9 @@ paths:
       tags:
       - "endpoints"
       summary: "Update an endpoint"
-      description: "Update an endpoint.  \n**Access policy**: administrator\n"
+      description: |
+        Update an endpoint.
+        **Access policy**: administrator
       operationId: "EndpointUpdate"
       consumes:
       - "application/json"
@@ -319,7 +351,9 @@ paths:
       tags:
       - "endpoints"
       summary: "Remove an endpoint"
-      description: "Remove an endpoint.  \n**Access policy**: administrator      \n"
+      description: |
+        Remove an endpoint.
+        **Access policy**: administrator
       operationId: "EndpointDelete"
       parameters:
       - name: "id"
@@ -360,8 +394,9 @@ paths:
       tags:
       - "endpoints"
       summary: "Manage accesses to an endpoint"
-      description: "Manage user and team accesses to an endpoint.  \n**Access policy**:\
-        \ administrator            \n"
+      description: |
+        Manage user and team accesses to an endpoint.
+        **Access policy**: administrator
       operationId: "EndpointAccessUpdate"
       consumes:
       - "application/json"
@@ -400,15 +435,17 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /registries:
     get:
       tags:
       - "registries"
       summary: "List registries"
-      description: "List all registries based on the current user authorizations.\n\
-        Will return all registries if using an administrator account otherwise it\n\
-        will only return authorized registries.  \n**Access policy**: restricted \
-        \                 \n"
+      description: |
+        List all registries based on the current user authorizations.
+        Will return all registries if using an administrator account otherwise it
+        will only return authorized registries.
+        **Access policy**: restricted
       operationId: "RegistryList"
       produces:
       - "application/json"
@@ -426,8 +463,9 @@ paths:
       tags:
       - "registries"
       summary: "Create a new registry"
-      description: "Create a new registry.  \n**Access policy**: administrator   \
-        \   \n"
+      description: |
+        Create a new registry.
+        **Access policy**: administrator
       operationId: "RegistryCreate"
       consumes:
       - "application/json"
@@ -468,8 +506,9 @@ paths:
       tags:
       - "registries"
       summary: "Inspect a registry"
-      description: "Retrieve details about a registry.  \n**Access policy**: administrator\
-        \      \n"
+      description: |
+        Retrieve details about a registry.
+        **Access policy**: administrator
       operationId: "RegistryInspect"
       produces:
       - "application/json"
@@ -506,7 +545,9 @@ paths:
       tags:
       - "registries"
       summary: "Update a registry"
-      description: "Update a registry.  \n**Access policy**: administrator      \n"
+      description: |
+        Update a registry.
+        **Access policy**: administrator
       operationId: "RegistryUpdate"
       consumes:
       - "application/json"
@@ -563,8 +604,9 @@ paths:
       tags:
       - "registries"
       summary: "Remove a registry"
-      description: "Remove a registry.  \n**Access policy**: administrator       \
-        \     \n"
+      description: |
+        Remove a registry.
+        **Access policy**: administrator
       operationId: "RegistryDelete"
       parameters:
       - name: "id"
@@ -598,8 +640,9 @@ paths:
       tags:
       - "registries"
       summary: "Manage accesses to a registry"
-      description: "Manage user and team accesses to a registry.  \n**Access policy**:\
-        \ administrator            \n"
+      description: |
+        Manage user and team accesses to a registry.
+        **Access policy**: administrator
       operationId: "RegistryAccessUpdate"
       consumes:
       - "application/json"
@@ -643,8 +686,9 @@ paths:
       tags:
       - "resource_controls"
       summary: "Create a new resource control"
-      description: "Create a new resource control to restrict access to a Docker resource.\
-        \  \n**Access policy**: restricted            \n"
+      description: |
+        Create a new resource control to restrict access to a Docker resource.
+        **Access policy**: restricted
       operationId: "ResourceControlCreate"
       consumes:
       - "application/json"
@@ -690,8 +734,9 @@ paths:
       tags:
       - "resource_controls"
       summary: "Update a resource control"
-      description: "Update a resource control.  \n**Access policy**: restricted  \
-        \       \n"
+      description: |
+        Update a resource control.
+        **Access policy**: restricted
       operationId: "ResourceControlUpdate"
       consumes:
       - "application/json"
@@ -741,8 +786,9 @@ paths:
       tags:
       - "resource_controls"
       summary: "Remove a resource control"
-      description: "Remove a resource control.  \n**Access policy**: restricted  \
-        \    \n"
+      description: |
+        Remove a resource control.
+        **Access policy**: restricted
       operationId: "ResourceControlDelete"
       parameters:
       - name: "id"
@@ -783,8 +829,9 @@ paths:
       tags:
       - "settings"
       summary: "Retrieve Portainer settings"
-      description: "Retrieve Portainer settings.  \n**Access policy**: administrator\
-        \      \n"
+      description: |
+        Retrieve Portainer settings.
+        **Access policy**: administrator
       operationId: "SettingsInspect"
       produces:
       - "application/json"
@@ -802,8 +849,9 @@ paths:
       tags:
       - "settings"
       summary: "Update Portainer settings"
-      description: "Update Portainer settings.  \n**Access policy**: administrator\
-        \        \n"
+      description: |
+        Update Portainer settings.
+        **Access policy**: administrator
       operationId: "SettingsUpdate"
       consumes:
       - "application/json"
@@ -835,9 +883,9 @@ paths:
       tags:
       - "settings"
       summary: "Retrieve Portainer public settings"
-      description: "Retrieve public settings. Returns a small set of settings that\
-        \ are not reserved to administrators only.  \n**Access policy**: public  \
-        \    \n"
+      description: |
+        Retrieve public settings. Returns a small set of settings that are not reserved to administrators only.
+        **Access policy**: public
       operationId: "PublicSettingsInspect"
       produces:
       - "application/json"
@@ -856,8 +904,9 @@ paths:
       tags:
       - "settings"
       summary: "Test LDAP connectivity"
-      description: "Test LDAP connectivity using LDAP details.  \n**Access policy**:\
-        \ administrator        \n"
+      description: |
+        Test LDAP connectivity using LDAP details.
+        **Access policy**: administrator
       operationId: "SettingsLDAPCheck"
       consumes:
       - "application/json"
@@ -889,8 +938,9 @@ paths:
       tags:
       - "status"
       summary: "Check Portainer status"
-      description: "Retrieve Portainer status.  \n**Access policy**: public      \
-        \  \n"
+      description: |
+        Retrieve Portainer status.
+        **Access policy**: public
       operationId: "StatusInspect"
       produces:
       - "application/json"
@@ -909,9 +959,9 @@ paths:
       tags:
       - "users"
       summary: "List users"
-      description: "List Portainer users. Non-administrator users will only be able\
-        \ to list other non-administrator user accounts.  \n**Access policy**: restricted\
-        \        \n"
+      description: |
+        List Portainer users. Non-administrator users will only be able to list other non-administrator user accounts.
+        **Access policy**: restricted
       operationId: "UserList"
       produces:
       - "application/json"
@@ -929,9 +979,10 @@ paths:
       tags:
       - "users"
       summary: "Create a new user"
-      description: "Create a new Portainer user. Only team leaders and administrators\
-        \ can create users. Only administrators can\ncreate an administrator user\
-        \ account.  \n**Access policy**: restricted        \n"
+      description: |
+        Create a new Portainer user. Only team leaders and administrators can create users. Only administrators can
+        create an administrator user account.
+        **Access policy**: restricted
       operationId: "UserCreate"
       consumes:
       - "application/json"
@@ -979,8 +1030,9 @@ paths:
       tags:
       - "users"
       summary: "Inspect a user"
-      description: "Retrieve details about a user.  \n**Access policy**: administrator\
-        \        \n"
+      description: |
+        Retrieve details about a user.
+        **Access policy**: administrator
       operationId: "UserInspect"
       produces:
       - "application/json"
@@ -1017,8 +1069,9 @@ paths:
       tags:
       - "users"
       summary: "Update a user"
-      description: "Update user details. A regular user account can only update his\
-        \ details.  \n**Access policy**: authenticated      \n"
+      description: |
+        Update user details. A regular user account can only update his details.
+        **Access policy**: authenticated
       operationId: "UserUpdate"
       consumes:
       - "application/json"
@@ -1068,7 +1121,9 @@ paths:
       tags:
       - "users"
       summary: "Remove a user"
-      description: "Remove a user.  \n**Access policy**: administrator      \n"
+      description: |
+        Remove a user.
+        **Access policy**: administrator
       operationId: "UserDelete"
       parameters:
       - name: "id"
@@ -1102,8 +1157,9 @@ paths:
       tags:
       - "users"
       summary: "Inspect a user memberships"
-      description: "Inspect a user memberships.  \n**Access policy**: authenticated\
-        \      \n"
+      description: |
+        Inspect a user memberships.
+        **Access policy**: authenticated
       operationId: "UserMembershipsInspect"
       produces:
       - "application/json"
@@ -1136,13 +1192,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /users/{id}/passwd:
     post:
       tags:
       - "users"
       summary: "Check password validity for a user"
-      description: "Check if the submitted password is valid for the specified user.\
-        \  \n**Access policy**: authenticated      \n"
+      description: |
+        Check if the submitted password is valid for the specified user.
+        **Access policy**: authenticated
       operationId: "UserPasswordCheck"
       consumes:
       - "application/json"
@@ -1183,13 +1241,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /users/admin/check:
     get:
       tags:
       - "users"
       summary: "Check administrator account existence"
-      description: "Check if an administrator account exists in the database.\n**Access\
-        \ policy**: public        \n"
+      description: |
+        Check if an administrator account exists in the database.
+        **Access policy**: public
       operationId: "UserAdminCheck"
       produces:
       - "application/json"
@@ -1210,13 +1270,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /users/admin/init:
     post:
       tags:
       - "users"
       summary: "Initialize administrator account"
-      description: "Initialize the 'admin' user account.\n**Access policy**: public\
-        \        \n"
+      description: |
+        Initialize the 'admin' user account.
+        **Access policy**: public
       operationId: "UserAdminInit"
       consumes:
       - "application/json"
@@ -1250,34 +1312,35 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /upload/tls/{certificate}:
     post:
       tags:
       - "upload"
       summary: "Upload TLS files"
-      description: "Use this endpoint to upload TLS files.  \n**Access policy**: administrator\n"
+      description: |
+        Use this endpoint to upload TLS files.
+        **Access policy**: administrator
       operationId: "UploadTLS"
       consumes:
-      - "multipart/form-data"
+      - multipart/form-data
       produces:
       - "application/json"
       parameters:
-      - name: "certificate"
-        in: "path"
+      - in: "path"
+        name: "certificate"
         description: "TLS file type. Valid values are 'ca', 'cert' or 'key'."
         required: true
         type: "string"
-      - name: "folder"
-        in: "query"
-        description: "Folder where the TLS file will be stored. Will be created if\
-          \ not existing."
+      - in: "query"
+        name: "folder"
+        description: "Folder where the TLS file will be stored. Will be created if not existing."
         required: true
         type: "string"
-      - name: "file"
-        in: "formData"
-        description: "The file to upload."
-        required: false
+      - in: "formData"
+        name: "file"
         type: "file"
+        description: "The file to upload."
       responses:
         200:
           description: "Success"
@@ -1292,13 +1355,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /teams:
     get:
       tags:
       - "teams"
       summary: "List teams"
-      description: "List teams. For non-administrator users, will only list the teams\
-        \ they are member of.  \n**Access policy**: restricted      \n"
+      description: |
+        List teams. For non-administrator users, will only list the teams they are member of.
+        **Access policy**: restricted
       operationId: "TeamList"
       produces:
       - "application/json"
@@ -1316,8 +1381,9 @@ paths:
       tags:
       - "teams"
       summary: "Create a new team"
-      description: "Create a new team.  \n**Access policy**: administrator       \
-        \     \n"
+      description: |
+        Create a new team.
+        **Access policy**: administrator
       operationId: "TeamCreate"
       consumes:
       - "application/json"
@@ -1365,8 +1431,9 @@ paths:
       tags:
       - "teams"
       summary: "Inspect a team"
-      description: "Retrieve details about a team. Access is only available for administrator\
-        \ and leaders of that team.  \n**Access policy**: restricted      \n"
+      description: |
+        Retrieve details about a team. Access is only available for administrator and leaders of that team.
+        **Access policy**: restricted
       operationId: "TeamInspect"
       produces:
       - "application/json"
@@ -1410,8 +1477,9 @@ paths:
       tags:
       - "teams"
       summary: "Update a team"
-      description: "Update a team.  \n**Access policy**: administrator           \
-        \ \n"
+      description: |
+        Update a team.
+        **Access policy**: administrator
       operationId: "TeamUpdate"
       consumes:
       - "application/json"
@@ -1454,7 +1522,9 @@ paths:
       tags:
       - "teams"
       summary: "Remove a team"
-      description: "Remove a team.  \n**Access policy**: administrator      \n"
+      description: |
+        Remove a team.
+        **Access policy**: administrator
       operationId: "TeamDelete"
       parameters:
       - name: "id"
@@ -1483,13 +1553,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /teams/{id}/memberships:
     get:
       tags:
       - "teams"
       summary: "Inspect a team memberships"
-      description: "Inspect a team memberships. Access is only available for administrator\
-        \ and leaders of that team.  \n**Access policy**: restricted      \n"
+      description: |
+        Inspect a team memberships. Access is only available for administrator and leaders of that team.
+        **Access policy**: restricted
       operationId: "TeamMembershipsInspect"
       produces:
       - "application/json"
@@ -1522,13 +1594,15 @@ paths:
           description: "Server error"
           schema:
             $ref: "#/definitions/GenericError"
+
   /team_memberships:
     get:
       tags:
       - "team_memberships"
       summary: "List team memberships"
-      description: "List team memberships. Access is only available to administrators\
-        \ and team leaders.  \n**Access policy**: restricted         \n"
+      description: |
+        List team memberships. Access is only available to administrators and team leaders.
+        **Access policy**: restricted
       operationId: "TeamMembershipList"
       produces:
       - "application/json"
@@ -1553,8 +1627,9 @@ paths:
       tags:
       - "team_memberships"
       summary: "Create a new team membership"
-      description: "Create a new team memberships. Access is only available to administrators\
-        \ leaders of the associated team.  \n**Access policy**: restricted      \n"
+      description: |
+        Create a new team memberships. Access is only available to administrators leaders of the associated team.
+        **Access policy**: restricted
       operationId: "TeamMembershipCreate"
       consumes:
       - "application/json"
@@ -1602,9 +1677,9 @@ paths:
       tags:
       - "team_memberships"
       summary: "Update a team membership"
-      description: "Update a team membership. Access is only available to administrators\
-        \ leaders of the associated team.  \n**Access policy**: restricted       \
-        \ \n"
+      description: |
+        Update a team membership. Access is only available to administrators leaders of the associated team.
+        **Access policy**: restricted
       operationId: "TeamMembershipUpdate"
       consumes:
       - "application/json"
@@ -1654,8 +1729,9 @@ paths:
       tags:
       - "team_memberships"
       summary: "Remove a team membership"
-      description: "Remove a team membership. Access is only available to administrators\
-        \ leaders of the associated team.  \n**Access policy**: restricted      \n"
+      description: |
+        Remove a team membership. Access is only available to administrators leaders of the associated team.
+        **Access policy**: restricted
       operationId: "TeamMembershipDelete"
       parameters:
       - name: "id"
@@ -1696,17 +1772,18 @@ paths:
       tags:
       - "templates"
       summary: "Retrieve App templates"
-      description: "Retrieve App templates.  \nYou can find more information about\
-        \ the format at http://portainer.readthedocs.io/en/stable/templates.html \
-        \ \n**Access policy**: authenticated      \n"
+      description: |
+        Retrieve App templates.
+        You can find more information about the format at http://portainer.readthedocs.io/en/stable/templates.html
+        **Access policy**: authenticated
       operationId: "TemplateList"
       produces:
       - "application/json"
       parameters:
       - name: "key"
         in: "query"
-        description: "Templates key. Valid values are 'container' or 'linuxserver.io'."
         required: true
+        description: "Templates key. Valid values are 'container' or 'linuxserver.io'."
         type: "string"
       responses:
         200:
@@ -1811,8 +1888,8 @@ definitions:
       AuthenticationMethod:
         type: "integer"
         example: 1
-        description: "Active authentication method for the Portainer instance. Valid\
-          \ values are: 1 for managed or 2 for LDAP."
+        description: "Active authentication method for the Portainer instance. Valid values are: 1 for managed or 2 for LDAP."
+
   TLSConfiguration:
     type: "object"
     properties:
@@ -1836,14 +1913,14 @@ definitions:
         type: "string"
         example: "/data/tls/key.pem"
         description: "Path to the TLS client key file"
+
   LDAPSearchSettings:
     type: "object"
     properties:
       BaseDN:
         type: "string"
         example: "dc=ldap,dc=domain,dc=tld"
-        description: "The distinguished name of the element from which the LDAP server\
-          \ will search for users"
+        description: "The distinguished name of the element from which the LDAP server will search for users"
       Filter:
         type: "string"
         example: "(objectClass=account)"
@@ -1852,6 +1929,7 @@ definitions:
         type: "string"
         example: "uid"
         description: "LDAP attribute which denotes the username"
+
   LDAPSettings:
     type: "object"
     properties:
@@ -1877,6 +1955,7 @@ definitions:
         type: "array"
         items:
           $ref: "#/definitions/LDAPSearchSettings"
+
   Settings:
     type: "object"
     properties:
@@ -1905,8 +1984,7 @@ definitions:
       AuthenticationMethod:
         type: "integer"
         example: 1
-        description: "Active authentication method for the Portainer instance. Valid\
-          \ values are: 1 for managed or 2 for LDAP."
+        description: "Active authentication method for the Portainer instance. Valid values are: 1 for managed or 2 for LDAP."
       LDAPSettings:
         $ref: "#/definitions/LDAPSettings"
   Settings_BlackListedLabels:
@@ -2072,6 +2150,14 @@ definitions:
         type: "boolean"
         example: true
         description: "Require TLS to connect against this endpoint"
+      TLSSkipVerify:
+        type: "boolean"
+        example: false
+        description: "Skip server verification when using TLS"
+      TLSSkipClientVerify:
+        type: "boolean"
+        example: false
+        description: "Skip client verification when using TLS"
   EndpointCreateResponse:
     type: "object"
     properties:
@@ -2103,6 +2189,14 @@ definitions:
         type: "boolean"
         example: true
         description: "Require TLS to connect against this endpoint"
+      TLSSkipVerify:
+        type: "boolean"
+        example: false
+        description: "Skip server verification when using TLS"
+      TLSSkipClientVerify:
+        type: "boolean"
+        example: false
+        description: "Skip client verification when using TLS"
   EndpointAccessUpdateRequest:
     type: "object"
     properties:
@@ -2269,8 +2363,8 @@ definitions:
   SettingsUpdateRequest:
     type: "object"
     required:
-    - "AuthenticationMethod"
     - "TemplatesURL"
+    - "AuthenticationMethod"
     properties:
       TemplatesURL:
         type: "string"
@@ -2297,8 +2391,7 @@ definitions:
       AuthenticationMethod:
         type: "integer"
         example: 1
-        description: "Active authentication method for the Portainer instance. Valid\
-          \ values are: 1 for managed or 2 for LDAP."
+        description: "Active authentication method for the Portainer instance. Valid values are: 1 for managed or 2 for LDAP."
       LDAPSettings:
         $ref: "#/definitions/LDAPSettings"
   UserCreateRequest:
@@ -2395,12 +2488,13 @@ definitions:
     type: "array"
     items:
       $ref: "#/definitions/TeamMembership"
+
   TeamMembershipCreateRequest:
     type: "object"
     required:
-    - "Role"
-    - "TeamID"
     - "UserID"
+    - "TeamID"
+    - "Role"
     properties:
       UserID:
         type: "integer"
@@ -2413,8 +2507,7 @@ definitions:
       Role:
         type: "integer"
         example: 1
-        description: "Role for the user inside the team (1 for leader and 2 for regular\
-          \ member)"
+        description: "Role for the user inside the team (1 for leader and 2 for regular member)"
   TeamMembershipCreateResponse:
     type: "object"
     properties:
@@ -2429,9 +2522,9 @@ definitions:
   TeamMembershipUpdateRequest:
     type: "object"
     required:
-    - "Role"
-    - "TeamID"
     - "UserID"
+    - "TeamID"
+    - "Role"
     properties:
       UserID:
         type: "integer"
@@ -2444,8 +2537,7 @@ definitions:
       Role:
         type: "integer"
         example: 1
-        description: "Role for the user inside the team (1 for leader and 2 for regular\
-          \ member)"
+        description: "Role for the user inside the team (1 for leader and 2 for regular member)"
   SettingsLDAPCheckRequest:
     type: "object"
     properties:
@@ -2454,14 +2546,10 @@ definitions:
   UserAdminInitRequest:
     type: "object"
     properties:
-      Username:
-        type: "string"
-        example: "admin"
-        description: "Username of the initial administrator account"
       Password:
         type: "string"
         example: "admin-password"
-        description: "Password of the initial administrator account"
+        description: "Password for the admin user"
   TemplateListResponse:
     type: "array"
     items:
diff --git a/app/components/endpoint/endpoint.html b/app/components/endpoint/endpoint.html
index 80be7c92c..f7a113ab1 100644
--- a/app/components/endpoint/endpoint.html
+++ b/app/components/endpoint/endpoint.html
@@ -12,6 +12,9 @@
     <rd-widget>
       <rd-widget-body>
         <form class="form-horizontal">
+          <div class="col-sm-12 form-section-title">
+            Configuration
+          </div>
           <!-- name-input -->
           <div class="form-group">
             <label for="container_name" class="col-sm-3 col-lg-2 control-label text-left">Name</label>
@@ -42,73 +45,19 @@
             </div>
           </div>
           <!-- !endpoint-public-url-input -->
-          <!-- tls-checkbox -->
-          <div class="form-group" ng-if="endpointType === 'remote'">
-            <div class="col-sm-12">
-              <label for="tls" class="control-label text-left">
-                TLS
-                <portainer-tooltip position="bottom" message="Enable this option if you need to specify TLS certificates to connect to the Docker endpoint."></portainer-tooltip>
-              </label>
-              <label class="switch" style="margin-left: 20px;">
-                <input type="checkbox" ng-model="endpoint.TLS"><i></i>
-              </label>
+          <!-- endpoint-security -->
+          <div ng-if="endpointType === 'remote'">
+            <div class="col-sm-12 form-section-title">
+              Security
             </div>
+            <por-endpoint-security form-data="formValues.SecurityFormData" endpoint="endpoint"></por-endpoint-security>
           </div>
-          <!-- !tls-checkbox -->
-          <!-- tls-certs -->
-          <div ng-if="endpoint.TLS">
-            <!-- ca-input -->
-            <div class="form-group">
-              <label class="col-sm-2 control-label text-left">TLS CA certificate</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCACert">Select file</button>
-                <span style="margin-left: 5px;">
-                  <span ng-if="formValues.TLSCACert !== endpoint.TLSCACert">{{ formValues.TLSCACert.name }}</span>
-                  <i class="fa fa-check green-icon" ng-if="formValues.TLSCACert && formValues.TLSCACert === endpoint.TLSCACert" aria-hidden="true"></i>
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSCACert" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !ca-input -->
-            <!-- cert-input -->
-            <div class="form-group">
-              <label for="tls_cert" class="col-sm-2 control-label text-left">TLS certificate</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCert">Select file</button>
-                <span style="margin-left: 5px;">
-                  <span ng-if="formValues.TLSCert !== endpoint.TLSCert">{{ formValues.TLSCert.name }}</span>
-                  <i class="fa fa-check green-icon" ng-if="formValues.TLSCert && formValues.TLSCert === endpoint.TLSCert" aria-hidden="true"></i>
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSCert" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !cert-input -->
-            <!-- key-input -->
-            <div class="form-group">
-              <label class="col-sm-2 control-label text-left">TLS key</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSKey">Select file</button>
-                <span style="margin-left: 5px;">
-                  <span ng-if="formValues.TLSKey !== endpoint.TLSKey">{{ formValues.TLSKey.name }}</span>
-                  <i class="fa fa-check green-icon" ng-if="formValues.TLSKey && formValues.TLSKey === endpoint.TLSKey" aria-hidden="true"></i>
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSKey" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !key-input -->
-          </div>
-          <!-- !tls-certs -->
+          <!-- !endpoint-security -->
           <div class="form-group">
             <div class="col-sm-12">
-              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!endpoint.Name || !endpoint.URL || (endpoint.TLS && (!formValues.TLSCACert || !formValues.TLSCert || !formValues.TLSKey))" ng-click="updateEndpoint()">Update endpoint</button>
+              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!endpoint.Name || !endpoint.URL || (endpoint.TLS && ((endpoint.TLSVerify && !formValues.TLSCACert) || (endpoint.TLSClientCert && (!formValues.TLSCert || !formValues.TLSKey))))" ng-click="updateEndpoint()">Update endpoint</button>
               <a type="button" class="btn btn-default btn-sm" ui-sref="endpoints">Cancel</a>
-              <i id="updateEndpointSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
-              <span class="text-danger" ng-if="state.error" style="margin: 5px;">
-                <i class="fa fa-exclamation-circle" aria-hidden="true"></i> {{ state.error }}
-              </span>
+              <i id="updateResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
             </div>
           </div>
         </form>
diff --git a/app/components/endpoint/endpointController.js b/app/components/endpoint/endpointController.js
index 81444370e..bb3803f93 100644
--- a/app/components/endpoint/endpointController.js
+++ b/app/components/endpoint/endpointController.js
@@ -7,35 +7,41 @@ function ($scope, $state, $stateParams, $filter, EndpointService, Notifications)
   }
 
   $scope.state = {
-    error: '',
     uploadInProgress: false
   };
 
   $scope.formValues = {
-    TLSCACert: null,
-    TLSCert: null,
-    TLSKey: null
+    SecurityFormData: new EndpointSecurityFormData()
   };
 
   $scope.updateEndpoint = function() {
-    var ID = $scope.endpoint.Id;
+    var endpoint = $scope.endpoint;
+    var securityData = $scope.formValues.SecurityFormData;
+    var TLS = securityData.TLS;
+    var TLSMode = securityData.TLSMode;
+    var TLSSkipVerify = TLS && (TLSMode === 'tls_client_noca' || TLSMode === 'tls_only');
+    var TLSSkipClientVerify = TLS && (TLSMode === 'tls_ca' || TLSMode === 'tls_only');
+
     var endpointParams = {
-      name: $scope.endpoint.Name,
-      URL: $scope.endpoint.URL,
-      PublicURL: $scope.endpoint.PublicURL,
-      TLS: $scope.endpoint.TLS,
-      TLSCACert: $scope.formValues.TLSCACert !== $scope.endpoint.TLSCACert ? $scope.formValues.TLSCACert : null,
-      TLSCert: $scope.formValues.TLSCert !== $scope.endpoint.TLSCert ? $scope.formValues.TLSCert : null,
-      TLSKey: $scope.formValues.TLSKey !== $scope.endpoint.TLSKey ? $scope.formValues.TLSKey : null,
+      name: endpoint.Name,
+      URL: endpoint.URL,
+      PublicURL: endpoint.PublicURL,
+      TLS: TLS,
+      TLSSkipVerify: TLSSkipVerify,
+      TLSSkipClientVerify: TLSSkipClientVerify,
+      TLSCACert: TLSSkipVerify || securityData.TLSCACert === endpoint.TLSConfig.TLSCACert ? null : securityData.TLSCACert,
+      TLSCert: TLSSkipClientVerify || securityData.TLSCert === endpoint.TLSConfig.TLSCert ? null : securityData.TLSCert,
+      TLSKey: TLSSkipClientVerify || securityData.TLSKey === endpoint.TLSConfig.TLSKey ? null : securityData.TLSKey,
       type: $scope.endpointType
     };
 
-    EndpointService.updateEndpoint(ID, endpointParams)
+    $('updateResourceSpinner').show();
+    EndpointService.updateEndpoint(endpoint.Id, endpointParams)
     .then(function success(data) {
       Notifications.success('Endpoint updated', $scope.endpoint.Name);
       $state.go('endpoints');
     }, function error(err) {
-      $scope.state.error = err.msg;
+      Notifications.error('Failure', err, 'Unable to update endpoint');
     }, function update(evt) {
       if (evt.upload) {
         $scope.state.uploadInProgress = evt.upload;
@@ -43,25 +49,27 @@ function ($scope, $state, $stateParams, $filter, EndpointService, Notifications)
     });
   };
 
-  function getEndpoint(endpointID) {
+  function initView() {
     $('#loadingViewSpinner').show();
-    EndpointService.endpoint($stateParams.id).then(function success(data) {
-      $('#loadingViewSpinner').hide();
-      $scope.endpoint = data;
-      if (data.URL.indexOf('unix://') === 0) {
+    EndpointService.endpoint($stateParams.id)
+    .then(function success(data) {
+      var endpoint = data;
+      endpoint.URL = $filter('stripprotocol')(endpoint.URL);
+      $scope.endpoint = endpoint;
+
+      if (endpoint.URL.indexOf('unix://') === 0) {
         $scope.endpointType = 'local';
       } else {
         $scope.endpointType = 'remote';
       }
-      $scope.endpoint.URL = $filter('stripprotocol')(data.URL);
-      $scope.formValues.TLSCACert = data.TLSCACert;
-      $scope.formValues.TLSCert = data.TLSCert;
-      $scope.formValues.TLSKey = data.TLSKey;
-    }, function error(err) {
-      $('#loadingViewSpinner').hide();
+    })
+    .catch(function error(err) {
       Notifications.error('Failure', err, 'Unable to retrieve endpoint details');
+    })
+    .finally(function final() {
+      $('#loadingViewSpinner').hide();
     });
   }
 
-  getEndpoint($stateParams.id);
+  initView();
 }]);
diff --git a/app/components/endpoints/endpoints.html b/app/components/endpoints/endpoints.html
index 6528ae711..4812eabe8 100644
--- a/app/components/endpoints/endpoints.html
+++ b/app/components/endpoints/endpoints.html
@@ -60,75 +60,21 @@
             </div>
           </div>
           <!-- !endpoint-public-url-input -->
-          <!-- tls-checkbox -->
+          <!-- endpoint-security -->
+          <por-endpoint-security form-data="formValues.SecurityFormData"></por-endpoint-security>
+          <!-- !endpoint-security -->
+          <!-- actions -->
           <div class="form-group">
             <div class="col-sm-12">
-              <label for="tls" class="control-label text-left">
-                TLS
-                <portainer-tooltip position="bottom" message="Enable this option if you need to specify TLS certificates to connect to the Docker endpoint."></portainer-tooltip>
-              </label>
-              <label class="switch" style="margin-left: 20px;">
-                <input type="checkbox" ng-model="formValues.TLS"><i></i>
-              </label>
-            </div>
+              <button type="submit" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && ((formValues.TLSVerify && !formValues.TLSCACert) || (formValues.TLSClientCert && (!formValues.TLSCert || !formValues.TLSKey))))" ng-click="addEndpoint()"><i class="fa fa-plus" aria-hidden="true"></i> Add endpoint</button>
+              <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
           </div>
-          <!-- !tls-checkbox -->
-          <!-- tls-certs -->
-          <div ng-if="formValues.TLS">
-            <!-- ca-input -->
-            <div class="form-group">
-              <label class="col-sm-2 control-label text-left">TLS CA certificate</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCACert">Select file</button>
-                <span style="margin-left: 5px;">
-                  {{ formValues.TLSCACert.name }}
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSCACert" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !ca-input -->
-            <!-- cert-input -->
-            <div class="form-group">
-              <label for="tls_cert" class="col-sm-2 control-label text-left">TLS certificate</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCert">Select file</button>
-                <span style="margin-left: 5px;">
-                  {{ formValues.TLSCert.name }}
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSCert" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !cert-input -->
-            <!-- key-input -->
-            <div class="form-group">
-              <label class="col-sm-2 control-label text-left">TLS key</label>
-              <div class="col-sm-10">
-                <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSKey">Select file</button>
-                <span style="margin-left: 5px;">
-                  {{ formValues.TLSKey.name }}
-                  <i class="fa fa-times red-icon" ng-if="!formValues.TLSKey" aria-hidden="true"></i>
-                  <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                </span>
-              </div>
-            </div>
-            <!-- !key-input -->
-          </div>
-          <!-- !tls-certs -->
-          <div class="form-group">
-            <div class="col-sm-12">
-              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && (!formValues.TLSCACert || !formValues.TLSCert || !formValues.TLSKey))" ng-click="addEndpoint()">Add endpoint</button>
-              <i id="createEndpointSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
-              <span class="text-danger" ng-if="state.error" style="margin: 5px;">
-                <i class="fa fa-exclamation-circle" aria-hidden="true"></i> {{ state.error }}
-              </span>
-            </div>
-          </div>
-        </form>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
+        </div>
+        <!-- !actions -->
+      </form>
+    </rd-widget-body>
+  </rd-widget>
+</div>
 </div>
 
 <div class="row">
@@ -191,7 +137,7 @@
                   <span ng-if="applicationState.application.authentication">
                     <a ui-sref="endpoint.access({id: endpoint.Id})"><i class="fa fa-users" aria-hidden="true" style="margin-left: 7px;"></i> Manage access</a>
                   </span>
-              </td>
+                </td>
               </tr>
               <tr ng-if="!endpoints">
                 <td colspan="5" class="text-center text-muted">Loading...</td>
diff --git a/app/components/endpoints/endpointsController.js b/app/components/endpoints/endpointsController.js
index c7b488b3c..9a761a164 100644
--- a/app/components/endpoints/endpointsController.js
+++ b/app/components/endpoints/endpointsController.js
@@ -2,7 +2,6 @@ angular.module('endpoints', [])
 .controller('EndpointsController', ['$scope', '$state', 'EndpointService', 'EndpointProvider', 'Notifications', 'Pagination',
 function ($scope, $state, EndpointService, EndpointProvider, Notifications, Pagination) {
   $scope.state = {
-    error: '',
     uploadInProgress: false,
     selectedItemCount: 0,
     pagination_count: Pagination.getPaginationCount('endpoints')
@@ -14,10 +13,7 @@ function ($scope, $state, EndpointService, EndpointProvider, Notifications, Pagi
     Name: '',
     URL: '',
     PublicURL: '',
-    TLS: false,
-    TLSCACert: null,
-    TLSCert: null,
-    TLSKey: null
+    SecurityFormData: new EndpointSecurityFormData()
   };
 
   $scope.order = function(sortType) {
@@ -47,23 +43,28 @@ function ($scope, $state, EndpointService, EndpointProvider, Notifications, Pagi
   };
 
   $scope.addEndpoint = function() {
-    $scope.state.error = '';
     var name = $scope.formValues.Name;
     var URL = $scope.formValues.URL;
     var PublicURL = $scope.formValues.PublicURL;
     if (PublicURL === '') {
       PublicURL = URL.split(':')[0];
     }
-    var TLS = $scope.formValues.TLS;
-    var TLSCAFile = $scope.formValues.TLSCACert;
-    var TLSCertFile = $scope.formValues.TLSCert;
-    var TLSKeyFile = $scope.formValues.TLSKey;
-    EndpointService.createRemoteEndpoint(name, URL, PublicURL, TLS, TLSCAFile, TLSCertFile, TLSKeyFile, false).then(function success(data) {
+
+    var securityData = $scope.formValues.SecurityFormData;
+    var TLS = securityData.TLS;
+    var TLSMode = securityData.TLSMode;
+    var TLSSkipVerify = TLS && (TLSMode === 'tls_client_noca' || TLSMode === 'tls_only');
+    var TLSSkipClientVerify = TLS && (TLSMode === 'tls_ca' || TLSMode === 'tls_only');
+    var TLSCAFile = TLSSkipVerify ? null : securityData.TLSCACert;
+    var TLSCertFile = TLSSkipClientVerify ? null : securityData.TLSCert;
+    var TLSKeyFile = TLSSkipClientVerify ? null : securityData.TLSKey;
+
+    EndpointService.createRemoteEndpoint(name, URL, PublicURL, TLS, TLSSkipVerify, TLSSkipClientVerify, TLSCAFile, TLSCertFile, TLSKeyFile).then(function success(data) {
       Notifications.success('Endpoint created', name);
       $state.reload();
     }, function error(err) {
       $scope.state.uploadInProgress = false;
-      $scope.state.error = err.msg;
+      Notifications.error('Failure', err, 'Unable to create endpoint');
     }, function update(evt) {
       if (evt.upload) {
         $scope.state.uploadInProgress = evt.upload;
diff --git a/app/components/initAdmin/initAdminController.js b/app/components/initAdmin/initAdminController.js
index a396cbd17..0959fcd2e 100644
--- a/app/components/initAdmin/initAdminController.js
+++ b/app/components/initAdmin/initAdminController.js
@@ -23,19 +23,18 @@ function ($scope, $state, $sanitize, Notifications, Authentication, StateManager
       return EndpointService.endpoints();
     })
     .then(function success(data) {
-      var endpoints = data;
-      if (endpoints.length > 0)  {
-        var endpoint = endpoints[0];
-        EndpointProvider.setEndpointID(endpoint.Id);
-        StateManager.updateEndpointState(true)
-        .then(function success(data) {
+      if (data.length === 0) {
+        $state.go('init.endpoint');
+      } else {
+        var endpointID = data[0].Id;
+        EndpointProvider.setEndpointID(endpointID);
+        StateManager.updateEndpointState(false)
+        .then(function success() {
           $state.go('dashboard');
         })
         .catch(function error(err) {
-          Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
+          Notifications.error('Failure', err, 'Unable to connect to Docker environment');
         });
-      } else {
-        $state.go('init.endpoint');
       }
     })
     .catch(function error(err) {
diff --git a/app/components/initEndpoint/initEndpoint.html b/app/components/initEndpoint/initEndpoint.html
index 1f87d0570..b7722989b 100644
--- a/app/components/initEndpoint/initEndpoint.html
+++ b/app/components/initEndpoint/initEndpoint.html
@@ -107,12 +107,41 @@
                 </div>
               </div>
               <!-- !tls-checkbox -->
-              <!-- tls-certs -->
+              <!-- tls-options -->
               <div ng-if="formValues.TLS">
-                <!-- ca-input -->
+                <!-- skip-server-verification -->
                 <div class="form-group">
-                  <label class="col-sm-3 control-label text-left">TLS CA certificate</label>
-                  <div class="col-sm-9">
+                  <div class="col-sm-10">
+                    <label for="tls_verify" class="control-label text-left">
+                      Skip server verification
+                      <portainer-tooltip position="bottom" message="Enable this option if you need to authenticate server based on given CA."></portainer-tooltip>
+                    </label>
+                    <label class="switch" style="margin-left: 20px;">
+                      <input type="checkbox" ng-model="formValues.TLSSkipVerify"><i></i>
+                    </label>
+                  </div>
+                </div>
+                <!-- !skip-server-verification -->
+                <!-- skip-client-verification -->
+                <div class="form-group">
+                  <div class="col-sm-10">
+                    <label for="tls_client_cert" class="control-label text-left">
+                      Skip client verification
+                      <portainer-tooltip position="bottom" message="Enable this option if you need to authenticate with a client certificate."></portainer-tooltip>
+                    </label>
+                    <label class="switch" style="margin-left: 20px;">
+                      <input type="checkbox" ng-model="formValues.TLSSKipClientVerify"><i></i>
+                    </label>
+                  </div>
+                </div>
+                <!-- !skip-client-verification -->
+                <div class="col-sm-12 form-section-title" ng-if="!formValues.TLSSkipVerify || !formValues.TLSSKipClientVerify">
+                  Required TLS files
+                </div>
+                <!-- ca-input -->
+                <div class="form-group" ng-if="!formValues.TLSSkipVerify">
+                  <label class="col-sm-4 col-lg-3 control-label text-left">TLS CA certificate</label>
+                  <div class="col-sm-8 col-lg-9">
                     <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCACert">Select file</button>
                     <span style="margin-left: 5px;">
                       {{ formValues.TLSCACert.name }}
@@ -122,38 +151,40 @@
                   </div>
                 </div>
                 <!-- !ca-input -->
-                <!-- cert-input -->
-                <div class="form-group">
-                  <label for="tls_cert" class="col-sm-3 control-label text-left">TLS certificate</label>
-                  <div class="col-sm-9">
-                    <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCert">Select file</button>
-                    <span style="margin-left: 5px;">
-                      {{ formValues.TLSCert.name }}
-                      <i class="fa fa-times red-icon" ng-if="!formValues.TLSCert" aria-hidden="true"></i>
-                      <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                    </span>
+                <div ng-if="!formValues.TLSSKipClientVerify">
+                  <!-- cert-input -->
+                  <div class="form-group">
+                    <label for="tls_cert" class="col-sm-4 col-lg-3 control-label text-left">TLS certificate</label>
+                    <div class="col-sm-8 col-lg-9">
+                      <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSCert">Select file</button>
+                      <span style="margin-left: 5px;">
+                        {{ formValues.TLSCert.name }}
+                        <i class="fa fa-times red-icon" ng-if="!formValues.TLSCert" aria-hidden="true"></i>
+                        <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
+                      </span>
+                    </div>
                   </div>
-                </div>
-                <!-- !cert-input -->
-                <!-- key-input -->
-                <div class="form-group">
-                  <label class="col-sm-3 control-label text-left">TLS key</label>
-                  <div class="col-sm-9">
-                    <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSKey">Select file</button>
-                    <span style="margin-left: 5px;">
-                      {{ formValues.TLSKey.name }}
-                      <i class="fa fa-times red-icon" ng-if="!formValues.TLSKey" aria-hidden="true"></i>
-                      <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
-                    </span>
+                  <!-- !cert-input -->
+                  <!-- key-input -->
+                  <div class="form-group">
+                    <label class="col-sm-4 col-lg-3 control-label text-left">TLS key</label>
+                    <div class="col-sm-8 col-lg-9">
+                      <button class="btn btn-sm btn-primary" ngf-select ng-model="formValues.TLSKey">Select file</button>
+                      <span style="margin-left: 5px;">
+                        {{ formValues.TLSKey.name }}
+                        <i class="fa fa-times red-icon" ng-if="!formValues.TLSKey" aria-hidden="true"></i>
+                        <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
+                      </span>
+                    </div>
                   </div>
+                  <!-- !key-input -->
                 </div>
-                <!-- !key-input -->
               </div>
-              <!-- !tls-certs -->
+              <!-- !tls-options -->
               <!-- actions -->
               <div class="form-group">
                 <div class="col-sm-12">
-                  <button type="submit" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && (!formValues.TLSCACert || !formValues.TLSCert || !formValues.TLSKey))" ng-click="createRemoteEndpoint()"><i class="fa fa-plug" aria-hidden="true"></i> Connect</button>
+                  <button type="submit" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.URL || (formValues.TLS && ((formValues.TLSVerify && !formValues.TLSCACert) || (!formValues.TLSSKipClientVerify && (!formValues.TLSCert || !formValues.TLSKey))))" ng-click="createRemoteEndpoint()"><i class="fa fa-plug" aria-hidden="true"></i> Connect</button>
                   <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
                 </div>
               </div>
diff --git a/app/components/initEndpoint/initEndpointController.js b/app/components/initEndpoint/initEndpointController.js
index d653f6869..7b72f7f73 100644
--- a/app/components/initEndpoint/initEndpointController.js
+++ b/app/components/initEndpoint/initEndpointController.js
@@ -2,6 +2,10 @@ angular.module('initEndpoint', [])
 .controller('InitEndpointController', ['$scope', '$state', 'EndpointService', 'StateManager', 'EndpointProvider', 'Notifications',
 function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notifications) {
 
+  if (!_.isEmpty($scope.applicationState.endpoint)) {
+    $state.go('dashboard');
+  }
+
   $scope.logo = StateManager.getState().application.logo;
 
   $scope.state = {
@@ -13,24 +17,22 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
     Name: '',
     URL: '',
     TLS: false,
+    TLSSkipVerify: false,
+    TLSSKipClientVerify: false,
     TLSCACert: null,
     TLSCert: null,
     TLSKey: null
   };
 
-  if (!_.isEmpty($scope.applicationState.endpoint)) {
-    $state.go('dashboard');
-  }
-
-
   $scope.createLocalEndpoint = function() {
     $('#createResourceSpinner').show();
     var name = 'local';
     var URL = 'unix:///var/run/docker.sock';
 
+    var endpointID = 1;
     EndpointService.createLocalEndpoint(name, URL, false, true)
     .then(function success(data) {
-      var endpointID = data.Id;
+      endpointID = data.Id;
       EndpointProvider.setEndpointID(endpointID);
       return StateManager.updateEndpointState(false);
     })
@@ -38,7 +40,8 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
       $state.go('dashboard');
     })
     .catch(function error(err) {
-      Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
+      Notifications.error('Failure', err, 'Unable to connect to the Docker environment');
+      EndpointService.deleteEndpoint(endpointID);
     })
     .finally(function final() {
       $('#createResourceSpinner').hide();
@@ -51,13 +54,16 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
     var URL = $scope.formValues.URL;
     var PublicURL = URL.split(':')[0];
     var TLS = $scope.formValues.TLS;
-    var TLSCAFile = $scope.formValues.TLSCACert;
-    var TLSCertFile = $scope.formValues.TLSCert;
-    var TLSKeyFile = $scope.formValues.TLSKey;
+    var TLSSkipVerify = TLS && $scope.formValues.TLSSkipVerify;
+    var TLSSKipClientVerify = TLS && $scope.formValues.TLSSKipClientVerify;
+    var TLSCAFile = TLSSkipVerify ? null : $scope.formValues.TLSCACert;
+    var TLSCertFile = TLSSKipClientVerify ? null : $scope.formValues.TLSCert;
+    var TLSKeyFile = TLSSKipClientVerify ? null : $scope.formValues.TLSKey;
 
-    EndpointService.createRemoteEndpoint(name, URL, PublicURL, TLS, TLSCAFile, TLSCertFile, TLSKeyFile)
+    var endpointID = 1;
+    EndpointService.createRemoteEndpoint(name, URL, PublicURL, TLS, TLSSkipVerify, TLSSKipClientVerify, TLSCAFile, TLSCertFile, TLSKeyFile)
     .then(function success(data) {
-      var endpointID = data.Id;
+      endpointID = data.Id;
       EndpointProvider.setEndpointID(endpointID);
       return StateManager.updateEndpointState(false);
     })
@@ -65,7 +71,8 @@ function ($scope, $state, EndpointService, StateManager, EndpointProvider, Notif
       $state.go('dashboard');
     })
     .catch(function error(err) {
-      Notifications.error('Failure', err, 'Unable to connect to the Docker endpoint');
+      Notifications.error('Failure', err, 'Unable to connect to the Docker environment');
+      EndpointService.deleteEndpoint(endpointID);
     })
     .finally(function final() {
       $('#createResourceSpinner').hide();
diff --git a/app/directives/endpointSecurity/por-endpoint-security.js b/app/directives/endpointSecurity/por-endpoint-security.js
new file mode 100644
index 000000000..51567dc18
--- /dev/null
+++ b/app/directives/endpointSecurity/por-endpoint-security.js
@@ -0,0 +1,12 @@
+angular.module('portainer').component('porEndpointSecurity', {
+  templateUrl: 'app/directives/endpointSecurity/porEndpointSecurity.html',
+  controller: 'porEndpointSecurityController',
+  bindings: {
+    // This object will be populated with the form data.
+    // Model reference in endpointSecurityModel.js
+    formData: '=',
+    // The component will use this object to initialize the default values
+    // if present.
+    endpoint: '<'
+  }
+});
diff --git a/app/directives/endpointSecurity/porEndpointSecurity.html b/app/directives/endpointSecurity/porEndpointSecurity.html
new file mode 100644
index 000000000..ca86ce940
--- /dev/null
+++ b/app/directives/endpointSecurity/porEndpointSecurity.html
@@ -0,0 +1,126 @@
+<div>
+  <!-- tls-checkbox -->
+  <div class="form-group">
+    <div class="col-sm-12">
+      <label for="tls" class="control-label text-left">
+        TLS
+        <portainer-tooltip position="bottom" message="Enable this option if you need to connect to the Docker endpoint with TLS."></portainer-tooltip>
+      </label>
+      <label class="switch" style="margin-left: 20px;">
+        <input type="checkbox" ng-model="$ctrl.formData.TLS"><i></i>
+      </label>
+    </div>
+  </div>
+  <!-- !tls-checkbox -->
+  <div class="col-sm-12 form-section-title" ng-if="$ctrl.formData.TLS">
+    TLS mode
+  </div>
+  <!-- note -->
+  <div class="form-group" ng-if="$ctrl.formData.TLS">
+    <div class="col-sm-12">
+      <span class="small text-muted">
+        You can find out more information about how to protect a Docker environment with TLS in the <a href="https://docs.docker.com/engine/security/https/" target="_blank">Docker documentation</a>.
+      </span>
+    </div>
+  </div>
+  <div class="form-group"></div>
+  <!-- endpoint-tls-mode -->
+  <div class="form-group" style="margin-bottom: 0" ng-if="$ctrl.formData.TLS">
+    <div class="boxselector_wrapper">
+      <div>
+        <input type="radio" id="tls_client_ca" ng-model="$ctrl.formData.TLSMode" value="tls_client_ca">
+        <label for="tls_client_ca">
+          <div class="boxselector_header">
+            <i class="fa fa-shield" aria-hidden="true" style="margin-right: 2px;"></i>
+            TLS with server and client verification
+          </div>
+          <p>Use client certificates and server verification</p>
+        </label>
+      </div>
+      <div>
+        <input type="radio" id="tls_client_noca" ng-model="$ctrl.formData.TLSMode" value="tls_client_noca">
+        <label for="tls_client_noca">
+          <div class="boxselector_header">
+            <i class="fa fa-shield" aria-hidden="true" style="margin-right: 2px;"></i>
+            TLS with client verification only
+          </div>
+          <p>Use client certificates without server verification</p>
+        </label>
+      </div>
+      <div>
+        <input type="radio" id="tls_ca" ng-model="$ctrl.formData.TLSMode" value="tls_ca">
+        <label for="tls_ca">
+          <div class="boxselector_header">
+            <i class="fa fa-shield" aria-hidden="true" style="margin-right: 2px;"></i>
+            TLS with server verification only
+          </div>
+          <p>Only verify the server certificate</p>
+        </label>
+      </div>
+      <div>
+        <input type="radio" id="tls_only" ng-model="$ctrl.formData.TLSMode" value="tls_only">
+        <label for="tls_only">
+          <div class="boxselector_header">
+            <i class="fa fa-shield" aria-hidden="true" style="margin-right: 2px;"></i>
+            TLS only
+          </div>
+          <p>No server/client verification</p>
+        </label>
+      </div>
+    </div>
+  </div>
+  <!-- !endpoint-tls-mode -->
+  <div class="col-sm-12 form-section-title" ng-if="$ctrl.formData.TLS && $ctrl.formData.TLSMode !== 'tls_only'">
+    Required TLS files
+  </div>
+  <!-- tls-file-upload -->
+  <div ng-if="$ctrl.formData.TLS">
+    <!-- tls-file-ca -->
+    <div class="form-group" ng-if="$ctrl.formData.TLSMode === 'tls_client_ca' || $ctrl.formData.TLSMode === 'tls_ca'">
+      <label class="col-sm-3 col-lg-2 control-label text-left">TLS CA certificate</label>
+      <div class="col-sm-9 col-lg-10">
+        <button class="btn btn-sm btn-primary" ngf-select ng-model="$ctrl.formData.TLSCACert">Select file</button>
+        <span style="margin-left: 5px;">
+          {{ $ctrl.formData.TLSCACert.name }}
+          <i class="fa fa-check green-icon" ng-if="$ctrl.formData.TLSCACert && $ctrl.formData.TLSCACert === $ctrl.endpoint.TLSConfig.TLSCACert" aria-hidden="true"></i>
+          <i class="fa fa-times red-icon" ng-if="!$ctrl.formData.TLSCACert" aria-hidden="true"></i>
+          <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
+        </span>
+      </div>
+    </div>
+    <!-- !tls-file-ca -->
+    <!-- tls-files-cert-key -->
+    <div ng-if="$ctrl.formData.TLSMode === 'tls_client_ca' || $ctrl.formData.TLSMode === 'tls_client_noca'">
+      <!-- tls-file-cert -->
+      <div class="form-group">
+        <label for="tls_cert" class="col-sm-3 col-lg-2 control-label text-left">TLS certificate</label>
+        <div class="col-sm-9 col-lg-10">
+          <button class="btn btn-sm btn-primary" ngf-select ng-model="$ctrl.formData.TLSCert">Select file</button>
+          <span style="margin-left: 5px;">
+            {{ $ctrl.formData.TLSCert.name }}
+            <i class="fa fa-check green-icon" ng-if="$ctrl.formData.TLSCert && $ctrl.formData.TLSCert === $ctrl.endpoint.TLSConfig.TLSCert" aria-hidden="true"></i>
+            <i class="fa fa-times red-icon" ng-if="!$ctrl.formData.TLSCert" aria-hidden="true"></i>
+            <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
+          </span>
+        </div>
+      </div>
+      <!-- !tls-file-cert -->
+      <!-- tls-file-key -->
+      <div class="form-group">
+        <label class="col-sm-3 col-lg-2 control-label text-left">TLS key</label>
+        <div class="col-sm-9 col-lg-10">
+          <button class="btn btn-sm btn-primary" ngf-select ng-model="$ctrl.formData.TLSKey">Select file</button>
+          <span style="margin-left: 5px;">
+            {{ $ctrl.formData.TLSKey.name }}
+            <i class="fa fa-check green-icon" ng-if="$ctrl.formData.TLSKey && $ctrl.formData.TLSKey === $ctrl.endpoint.TLSConfig.TLSKey" aria-hidden="true"></i>
+            <i class="fa fa-times red-icon" ng-if="!$ctrl.formData.TLSKey" aria-hidden="true"></i>
+            <i class="fa fa-circle-o-notch fa-spin" ng-if="state.uploadInProgress"></i>
+          </span>
+        </div>
+      </div>
+      <!-- !tls-file-key -->
+    </div>
+    <!-- tls-files-cert-key -->
+  </div>
+  <!-- !tls-file-upload -->
+</div>
diff --git a/app/directives/endpointSecurity/porEndpointSecurityController.js b/app/directives/endpointSecurity/porEndpointSecurityController.js
new file mode 100644
index 000000000..059903047
--- /dev/null
+++ b/app/directives/endpointSecurity/porEndpointSecurityController.js
@@ -0,0 +1,32 @@
+angular.module('portainer')
+.controller('porEndpointSecurityController', [function () {
+  var ctrl = this;
+
+  function initComponent() {
+    if (ctrl.endpoint) {
+      var endpoint = ctrl.endpoint;
+      var TLS = endpoint.TLSConfig.TLS;
+      ctrl.formData.TLS = TLS;
+      var CACert = endpoint.TLSConfig.TLSCACert;
+      ctrl.formData.TLSCACert = CACert;
+      var cert = endpoint.TLSConfig.TLSCert;
+      ctrl.formData.TLSCert = cert;
+      var key = endpoint.TLSConfig.TLSKey;
+      ctrl.formData.TLSKey = key;
+
+      if (TLS) {
+        if (CACert && cert && key) {
+          ctrl.formData.TLSMode = 'tls_client_ca';
+        } else if (cert && key) {
+          ctrl.formData.TLSMode = 'tls_client_noca';
+        } else if (CACert) {
+          ctrl.formData.TLSMode = 'tls_ca';
+        } else {
+          ctrl.formData.TLSMode = 'tls_only';
+        }
+      }
+    }
+  }
+
+  initComponent();
+}]);
diff --git a/app/directives/endpointSecurity/porEndpointSecurityModel.js b/app/directives/endpointSecurity/porEndpointSecurityModel.js
new file mode 100644
index 000000000..94f6b0be2
--- /dev/null
+++ b/app/directives/endpointSecurity/porEndpointSecurityModel.js
@@ -0,0 +1,7 @@
+function EndpointSecurityFormData() {
+  this.TLS = false;
+  this.TLSMode = 'tls_client_ca';
+  this.TLSCACert = null;
+  this.TLSCert = null;
+  this.TLSKey = null;
+}
diff --git a/app/services/api/endpointService.js b/app/services/api/endpointService.js
index 693f9aea9..742b2fc3c 100644
--- a/app/services/api/endpointService.js
+++ b/app/services/api/endpointService.js
@@ -20,6 +20,8 @@ angular.module('portainer.services')
       name: endpointParams.name,
       PublicURL: endpointParams.PublicURL,
       TLS: endpointParams.TLS,
+      TLSSkipVerify: endpointParams.TLSSkipVerify,
+      TLSSkipClientVerify: endpointParams.TLSSkipClientVerify,
       authorizedUsers: endpointParams.authorizedUsers
     };
     if (endpointParams.type && endpointParams.URL) {
@@ -55,18 +57,20 @@ angular.module('portainer.services')
     return Endpoints.create({}, endpoint).$promise;
   };
 
-  service.createRemoteEndpoint = function(name, URL, PublicURL, TLS, TLSCAFile, TLSCertFile, TLSKeyFile) {
+  service.createRemoteEndpoint = function(name, URL, PublicURL, TLS, TLSSkipVerify, TLSSkipClientVerify, TLSCAFile, TLSCertFile, TLSKeyFile) {
     var endpoint = {
       Name: name,
       URL: 'tcp://' + URL,
       PublicURL: PublicURL,
-      TLS: TLS
+      TLS: TLS,
+      TLSSkipVerify: TLSSkipVerify,
+      TLSSkipClientVerify: TLSSkipClientVerify
     };
     var deferred = $q.defer();
     Endpoints.create({}, endpoint).$promise
     .then(function success(data) {
       var endpointID = data.Id;
-      if (TLS) {
+      if (!TLSSkipVerify || !TLSSkipClientVerify) {
         deferred.notify({upload: true});
         FileUploadService.uploadTLSFilesForEndpoint(endpointID, TLSCAFile, TLSCertFile, TLSKeyFile)
         .then(function success() {

From f96b70841f2e5e0395a63ffee0740b84d6f2fe95 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Thu, 14 Sep 2017 10:22:27 +0200
Subject: [PATCH 20/33] feat(swarm-visualizer): add a platform icon next to
 node name (#1191)

---
 app/components/swarmVisualizer/swarmVisualizer.html | 10 +++++++++-
 assets/css/app.css                                  |  5 +++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/components/swarmVisualizer/swarmVisualizer.html b/app/components/swarmVisualizer/swarmVisualizer.html
index 373f9f899..2d71cb53b 100644
--- a/app/components/swarmVisualizer/swarmVisualizer.html
+++ b/app/components/swarmVisualizer/swarmVisualizer.html
@@ -64,7 +64,15 @@
         <div class="visualizer_container">
           <div class="node" ng-repeat="node in visualizerData.nodes track by $index">
             <div class="node_info">
-              <div><b>{{ node.Hostname }}</b></div>
+              <div>
+                <div>
+                  <b>{{ node.Hostname }}</b>
+                  <span class="node_platform">
+                    <i class="fa fa-linux" aria-hidden="true" ng-if="node.PlatformOS === 'linux'"></i>
+                    <i class="fa fa-windows" aria-hidden="true" ng-if="node.PlatformOS === 'windows'"></i>
+                  </span>
+                </div>
+              </div>
               <div>{{ node.Role }}</div>
             </div>
             <div class="tasks">
diff --git a/assets/css/app.css b/assets/css/app.css
index 74964a26b..5a4d2d88a 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -500,6 +500,11 @@ ul.sidebar .sidebar-list .sidebar-sublist a.active {
   padding-bottom: 10px;
 }
 
+.visualizer_container .node .node_info .node_platform {
+  margin-left: 2px;
+  font-size: 16px;
+}
+
 .visualizer_container .node .tasks {
   display: flex;
   flex-direction: column;

From d653391cdd6c997dd0b2a42b1ec0fac01253ac9f Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Thu, 14 Sep 2017 11:09:36 +0200
Subject: [PATCH 21/33] feat(api): write Docker response code when using local
 proxy (#1192)

---
 api/http/proxy/socket.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/http/proxy/socket.go b/api/http/proxy/socket.go
index 740010a63..5a9158492 100644
--- a/api/http/proxy/socket.go
+++ b/api/http/proxy/socket.go
@@ -34,6 +34,9 @@ func (proxy *socketProxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			w.Header().Add(k, v)
 		}
 	}
+
+	w.WriteHeader(res.StatusCode)
+
 	if _, err := io.Copy(w, res.Body); err != nil {
 		httperror.WriteErrorResponse(w, err, http.StatusInternalServerError, nil)
 	}

From 851a1ac64ccdcaf1870362c7cc5d39ac600a4368 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Fri, 15 Sep 2017 09:57:04 +0200
Subject: [PATCH 22/33] feat(sidebar): restrict access to Events for
 administrators only (#1193)

---
 app/components/sidebar/sidebar.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/components/sidebar/sidebar.html b/app/components/sidebar/sidebar.html
index 068dab150..79117e697 100644
--- a/app/components/sidebar/sidebar.html
+++ b/app/components/sidebar/sidebar.html
@@ -43,7 +43,7 @@
     <li class="sidebar-list" ng-if="applicationState.endpoint.apiVersion >= 1.25 && applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE' && applicationState.endpoint.mode.role === 'MANAGER'">
       <a ui-sref="secrets" ui-sref-active="active">Secrets <span class="menu-icon fa fa-user-secret"></span></a>
     </li>
-    <li class="sidebar-list" ng-if="applicationState.endpoint.mode.provider === 'DOCKER_STANDALONE' || applicationState.endpoint.mode.provider === 'VMWARE_VIC'">
+    <li class="sidebar-list" ng-if="(applicationState.endpoint.mode.provider === 'DOCKER_STANDALONE' || applicationState.endpoint.mode.provider === 'VMWARE_VIC') && isAdmin">
       <a ui-sref="events" ui-sref-active="active">Events <span class="menu-icon fa fa-history"></span></a>
     </li>
     <li class="sidebar-list" ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM' || (applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE' && applicationState.endpoint.mode.role === 'MANAGER')">

From 774738110b5a16efab6ab7b65ec2893ae1bf1edf Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Sun, 17 Sep 2017 17:07:19 +0200
Subject: [PATCH 23/33] feat(auth): add an auto-focus directive and remove
 username placeholder

---
 app/components/auth/auth.html           |  2 +-
 app/components/initAdmin/initAdmin.html |  2 +-
 app/directives/autofocus.js             | 14 ++++++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 app/directives/autofocus.js

diff --git a/app/components/auth/auth.html b/app/components/auth/auth.html
index fe53cc0b5..f58276395 100644
--- a/app/components/auth/auth.html
+++ b/app/components/auth/auth.html
@@ -16,7 +16,7 @@
             <!-- username input -->
             <div class="input-group">
               <span class="input-group-addon"><i class="fa fa-user" aria-hidden="true"></i></span>
-              <input id="username" type="text" class="form-control" name="username" ng-model="formValues.Username" placeholder="admin" autofocus>
+              <input id="username" type="text" class="form-control" name="username" ng-model="formValues.Username" auto-focus>
             </div>
             <!-- !username input -->
             <!-- password input -->
diff --git a/app/components/initAdmin/initAdmin.html b/app/components/initAdmin/initAdmin.html
index 775a1b5e9..6fbcccaf9 100644
--- a/app/components/initAdmin/initAdmin.html
+++ b/app/components/initAdmin/initAdmin.html
@@ -36,7 +36,7 @@
             <div class="form-group">
               <label for="password" class="col-sm-4 control-label text-left">Password</label>
               <div class="col-sm-8">
-                <input type="password" class="form-control" ng-model="formValues.Password" id="password">
+                <input type="password" class="form-control" ng-model="formValues.Password" id="password" auto-focus>
               </div>
             </div>
             <!-- !new-password-input -->
diff --git a/app/directives/autofocus.js b/app/directives/autofocus.js
new file mode 100644
index 000000000..0b9029c33
--- /dev/null
+++ b/app/directives/autofocus.js
@@ -0,0 +1,14 @@
+angular
+.module('portainer')
+.directive('autoFocus', ['$timeout', function porAutoFocus($timeout) {
+  var directive = {
+    restrict: 'A',
+    link: function($scope, $element) {
+      $timeout(function() {
+        $element[0].focus();
+      });
+    }
+  };
+
+  return directive;
+}]);

From a2b4cd8050c58928d2263a674acecca3a47acc60 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 16:58:30 +0200
Subject: [PATCH 24/33] feat(networks): add UAC (#1196)

---
 api/http/handler/resource_control.go          |  2 +
 api/http/proxy/decorator.go                   | 24 +++++++
 api/http/proxy/filter.go                      | 25 +++++++
 api/http/proxy/networks.go                    | 66 +++++++++++++++++
 api/http/proxy/transport.go                   | 33 +++++++--
 api/portainer.go                              |  2 +
 .../createNetwork/createNetworkController.js  | 70 ++++++++++++------
 .../createNetwork/createnetwork.html          |  6 +-
 app/components/network/network.html           |  9 +++
 app/components/network/networkController.js   |  6 +-
 app/components/networks/networks.html         | 72 ++++++-------------
 app/components/networks/networksController.js | 54 ++++----------
 app/models/docker/network.js                  | 16 +++++
 app/services/docker/networkService.js         | 31 ++++++++
 app/services/notifications.js                 |  2 +
 15 files changed, 295 insertions(+), 123 deletions(-)
 create mode 100644 api/http/proxy/networks.go
 create mode 100644 app/models/docker/network.js

diff --git a/api/http/handler/resource_control.go b/api/http/handler/resource_control.go
index 7c35dec39..d84824cb5 100644
--- a/api/http/handler/resource_control.go
+++ b/api/http/handler/resource_control.go
@@ -78,6 +78,8 @@ func (handler *ResourceHandler) handlePostResources(w http.ResponseWriter, r *ht
 		resourceControlType = portainer.ServiceResourceControl
 	case "volume":
 		resourceControlType = portainer.VolumeResourceControl
+	case "network":
+		resourceControlType = portainer.NetworkResourceControl
 	default:
 		httperror.WriteErrorResponse(w, portainer.ErrInvalidResourceControlType, http.StatusBadRequest, handler.Logger)
 		return
diff --git a/api/http/proxy/decorator.go b/api/http/proxy/decorator.go
index cc35fa7a3..7881f697a 100644
--- a/api/http/proxy/decorator.go
+++ b/api/http/proxy/decorator.go
@@ -82,6 +82,30 @@ func decorateServiceList(serviceData []interface{}, resourceControls []portainer
 	return decoratedServiceData, nil
 }
 
+// decorateNetworkList loops through all networks and will decorate any network with an existing resource control.
+// Network object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/NetworkList
+func decorateNetworkList(networkData []interface{}, resourceControls []portainer.ResourceControl) ([]interface{}, error) {
+	decoratedNetworkData := make([]interface{}, 0)
+
+	for _, network := range networkData {
+
+		networkObject := network.(map[string]interface{})
+		if networkObject[networkIdentifier] == nil {
+			return nil, ErrDockerNetworkIdentifierNotFound
+		}
+
+		networkID := networkObject[networkIdentifier].(string)
+		resourceControl := getResourceControlByResourceID(networkID, resourceControls)
+		if resourceControl != nil {
+			networkObject = decorateObject(networkObject, resourceControl)
+		}
+
+		decoratedNetworkData = append(decoratedNetworkData, networkObject)
+	}
+
+	return decoratedNetworkData, nil
+}
+
 func decorateObject(object map[string]interface{}, resourceControl *portainer.ResourceControl) map[string]interface{} {
 	metadata := make(map[string]interface{})
 	metadata["ResourceControl"] = resourceControl
diff --git a/api/http/proxy/filter.go b/api/http/proxy/filter.go
index 0e66ab4fd..3f555f0be 100644
--- a/api/http/proxy/filter.go
+++ b/api/http/proxy/filter.go
@@ -110,3 +110,28 @@ func filterServiceList(serviceData []interface{}, resourceControls []portainer.R
 
 	return filteredServiceData, nil
 }
+
+// filterNetworkList loops through all networks, filters networks without any resource control (public resources) or with
+// any resource control giving access to the user (these networks will be decorated).
+// Network object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/NetworkList
+func filterNetworkList(networkData []interface{}, resourceControls []portainer.ResourceControl, userID portainer.UserID, userTeamIDs []portainer.TeamID) ([]interface{}, error) {
+	filteredNetworkData := make([]interface{}, 0)
+
+	for _, network := range networkData {
+		networkObject := network.(map[string]interface{})
+		if networkObject[networkIdentifier] == nil {
+			return nil, ErrDockerNetworkIdentifierNotFound
+		}
+
+		networkID := networkObject[networkIdentifier].(string)
+		resourceControl := getResourceControlByResourceID(networkID, resourceControls)
+		if resourceControl == nil {
+			filteredNetworkData = append(filteredNetworkData, networkObject)
+		} else if resourceControl != nil && canUserAccessResource(userID, userTeamIDs, resourceControl) {
+			networkObject = decorateObject(networkObject, resourceControl)
+			filteredNetworkData = append(filteredNetworkData, networkObject)
+		}
+	}
+
+	return filteredNetworkData, nil
+}
diff --git a/api/http/proxy/networks.go b/api/http/proxy/networks.go
new file mode 100644
index 000000000..2e2549408
--- /dev/null
+++ b/api/http/proxy/networks.go
@@ -0,0 +1,66 @@
+package proxy
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+)
+
+const (
+	// ErrDockerNetworkIdentifierNotFound defines an error raised when Portainer is unable to find a network identifier
+	ErrDockerNetworkIdentifierNotFound = portainer.Error("Docker network identifier not found")
+	networkIdentifier                  = "Id"
+)
+
+// networkListOperation extracts the response as a JSON object, loop through the networks array
+// decorate and/or filter the networks based on resource controls before rewriting the response
+func networkListOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
+	var err error
+	// NetworkList response is a JSON array
+	// https://docs.docker.com/engine/api/v1.28/#operation/NetworkList
+	responseArray, err := getResponseAsJSONArray(response)
+	if err != nil {
+		return err
+	}
+
+	if executor.operationContext.isAdmin {
+		responseArray, err = decorateNetworkList(responseArray, executor.operationContext.resourceControls)
+	} else {
+		responseArray, err = filterNetworkList(responseArray, executor.operationContext.resourceControls,
+			executor.operationContext.userID, executor.operationContext.userTeamIDs)
+	}
+	if err != nil {
+		return err
+	}
+
+	return rewriteResponse(response, responseArray, http.StatusOK)
+}
+
+// networkInspectOperation extracts the response as a JSON object, verify that the user
+// has access to the network based on resource control and either rewrite an access denied response
+// or a decorated network.
+func networkInspectOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
+	// NetworkInspect response is a JSON object
+	// https://docs.docker.com/engine/api/v1.28/#operation/NetworkInspect
+	responseObject, err := getResponseAsJSONOBject(response)
+	if err != nil {
+		return err
+	}
+
+	if responseObject[networkIdentifier] == nil {
+		return ErrDockerNetworkIdentifierNotFound
+	}
+	networkID := responseObject[networkIdentifier].(string)
+
+	resourceControl := getResourceControlByResourceID(networkID, executor.operationContext.resourceControls)
+	if resourceControl != nil {
+		if executor.operationContext.isAdmin || canUserAccessResource(executor.operationContext.userID,
+			executor.operationContext.userTeamIDs, resourceControl) {
+			responseObject = decorateObject(responseObject, resourceControl)
+		} else {
+			return rewriteAccessDeniedResponse(response)
+		}
+	}
+
+	return rewriteResponse(response, responseObject, http.StatusOK)
+}
diff --git a/api/http/proxy/transport.go b/api/http/proxy/transport.go
index 76c4f43f7..09f6418b2 100644
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@@ -53,17 +53,20 @@ func (p *proxyTransport) executeDockerRequest(request *http.Request) (*http.Resp
 func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Response, error) {
 	path := request.URL.Path
 
-	if strings.HasPrefix(path, "/containers") {
+	switch {
+	case strings.HasPrefix(path, "/containers"):
 		return p.proxyContainerRequest(request)
-	} else if strings.HasPrefix(path, "/services") {
+	case strings.HasPrefix(path, "/services"):
 		return p.proxyServiceRequest(request)
-	} else if strings.HasPrefix(path, "/volumes") {
+	case strings.HasPrefix(path, "/volumes"):
 		return p.proxyVolumeRequest(request)
-	} else if strings.HasPrefix(path, "/swarm") {
+	case strings.HasPrefix(path, "/networks"):
+		return p.proxyNetworkRequest(request)
+	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
+	default:
+		return p.executeDockerRequest(request)
 	}
-
-	return p.executeDockerRequest(request)
 }
 
 func (p *proxyTransport) proxyContainerRequest(request *http.Request) (*http.Response, error) {
@@ -145,6 +148,24 @@ func (p *proxyTransport) proxyVolumeRequest(request *http.Request) (*http.Respon
 	}
 }
 
+func (p *proxyTransport) proxyNetworkRequest(request *http.Request) (*http.Response, error) {
+	switch requestPath := request.URL.Path; requestPath {
+	case "/networks/create":
+		return p.executeDockerRequest(request)
+
+	case "/networks":
+		return p.rewriteOperation(request, networkListOperation)
+
+	default:
+		// assume /networks/{name}
+		if request.Method == http.MethodGet {
+			return p.rewriteOperation(request, networkInspectOperation)
+		}
+		volumeID := path.Base(requestPath)
+		return p.restrictedOperation(request, volumeID)
+	}
+}
+
 func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
 	return p.administratorOperation(request)
 }
diff --git a/api/portainer.go b/api/portainer.go
index 13d8b82e1..024f8998a 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -399,4 +399,6 @@ const (
 	ServiceResourceControl
 	// VolumeResourceControl represents a resource control associated to a Docker volume
 	VolumeResourceControl
+	// NetworkResourceControl represents a resource control associated to a Docker network
+	NetworkResourceControl
 )
diff --git a/app/components/createNetwork/createNetworkController.js b/app/components/createNetwork/createNetworkController.js
index ee0a1e838..dc804b7a3 100644
--- a/app/components/createNetwork/createNetworkController.js
+++ b/app/components/createNetwork/createNetworkController.js
@@ -1,12 +1,17 @@
 angular.module('createNetwork', [])
-.controller('CreateNetworkController', ['$q', '$scope', '$state', 'PluginService', 'Notifications', 'Network', 'LabelHelper',
-function ($q, $scope, $state, PluginService, Notifications, Network, LabelHelper) {
+.controller('CreateNetworkController', ['$q', '$scope', '$state', 'PluginService', 'Notifications', 'NetworkService', 'LabelHelper', 'Authentication', 'ResourceControlService', 'FormValidator',
+function ($q, $scope, $state, PluginService, Notifications, NetworkService, LabelHelper, Authentication, ResourceControlService, FormValidator) {
 
   $scope.formValues = {
     DriverOptions: [],
     Subnet: '',
     Gateway: '',
-    Labels: []
+    Labels: [],
+    AccessControlData: new AccessControlFormData()
+  };
+
+  $scope.state = {
+    formValidationError: ''
   };
 
   $scope.availableNetworkDrivers = [];
@@ -40,23 +45,6 @@ function ($q, $scope, $state, PluginService, Notifications, Network, LabelHelper
     $scope.formValues.Labels.splice(index, 1);
   };
 
-  function createNetwork(config) {
-    $('#createNetworkSpinner').show();
-    Network.create(config, function (d) {
-      if (d.message) {
-        $('#createNetworkSpinner').hide();
-        Notifications.error('Unable to create network', {}, d.message);
-      } else {
-        Notifications.success('Network created', d.Id);
-        $('#createNetworkSpinner').hide();
-        $state.go('networks', {}, {reload: true});
-      }
-    }, function (e) {
-      $('#createNetworkSpinner').hide();
-      Notifications.error('Failure', e, 'Unable to create network');
-    });
-  }
-
   function prepareIPAMConfiguration(config) {
     if ($scope.formValues.Subnet) {
       var ipamConfig = {};
@@ -88,9 +76,47 @@ function ($q, $scope, $state, PluginService, Notifications, Network, LabelHelper
     return config;
   }
 
+  function validateForm(accessControlData, isAdmin) {
+    $scope.state.formValidationError = '';
+    var error = '';
+    error = FormValidator.validateAccessControl(accessControlData, isAdmin);
+
+    if (error) {
+      $scope.state.formValidationError = error;
+      return false;
+    }
+    return true;
+  }
+
   $scope.create = function () {
-    var config = prepareConfiguration();
-    createNetwork(config);
+    $('#createResourceSpinner').show();
+
+    var networkConfiguration = prepareConfiguration();
+    var accessControlData = $scope.formValues.AccessControlData;
+    var userDetails = Authentication.getUserDetails();
+    var isAdmin = userDetails.role === 1 ? true : false;
+
+    if (!validateForm(accessControlData, isAdmin)) {
+      $('#createResourceSpinner').hide();
+      return;
+    }
+
+    NetworkService.create(networkConfiguration)
+    .then(function success(data) {
+      var networkIdentifier = data.Id;
+      var userId = userDetails.ID;
+      return ResourceControlService.applyResourceControl('network', networkIdentifier, userId, accessControlData, []);
+    })
+    .then(function success() {
+      Notifications.success('Network successfully created');
+      $state.go('networks', {}, {reload: true});
+    })
+    .catch(function error(err) {
+      Notifications.error('Failure', err, 'An error occured during network creation');
+    })
+    .finally(function final() {
+      $('#createResourceSpinner').hide();
+    });
   };
 
   function initView() {
diff --git a/app/components/createNetwork/createnetwork.html b/app/components/createNetwork/createnetwork.html
index c01da87e2..4d5636a10 100644
--- a/app/components/createNetwork/createnetwork.html
+++ b/app/components/createNetwork/createnetwork.html
@@ -121,6 +121,9 @@
             </div>
           </div>
           <!-- !internal -->
+          <!-- access-control -->
+          <por-access-control-form form-data="formValues.AccessControlData" ng-if="applicationState.application.authentication"></por-access-control-form>
+          <!-- !access-control -->
           <!-- actions -->
           <div class="col-sm-12 form-section-title">
             Actions
@@ -129,7 +132,8 @@
             <div class="col-sm-12">
               <button type="button" class="btn btn-primary btn-sm" ng-disabled="!config.Name" ng-click="create()">Create network</button>
               <a type="button" class="btn btn-default btn-sm" ui-sref="networks">Cancel</a>
-              <i id="createNetworkSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+              <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+              <span class="text-danger" ng-if="state.formValidationError" style="margin-left: 5px;">{{ state.formValidationError }}</span>
             </div>
           </div>
           <!-- !actions -->
diff --git a/app/components/network/network.html b/app/components/network/network.html
index d5eacd7f1..8439a7e9f 100644
--- a/app/components/network/network.html
+++ b/app/components/network/network.html
@@ -48,6 +48,15 @@
   </div>
 </div>
 
+<!-- access-control-panel -->
+<por-access-control-panel
+  ng-if="network && applicationState.application.authentication"
+  resource-id="network.Id"
+  resource-control="network.ResourceControl"
+  resource-type="'network'">
+</por-access-control-panel>
+<!-- !access-control-panel -->
+
 <div class="row" ng-if="!(network.Options | emptyobject)">
   <div class="col-lg-12 col-md-12 col-xs-12">
     <rd-widget>
diff --git a/app/components/network/networkController.js b/app/components/network/networkController.js
index 63f9cb4e8..0af567512 100644
--- a/app/components/network/networkController.js
+++ b/app/components/network/networkController.js
@@ -1,6 +1,6 @@
 angular.module('network', [])
-.controller('NetworkController', ['$scope', '$state', '$stateParams', '$filter', 'Network', 'Container', 'ContainerHelper', 'Notifications',
-function ($scope, $state, $stateParams, $filter, Network, Container, ContainerHelper, Notifications) {
+.controller('NetworkController', ['$scope', '$state', '$stateParams', '$filter', 'Network', 'NetworkService', 'Container', 'ContainerHelper', 'Notifications',
+function ($scope, $state, $stateParams, $filter, Network, NetworkService, Container, ContainerHelper, Notifications) {
 
   $scope.removeNetwork = function removeNetwork(networkId) {
     $('#loadingViewSpinner').show();
@@ -82,7 +82,7 @@ function ($scope, $state, $stateParams, $filter, Network, Container, ContainerHe
 
   function initView() {
     $('#loadingViewSpinner').show();
-    Network.get({id: $stateParams.id}).$promise
+    NetworkService.network($stateParams.id)
     .then(function success(data) {
       $scope.network = data;
       var endpointProvider = $scope.applicationState.endpoint.mode.provider;
diff --git a/app/components/networks/networks.html b/app/components/networks/networks.html
index 7e8442cff..4773aa779 100644
--- a/app/components/networks/networks.html
+++ b/app/components/networks/networks.html
@@ -8,46 +8,6 @@
   <rd-header-content>Networks</rd-header-content>
 </rd-header>
 
-<div class="row">
-  <div class="col-lg-12 col-md-12 col-xs-12">
-    <rd-widget>
-      <rd-widget-header icon="fa-plus" title="Add a network">
-      </rd-widget-header>
-      <rd-widget-body>
-        <form class="form-horizontal">
-          <!-- name-input -->
-          <div class="form-group">
-            <label for="network_name" class="col-sm-1 control-label text-left">Name</label>
-            <div class="col-sm-11">
-              <input type="text" class="form-control" ng-model="config.Name" id="network_name" placeholder="e.g. myNetwork">
-            </div>
-          </div>
-          <!-- !name-input -->
-          <!-- tag-note -->
-          <div class="form-group" ng-if="applicationState.endpoint.mode.provider === 'DOCKER_SWARM' || applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE'">
-            <div class="col-sm-12">
-              <span class="small text-muted">Note: The network will be created using the overlay driver and will allow containers to communicate across the hosts of your cluster.</span>
-            </div>
-          </div>
-          <div class="form-group" ng-if="applicationState.endpoint.mode.provider === 'DOCKER_STANDALONE' || applicationState.endpoint.mode.provider === 'VMWARE_VIC'">
-            <div class="col-sm-12">
-              <span class="small text-muted">Note: The network will be created using the bridge driver.</span>
-            </div>
-          </div>
-          <!-- !tag-note -->
-          <div class="form-group">
-            <div class="col-sm-12">
-              <button type="button" class="btn btn-primary btn-sm" ng-disabled="!config.Name" ng-click="createNetwork()">Create</button>
-              <button type="button" class="btn btn-primary btn-sm" ui-sref="actions.create.network">Advanced settings...</button>
-              <i id="createNetworkSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
-            </div>
-          </div>
-        </form>
-      </rd-widget-body>
-    </rd-widget>
-  </div>
-</div>
-
 <div class="row">
   <div class="col-lg-12 col-md-12 col-xs-12">
     <rd-widget>
@@ -66,6 +26,7 @@
       <rd-widget-taskbar classes="col-lg-12">
         <div class="pull-left">
           <button type="button" class="btn btn-danger" ng-click="removeAction()" ng-disabled="!state.selectedItemCount"><i class="fa fa-trash space-right" aria-hidden="true"></i>Remove</button>
+          <a class="btn btn-primary" type="button" ui-sref="actions.create.network"><i class="fa fa-plus space-right" aria-hidden="true"></i>Add network</a>
         </div>
         <div class="pull-right">
           <input type="text" id="filter" ng-model="state.filter" placeholder="Filter..." class="form-control input-sm" />
@@ -80,54 +41,61 @@
                   <input type="checkbox" ng-model="allSelected" ng-change="selectItems(allSelected)" />
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('Name')">
+                  <a ng-click="order('Name')">
                     Name
                     <span ng-show="sortType == 'Name' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'Name' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('Id')">
+                  <a ng-click="order('Id')">
                     Id
                     <span ng-show="sortType == 'Id' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'Id' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('Scope')">
+                  <a ng-click="order('Scope')">
                     Scope
                     <span ng-show="sortType == 'Scope' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'Scope' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('Driver')">
+                  <a ng-click="order('Driver')">
                     Driver
                     <span ng-show="sortType == 'Driver' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'Driver' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('IPAM.Driver')">
+                  <a ng-click="order('IPAM.Driver')">
                     IPAM Driver
                     <span ng-show="sortType == 'IPAM.Driver' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'IPAM.Driver' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('IPAM.Config[0].Subnet')">
+                  <a ng-click="order('IPAM.Config[0].Subnet')">
                     IPAM Subnet
                     <span ng-show="sortType == 'IPAM.Config[0].Subnet' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'IPAM.Config[0].Subnet' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
                 <th>
-                  <a ui-sref="networks" ng-click="order('IPAM.Config[0].Gateway')">
+                  <a ng-click="order('IPAM.Config[0].Gateway')">
                     IPAM Gateway
                     <span ng-show="sortType == 'IPAM.Config[0].Gateway' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                     <span ng-show="sortType == 'IPAM.Config[0].Gateway' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                   </a>
                 </th>
+                <th ng-if="applicationState.application.authentication">
+                  <a ng-click="order('ResourceControl.Ownership')">
+                    Ownership
+                    <span ng-show="sortType == 'ResourceControl.Ownership' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
+                    <span ng-show="sortType == 'ResourceControl.Ownership' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
+                  </a>
+                </th>
               </tr>
             </thead>
             <tbody>
@@ -140,12 +108,18 @@
                 <td>{{ network.IPAM.Driver }}</td>
                 <td>{{ network.IPAM.Config[0].Subnet ? network.IPAM.Config[0].Subnet : '-' }}</td>
                 <td>{{ network.IPAM.Config[0].Gateway ? network.IPAM.Config[0].Gateway : '-' }}</td>
+                <td ng-if="applicationState.application.authentication">
+                  <span>
+                    <i ng-class="network.ResourceControl.Ownership | ownershipicon" aria-hidden="true"></i>
+                    {{ network.ResourceControl.Ownership ? network.ResourceControl.Ownership : network.ResourceControl.Ownership = 'public' }}
+                  </span>
+                </td>
               </tr>
               <tr ng-if="!networks">
-                <td colspan="8" class="text-center text-muted">Loading...</td>
+                <td colspan="9" class="text-center text-muted">Loading...</td>
               </tr>
               <tr ng-if="networks.length == 0">
-                <td colspan="8" class="text-center text-muted">No networks available.</td>
+                <td colspan="9" class="text-center text-muted">No networks available.</td>
               </tr>
             </tbody>
           </table>
diff --git a/app/components/networks/networksController.js b/app/components/networks/networksController.js
index 8468a1283..1909358ed 100644
--- a/app/components/networks/networksController.js
+++ b/app/components/networks/networksController.js
@@ -1,51 +1,17 @@
 angular.module('networks', [])
-.controller('NetworksController', ['$scope', '$state', 'Network', 'Notifications', 'Pagination',
-function ($scope, $state, Network, Notifications, Pagination) {
+.controller('NetworksController', ['$scope', '$state', 'Network', 'NetworkService', 'Notifications', 'Pagination',
+function ($scope, $state, Network, NetworkService, Notifications, Pagination) {
   $scope.state = {};
   $scope.state.pagination_count = Pagination.getPaginationCount('networks');
   $scope.state.selectedItemCount = 0;
   $scope.state.advancedSettings = false;
   $scope.sortType = 'Name';
   $scope.sortReverse = false;
-  $scope.config = {
-    Name: ''
-  };
 
   $scope.changePaginationCount = function() {
     Pagination.setPaginationCount('networks', $scope.state.pagination_count);
   };
 
-  function prepareNetworkConfiguration() {
-    var config = angular.copy($scope.config);
-    if ($scope.applicationState.endpoint.mode.provider === 'DOCKER_SWARM' || $scope.applicationState.endpoint.mode.provider === 'DOCKER_SWARM_MODE') {
-      config.Driver = 'overlay';
-      // Force IPAM Driver to 'default', should not be required.
-      // See: https://github.com/docker/docker/issues/25735
-      config.IPAM = {
-        Driver: 'default'
-      };
-    }
-    return config;
-  }
-
-  $scope.createNetwork = function() {
-    $('#createNetworkSpinner').show();
-    var config = prepareNetworkConfiguration();
-    Network.create(config, function (d) {
-      if (d.message) {
-        $('#createNetworkSpinner').hide();
-        Notifications.error('Unable to create network', {}, d.message);
-      } else {
-        Notifications.success('Network created', d.Id);
-        $('#createNetworkSpinner').hide();
-        $state.reload();
-      }
-    }, function (e) {
-      $('#createNetworkSpinner').hide();
-      Notifications.error('Failure', e, 'Unable to create network');
-    });
-  };
-
   $scope.order = function(sortType) {
     $scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
     $scope.sortType = sortType;
@@ -99,13 +65,17 @@ function ($scope, $state, Network, Notifications, Pagination) {
 
   function initView() {
     $('#loadNetworksSpinner').show();
-    Network.query({}, function (d) {
-      $scope.networks = d;
-      $('#loadNetworksSpinner').hide();
-    }, function (e) {
-      $('#loadNetworksSpinner').hide();
-      Notifications.error('Failure', e, 'Unable to retrieve networks');
+
+    NetworkService.networks(true, true, true, true)
+    .then(function success(data) {
+      $scope.networks = data;
+    })
+    .catch(function error(err) {
       $scope.networks = [];
+      Notifications.error('Failure', err, 'Unable to retrieve networks');
+    })
+    .finally(function final() {
+      $('#loadNetworksSpinner').hide();
     });
   }
 
diff --git a/app/models/docker/network.js b/app/models/docker/network.js
new file mode 100644
index 000000000..820b35ab6
--- /dev/null
+++ b/app/models/docker/network.js
@@ -0,0 +1,16 @@
+function NetworkViewModel(data) {
+  this.Id = data.Id;
+  this.Name = data.Name;
+  this.Scope = data.Scope;
+  this.Driver = data.Driver;
+  this.Attachable = data.Attachable;
+  this.IPAM = data.IPAM;
+  this.Containers = data.Containers;
+  this.Options = data.Options;
+
+  if (data.Portainer) {
+    if (data.Portainer.ResourceControl) {
+      this.ResourceControl = new ResourceControlViewModel(data.Portainer.ResourceControl);
+    }
+  }
+}
diff --git a/app/services/docker/networkService.js b/app/services/docker/networkService.js
index 013311cf0..41f6961bf 100644
--- a/app/services/docker/networkService.js
+++ b/app/services/docker/networkService.js
@@ -3,6 +3,35 @@ angular.module('portainer.services')
   'use strict';
   var service = {};
 
+  service.create = function(networkConfiguration) {
+    var deferred = $q.defer();
+
+    Network.create(networkConfiguration).$promise
+    .then(function success(data) {
+      deferred.resolve(data);
+    })
+    .catch(function error(err) {
+      deferred.reject({ msg: 'Unable to create network', err: err });
+    });
+    return deferred.promise;
+  };
+
+  service.network = function(id) {
+    var deferred = $q.defer();
+
+    Network.get({id: id}).$promise
+    .then(function success(data) {
+      var network = new NetworkViewModel(data);
+      deferred.resolve(network);
+    })
+    .catch(function error(err) {
+      deferred.reject({msg: 'Unable to retrieve network details', err: err});
+    });
+
+    return deferred.promise;
+  };
+
+
   service.networks = function(localNetworks, swarmNetworks, swarmAttachableNetworks, globalNetworks) {
     var deferred = $q.defer();
 
@@ -23,6 +52,8 @@ angular.module('portainer.services')
         if (globalNetworks && network.Scope === 'global') {
           return network;
         }
+      }).map(function (item) {
+        return new NetworkViewModel(item);
       });
 
       deferred.resolve(filteredNetworks);
diff --git a/app/services/notifications.js b/app/services/notifications.js
index af2be044d..ddc9d0d7a 100644
--- a/app/services/notifications.js
+++ b/app/services/notifications.js
@@ -13,6 +13,8 @@ angular.module('portainer.services')
       msg = e.data.message;
     } else if (e.message) {
       msg = e.message;
+    } else if (e.err && e.err.data && e.err.data.message) {
+      msg = e.err.data.message;
     } else if (e.data && e.data.length > 0 && e.data[0].message) {
       msg = e.data[0].message;
     } else if (e.err && e.err.data && e.err.data.length > 0 && e.err.data[0].message) {

From 61f652da04f2b7cfdd778280fccde24aac904a50 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 17:10:15 +0200
Subject: [PATCH 25/33] feat(secrets): add UAC (#1200)

---
 api/http/handler/resource_control.go          |  2 +
 api/http/proxy/decorator.go                   | 24 +++++++
 api/http/proxy/filter.go                      | 25 +++++++
 api/http/proxy/secrets.go                     | 67 +++++++++++++++++++
 api/http/proxy/transport.go                   | 26 ++++++-
 api/portainer.go                              |  2 +
 .../createSecret/createSecretController.js    | 53 +++++++++++----
 app/components/createSecret/createsecret.html |  6 +-
 app/components/secret/secret.html             |  9 +++
 app/components/secrets/secrets.html           | 21 ++++--
 app/models/docker/secret.js                   |  6 ++
 11 files changed, 221 insertions(+), 20 deletions(-)
 create mode 100644 api/http/proxy/secrets.go

diff --git a/api/http/handler/resource_control.go b/api/http/handler/resource_control.go
index d84824cb5..623e595e9 100644
--- a/api/http/handler/resource_control.go
+++ b/api/http/handler/resource_control.go
@@ -80,6 +80,8 @@ func (handler *ResourceHandler) handlePostResources(w http.ResponseWriter, r *ht
 		resourceControlType = portainer.VolumeResourceControl
 	case "network":
 		resourceControlType = portainer.NetworkResourceControl
+	case "secret":
+		resourceControlType = portainer.SecretResourceControl
 	default:
 		httperror.WriteErrorResponse(w, portainer.ErrInvalidResourceControlType, http.StatusBadRequest, handler.Logger)
 		return
diff --git a/api/http/proxy/decorator.go b/api/http/proxy/decorator.go
index 7881f697a..ff075cc69 100644
--- a/api/http/proxy/decorator.go
+++ b/api/http/proxy/decorator.go
@@ -106,6 +106,30 @@ func decorateNetworkList(networkData []interface{}, resourceControls []portainer
 	return decoratedNetworkData, nil
 }
 
+// decorateSecretList loops through all secrets and will decorate any secret with an existing resource control.
+// Secret object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/SecretList
+func decorateSecretList(secretData []interface{}, resourceControls []portainer.ResourceControl) ([]interface{}, error) {
+	decoratedSecretData := make([]interface{}, 0)
+
+	for _, secret := range secretData {
+
+		secretObject := secret.(map[string]interface{})
+		if secretObject[secretIdentifier] == nil {
+			return nil, ErrDockerSecretIdentifierNotFound
+		}
+
+		secretID := secretObject[secretIdentifier].(string)
+		resourceControl := getResourceControlByResourceID(secretID, resourceControls)
+		if resourceControl != nil {
+			secretObject = decorateObject(secretObject, resourceControl)
+		}
+
+		decoratedSecretData = append(decoratedSecretData, secretObject)
+	}
+
+	return decoratedSecretData, nil
+}
+
 func decorateObject(object map[string]interface{}, resourceControl *portainer.ResourceControl) map[string]interface{} {
 	metadata := make(map[string]interface{})
 	metadata["ResourceControl"] = resourceControl
diff --git a/api/http/proxy/filter.go b/api/http/proxy/filter.go
index 3f555f0be..bc72987d0 100644
--- a/api/http/proxy/filter.go
+++ b/api/http/proxy/filter.go
@@ -135,3 +135,28 @@ func filterNetworkList(networkData []interface{}, resourceControls []portainer.R
 
 	return filteredNetworkData, nil
 }
+
+// filterSecretList loops through all secrets, filters secrets without any resource control (public resources) or with
+// any resource control giving access to the user (these secrets will be decorated).
+// Secret object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/SecretList
+func filterSecretList(secretData []interface{}, resourceControls []portainer.ResourceControl, userID portainer.UserID, userTeamIDs []portainer.TeamID) ([]interface{}, error) {
+	filteredSecretData := make([]interface{}, 0)
+
+	for _, secret := range secretData {
+		secretObject := secret.(map[string]interface{})
+		if secretObject[secretIdentifier] == nil {
+			return nil, ErrDockerSecretIdentifierNotFound
+		}
+
+		secretID := secretObject[secretIdentifier].(string)
+		resourceControl := getResourceControlByResourceID(secretID, resourceControls)
+		if resourceControl == nil {
+			filteredSecretData = append(filteredSecretData, secretObject)
+		} else if resourceControl != nil && canUserAccessResource(userID, userTeamIDs, resourceControl) {
+			secretObject = decorateObject(secretObject, resourceControl)
+			filteredSecretData = append(filteredSecretData, secretObject)
+		}
+	}
+
+	return filteredSecretData, nil
+}
diff --git a/api/http/proxy/secrets.go b/api/http/proxy/secrets.go
new file mode 100644
index 000000000..d0001d3b9
--- /dev/null
+++ b/api/http/proxy/secrets.go
@@ -0,0 +1,67 @@
+package proxy
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+)
+
+const (
+	// ErrDockerSecretIdentifierNotFound defines an error raised when Portainer is unable to find a secret identifier
+	ErrDockerSecretIdentifierNotFound = portainer.Error("Docker secret identifier not found")
+	secretIdentifier                  = "ID"
+)
+
+// secretListOperation extracts the response as a JSON object, loop through the secrets array
+// decorate and/or filter the secrets based on resource controls before rewriting the response
+func secretListOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
+	var err error
+
+	// SecretList response is a JSON array
+	// https://docs.docker.com/engine/api/v1.28/#operation/SecretList
+	responseArray, err := getResponseAsJSONArray(response)
+	if err != nil {
+		return err
+	}
+
+	if executor.operationContext.isAdmin {
+		responseArray, err = decorateSecretList(responseArray, executor.operationContext.resourceControls)
+	} else {
+		responseArray, err = filterSecretList(responseArray, executor.operationContext.resourceControls,
+			executor.operationContext.userID, executor.operationContext.userTeamIDs)
+	}
+	if err != nil {
+		return err
+	}
+
+	return rewriteResponse(response, responseArray, http.StatusOK)
+}
+
+// secretInspectOperation extracts the response as a JSON object, verify that the user
+// has access to the secret based on resource control (check are done based on the secretID and optional Swarm service ID)
+// and either rewrite an access denied response or a decorated secret.
+func secretInspectOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
+	// SecretInspect response is a JSON object
+	// https://docs.docker.com/engine/api/v1.28/#operation/SecretInspect
+	responseObject, err := getResponseAsJSONOBject(response)
+	if err != nil {
+		return err
+	}
+
+	if responseObject[secretIdentifier] == nil {
+		return ErrDockerSecretIdentifierNotFound
+	}
+	secretID := responseObject[secretIdentifier].(string)
+
+	resourceControl := getResourceControlByResourceID(secretID, executor.operationContext.resourceControls)
+	if resourceControl != nil {
+		if executor.operationContext.isAdmin || canUserAccessResource(executor.operationContext.userID,
+			executor.operationContext.userTeamIDs, resourceControl) {
+			responseObject = decorateObject(responseObject, resourceControl)
+		} else {
+			return rewriteAccessDeniedResponse(response)
+		}
+	}
+
+	return rewriteResponse(response, responseObject, http.StatusOK)
+}
diff --git a/api/http/proxy/transport.go b/api/http/proxy/transport.go
index 09f6418b2..35ee6cf2d 100644
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@@ -62,6 +62,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxyVolumeRequest(request)
 	case strings.HasPrefix(path, "/networks"):
 		return p.proxyNetworkRequest(request)
+	case strings.HasPrefix(path, "/secrets"):
+		return p.proxySecretRequest(request)
 	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
 	default:
@@ -157,12 +159,30 @@ func (p *proxyTransport) proxyNetworkRequest(request *http.Request) (*http.Respo
 		return p.rewriteOperation(request, networkListOperation)
 
 	default:
-		// assume /networks/{name}
+		// assume /networks/{id}
 		if request.Method == http.MethodGet {
 			return p.rewriteOperation(request, networkInspectOperation)
 		}
-		volumeID := path.Base(requestPath)
-		return p.restrictedOperation(request, volumeID)
+		networkID := path.Base(requestPath)
+		return p.restrictedOperation(request, networkID)
+	}
+}
+
+func (p *proxyTransport) proxySecretRequest(request *http.Request) (*http.Response, error) {
+	switch requestPath := request.URL.Path; requestPath {
+	case "/secrets/create":
+		return p.executeDockerRequest(request)
+
+	case "/secrets":
+		return p.rewriteOperation(request, secretListOperation)
+
+	default:
+		// assume /secrets/{id}
+		if request.Method == http.MethodGet {
+			return p.rewriteOperation(request, secretInspectOperation)
+		}
+		secretID := path.Base(requestPath)
+		return p.restrictedOperation(request, secretID)
 	}
 }
 
diff --git a/api/portainer.go b/api/portainer.go
index 024f8998a..78c303e37 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -401,4 +401,6 @@ const (
 	VolumeResourceControl
 	// NetworkResourceControl represents a resource control associated to a Docker network
 	NetworkResourceControl
+	// SecretResourceControl represents a resource control associated to a Docker secret
+	SecretResourceControl
 )
diff --git a/app/components/createSecret/createSecretController.js b/app/components/createSecret/createSecretController.js
index 3f2533270..ce94e676b 100644
--- a/app/components/createSecret/createSecretController.js
+++ b/app/components/createSecret/createSecretController.js
@@ -1,11 +1,17 @@
 angular.module('createSecret', [])
-.controller('CreateSecretController', ['$scope', '$state', 'Notifications', 'SecretService', 'LabelHelper',
-function ($scope, $state, Notifications, SecretService, LabelHelper) {
+.controller('CreateSecretController', ['$scope', '$state', 'Notifications', 'SecretService', 'LabelHelper', 'Authentication', 'ResourceControlService', 'FormValidator',
+function ($scope, $state, Notifications, SecretService, LabelHelper, Authentication, ResourceControlService, FormValidator) {
+
   $scope.formValues = {
     Name: '',
     Data: '',
     Labels: [],
-    encodeSecret: true
+    encodeSecret: true,
+    AccessControlData: new AccessControlFormData()
+  };
+
+  $scope.state = {
+    formValidationError: ''
   };
 
   $scope.addLabel = function() {
@@ -36,10 +42,38 @@ function ($scope, $state, Notifications, SecretService, LabelHelper) {
     return config;
   }
 
-  function createSecret(config) {
-    $('#createSecretSpinner').show();
-    SecretService.create(config)
+  function validateForm(accessControlData, isAdmin) {
+    $scope.state.formValidationError = '';
+    var error = '';
+    error = FormValidator.validateAccessControl(accessControlData, isAdmin);
+
+    if (error) {
+      $scope.state.formValidationError = error;
+      return false;
+    }
+    return true;
+  }
+
+  $scope.create = function () {
+    $('#createResourceSpinner').show();
+
+    var accessControlData = $scope.formValues.AccessControlData;
+    var userDetails = Authentication.getUserDetails();
+    var isAdmin = userDetails.role === 1 ? true : false;
+
+    if (!validateForm(accessControlData, isAdmin)) {
+      $('#createResourceSpinner').hide();
+      return;
+    }
+
+    var secretConfiguration = prepareConfiguration();
+    SecretService.create(secretConfiguration)
     .then(function success(data) {
+      var secretIdentifier = data.ID;
+      var userId = userDetails.ID;
+      return ResourceControlService.applyResourceControl('secret', secretIdentifier, userId, accessControlData, []);
+    })
+    .then(function success() {
       Notifications.success('Secret successfully created');
       $state.go('secrets', {}, {reload: true});
     })
@@ -47,12 +81,7 @@ function ($scope, $state, Notifications, SecretService, LabelHelper) {
       Notifications.error('Failure', err, 'Unable to create secret');
     })
     .finally(function final() {
-      $('#createSecretSpinner').hide();
+      $('#createResourceSpinner').hide();
     });
-  }
-
-  $scope.create = function () {
-    var config = prepareConfiguration();
-    createSecret(config);
   };
 }]);
diff --git a/app/components/createSecret/createsecret.html b/app/components/createSecret/createsecret.html
index c918e8cd5..dbf4efe06 100644
--- a/app/components/createSecret/createsecret.html
+++ b/app/components/createSecret/createsecret.html
@@ -66,6 +66,9 @@
             <!-- !labels-input-list -->
           </div>
           <!-- !labels-->
+          <!-- access-control -->
+          <por-access-control-form form-data="formValues.AccessControlData" ng-if="applicationState.application.authentication"></por-access-control-form>
+          <!-- !access-control -->
           <!-- actions -->
           <div class="col-sm-12 form-section-title">
             Actions
@@ -74,7 +77,8 @@
             <div class="col-sm-12">
               <button type="button" class="btn btn-primary btn-sm" ng-disabled="!formValues.Name || !formValues.Data" ng-click="create()">Create secret</button>
               <a type="button" class="btn btn-default btn-sm" ui-sref="secrets">Cancel</a>
-              <i id="createSecretSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+              <i id="createResourceSpinner" class="fa fa-cog fa-spin" style="margin-left: 5px; display: none;"></i>
+              <span class="text-danger" ng-if="state.formValidationError" style="margin-left: 5px;">{{ state.formValidationError }}</span>
             </div>
           </div>
           <!-- !actions -->
diff --git a/app/components/secret/secret.html b/app/components/secret/secret.html
index fb349ebbb..e90fd7420 100644
--- a/app/components/secret/secret.html
+++ b/app/components/secret/secret.html
@@ -53,3 +53,12 @@
     </rd-widget>
   </div>
 </div>
+
+<!-- access-control-panel -->
+<por-access-control-panel
+  ng-if="secret && applicationState.application.authentication"
+  resource-id="secret.Id"
+  resource-control="secret.ResourceControl"
+  resource-type="'secret'">
+</por-access-control-panel>
+<!-- !access-control-panel -->
diff --git a/app/components/secrets/secrets.html b/app/components/secrets/secrets.html
index abd9ba6eb..b274ae777 100644
--- a/app/components/secrets/secrets.html
+++ b/app/components/secrets/secrets.html
@@ -30,31 +30,44 @@
                 <input type="checkbox" ng-model="allSelected" ng-change="selectItems(allSelected)" />
               </th>
               <th>
-                <a ui-sref="secrets" ng-click="order('Name')">
+                <a ng-click="order('Name')">
                   Name
                   <span ng-show="sortType == 'Name' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                   <span ng-show="sortType == 'Name' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                 </a>
               </th>
               <th>
-                <a ui-sref="secrets" ng-click="order('CreatedAt')">
+                <a ng-click="order('CreatedAt')">
                   Created at
                   <span ng-show="sortType == 'Image' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
                   <span ng-show="sortType == 'Image' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
                 </a>
               </th>
+              <th ng-if="applicationState.application.authentication">
+                <a ng-click="order('ResourceControl.Ownership')">
+                  Ownership
+                  <span ng-show="sortType == 'ResourceControl.Ownership' && !sortReverse" class="glyphicon glyphicon-chevron-down"></span>
+                  <span ng-show="sortType == 'ResourceControl.Ownership' && sortReverse" class="glyphicon glyphicon-chevron-up"></span>
+                </a>
+              </th>
             </thead>
             <tbody>
               <tr dir-paginate="secret in (state.filteredSecrets = ( secrets | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: pagination_count))">
                 <td><input type="checkbox" ng-model="secret.Checked" ng-change="selectItem(secret)"/></td>
                 <td><a ui-sref="secret({id: secret.Id})">{{ secret.Name }}</a></td>
                 <td>{{ secret.CreatedAt | getisodate }}</td>
+                <td ng-if="applicationState.application.authentication">
+                  <span>
+                    <i ng-class="secret.ResourceControl.Ownership | ownershipicon" aria-hidden="true"></i>
+                    {{ secret.ResourceControl.Ownership ? secret.ResourceControl.Ownership : secret.ResourceControl.Ownership = 'public' }}
+                  </span>
+                </td>
               </tr>
               <tr ng-if="!secrets">
-                <td colspan="3" class="text-center text-muted">Loading...</td>
+                <td colspan="4" class="text-center text-muted">Loading...</td>
               </tr>
               <tr ng-if="secrets.length == 0">
-                <td colspan="3" class="text-center text-muted">No secrets available.</td>
+                <td colspan="4" class="text-center text-muted">No secrets available.</td>
               </tr>
             </tbody>
           </table>
diff --git a/app/models/docker/secret.js b/app/models/docker/secret.js
index 112419791..d6c54c22e 100644
--- a/app/models/docker/secret.js
+++ b/app/models/docker/secret.js
@@ -5,4 +5,10 @@ function SecretViewModel(data) {
   this.Version = data.Version.Index;
   this.Name = data.Spec.Name;
   this.Labels = data.Spec.Labels;
+
+  if (data.Portainer) {
+    if (data.Portainer.ResourceControl) {
+      this.ResourceControl = new ResourceControlViewModel(data.Portainer.ResourceControl);
+    }
+  }
 }

From 910136ee9b9432c54783a939445240acbb07dc84 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 18:24:41 +0200
Subject: [PATCH 26/33] feat(containers): store show all filter value in a
 cookie (#1203)

---
 app/components/containers/containersController.js | 15 ++++++++-------
 app/services/localStorage.js                      | 10 ++++++++++
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/app/components/containers/containersController.js b/app/components/containers/containersController.js
index afd310b9e..4f9ac54b3 100644
--- a/app/components/containers/containersController.js
+++ b/app/components/containers/containersController.js
@@ -1,16 +1,16 @@
 angular.module('containers', [])
-  .controller('ContainersController', ['$q', '$scope', '$filter', 'Container', 'ContainerService', 'ContainerHelper', 'SystemService', 'Notifications', 'Pagination', 'EntityListService', 'ModalService', 'ResourceControlService', 'EndpointProvider',
-  function ($q, $scope, $filter, Container, ContainerService, ContainerHelper, SystemService, Notifications, Pagination, EntityListService, ModalService, ResourceControlService, EndpointProvider) {
+  .controller('ContainersController', ['$q', '$scope', '$filter', 'Container', 'ContainerService', 'ContainerHelper', 'SystemService', 'Notifications', 'Pagination', 'EntityListService', 'ModalService', 'ResourceControlService', 'EndpointProvider', 'LocalStorage',
+  function ($q, $scope, $filter, Container, ContainerService, ContainerHelper, SystemService, Notifications, Pagination, EntityListService, ModalService, ResourceControlService, EndpointProvider, LocalStorage) {
   $scope.state = {};
   $scope.state.pagination_count = Pagination.getPaginationCount('containers');
-  $scope.state.displayAll = true;
+  $scope.state.displayAll = LocalStorage.getFilterContainerShowAll();
   $scope.state.displayIP = false;
   $scope.sortType = 'State';
   $scope.sortReverse = false;
   $scope.state.selectedItemCount = 0;
   $scope.truncate_size = 40;
   $scope.showMore = true;
-  
+
   $scope.order = function (sortType) {
     $scope.sortReverse = ($scope.sortType === sortType) ? !$scope.sortReverse : false;
     $scope.sortType = sortType;
@@ -133,6 +133,7 @@ angular.module('containers', [])
   };
 
   $scope.toggleGetAll = function () {
+    LocalStorage.storeFilterContainerShowAll($scope.state.displayAll);
     update({all: $scope.state.displayAll ? 1 : 0});
   };
 
@@ -163,8 +164,8 @@ angular.module('containers', [])
   $scope.removeAction = function () {
     batch($scope.containers, Container.remove, 'Removed');
   };
-  
-  
+
+
   $scope.truncateMore = function(size) {
     $scope.truncate_size = 80;
     $scope.showMore = false;
@@ -214,7 +215,7 @@ angular.module('containers', [])
 
       if(container.Status === 'paused') {
         $scope.state.noPausedItemsSelected = false;
-      } else if(container.Status === 'stopped' || 
+      } else if(container.Status === 'stopped' ||
                 container.Status === 'created') {
         $scope.state.noStoppedItemsSelected = false;
       } else if(container.Status === 'running') {
diff --git a/app/services/localStorage.js b/app/services/localStorage.js
index ae991ddea..89cd98483 100644
--- a/app/services/localStorage.js
+++ b/app/services/localStorage.js
@@ -43,6 +43,16 @@ angular.module('portainer.services')
     },
     clean: function() {
       localStorageService.clearAll();
+    },
+    storeFilterContainerShowAll: function(filter) {
+      localStorageService.cookie.set('filter_containerShowAll', filter);
+    },
+    getFilterContainerShowAll: function() {
+      var filter = localStorageService.cookie.get('filter_containerShowAll');
+      if (filter === null) {
+        filter = true;
+      }
+      return filter;
     }
   };
 }]);

From dd0fc6fab8f02adae2926073618426329f982a7c Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 18:41:03 +0200
Subject: [PATCH 27/33] feat(swarm): restrict access to the node details view
 to administrators only (#1204)

---
 api/http/proxy/transport.go             | 13 +++++++++++++
 app/components/swarm/swarm.html         |  5 ++++-
 app/components/swarm/swarmController.js | 11 +++++++++--
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/api/http/proxy/transport.go b/api/http/proxy/transport.go
index 35ee6cf2d..11d98c3d6 100644
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@@ -66,6 +66,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxySecretRequest(request)
 	case strings.HasPrefix(path, "/swarm"):
 		return p.proxySwarmRequest(request)
+	case strings.HasPrefix(path, "/nodes"):
+		return p.proxyNodeRequest(request)
 	default:
 		return p.executeDockerRequest(request)
 	}
@@ -186,6 +188,17 @@ func (p *proxyTransport) proxySecretRequest(request *http.Request) (*http.Respon
 	}
 }
 
+func (p *proxyTransport) proxyNodeRequest(request *http.Request) (*http.Response, error) {
+	requestPath := request.URL.Path
+
+	// assume /nodes/{id}
+	if path.Base(requestPath) != "nodes" {
+		return p.administratorOperation(request)
+	}
+
+	return p.executeDockerRequest(request)
+}
+
 func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Response, error) {
 	return p.administratorOperation(request)
 }
diff --git a/app/components/swarm/swarm.html b/app/components/swarm/swarm.html
index c585b0cb3..bb243ef32 100644
--- a/app/components/swarm/swarm.html
+++ b/app/components/swarm/swarm.html
@@ -223,7 +223,10 @@
           </thead>
           <tbody>
             <tr dir-paginate="node in (state.filteredNodes = (nodes | filter:state.filter | orderBy:sortType:sortReverse | itemsPerPage: state.pagination_count))">
-              <td><a ui-sref="node({id: node.Id})">{{ node.Hostname }}</a></td>
+              <td>
+                <a ui-sref="node({id: node.Id})" ng-if="isAdmin">{{ node.Hostname }}</a>
+                <span ng-if="!isAdmin">{{ node.Hostname }}</span>
+              </td>
               <td>{{ node.Role }}</td>
               <td>{{ node.CPUs / 1000000000 }}</td>
               <td>{{ node.Memory|humansize }}</td>
diff --git a/app/components/swarm/swarmController.js b/app/components/swarm/swarmController.js
index 99cdbf31c..131345df1 100644
--- a/app/components/swarm/swarmController.js
+++ b/app/components/swarm/swarmController.js
@@ -1,6 +1,6 @@
 angular.module('swarm', [])
-.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications',
-function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
+.controller('SwarmController', ['$q', '$scope', 'SystemService', 'NodeService', 'Pagination', 'Notifications', 'StateManager', 'Authentication',
+function ($q, $scope, SystemService, NodeService, Pagination, Notifications, StateManager, Authentication) {
   $scope.state = {};
   $scope.state.pagination_count = Pagination.getPaginationCount('swarm_nodes');
   $scope.sortType = 'Spec.Role';
@@ -73,6 +73,13 @@ function ($q, $scope, SystemService, NodeService, Pagination, Notifications) {
 
   function initView() {
     $('#loadingViewSpinner').show();
+
+    if (StateManager.getState().application.authentication) {
+      var userDetails = Authentication.getUserDetails();
+      var isAdmin = userDetails.role === 1 ? true: false;
+      $scope.isAdmin = isAdmin;
+    }
+
     var provider = $scope.applicationState.endpoint.mode.provider;
     $q.all({
       version: SystemService.version(),

From 912ebf467261a955e511ffc889d463a1bfa8c9d7 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 20:23:48 +0200
Subject: [PATCH 28/33] feat(api): filter tasks based on service UAC (#1207)

---
 api/http/proxy/filter.go    | 23 +++++++++++++++++++++++
 api/http/proxy/tasks.go     | 36 ++++++++++++++++++++++++++++++++++++
 api/http/proxy/transport.go | 12 ++++++++++++
 3 files changed, 71 insertions(+)
 create mode 100644 api/http/proxy/tasks.go

diff --git a/api/http/proxy/filter.go b/api/http/proxy/filter.go
index bc72987d0..005b11469 100644
--- a/api/http/proxy/filter.go
+++ b/api/http/proxy/filter.go
@@ -160,3 +160,26 @@ func filterSecretList(secretData []interface{}, resourceControls []portainer.Res
 
 	return filteredSecretData, nil
 }
+
+// filterTaskList loops through all tasks, filters tasks without any resource control (public resources) or with
+// any resource control giving access to the user based on the associated service identifier.
+// Task object schema reference: https://docs.docker.com/engine/api/v1.28/#operation/TaskList
+func filterTaskList(taskData []interface{}, resourceControls []portainer.ResourceControl, userID portainer.UserID, userTeamIDs []portainer.TeamID) ([]interface{}, error) {
+	filteredTaskData := make([]interface{}, 0)
+
+	for _, task := range taskData {
+		taskObject := task.(map[string]interface{})
+		if taskObject[taskServiceIdentifier] == nil {
+			return nil, ErrDockerTaskServiceIdentifierNotFound
+		}
+
+		serviceID := taskObject[taskServiceIdentifier].(string)
+
+		resourceControl := getResourceControlByResourceID(serviceID, resourceControls)
+		if resourceControl == nil || (resourceControl != nil && canUserAccessResource(userID, userTeamIDs, resourceControl)) {
+			filteredTaskData = append(filteredTaskData, taskObject)
+		}
+	}
+
+	return filteredTaskData, nil
+}
diff --git a/api/http/proxy/tasks.go b/api/http/proxy/tasks.go
new file mode 100644
index 000000000..b9073458b
--- /dev/null
+++ b/api/http/proxy/tasks.go
@@ -0,0 +1,36 @@
+package proxy
+
+import (
+	"net/http"
+
+	"github.com/portainer/portainer"
+)
+
+const (
+	// ErrDockerTaskServiceIdentifierNotFound defines an error raised when Portainer is unable to find the service identifier associated to a task
+	ErrDockerTaskServiceIdentifierNotFound = portainer.Error("Docker task service identifier not found")
+	taskServiceIdentifier                  = "ServiceID"
+)
+
+// taskListOperation extracts the response as a JSON object, loop through the tasks array
+// and filter the tasks based on resource controls before rewriting the response
+func taskListOperation(request *http.Request, response *http.Response, executor *operationExecutor) error {
+	var err error
+
+	// TaskList response is a JSON array
+	// https://docs.docker.com/engine/api/v1.28/#operation/TaskList
+	responseArray, err := getResponseAsJSONArray(response)
+	if err != nil {
+		return err
+	}
+
+	if !executor.operationContext.isAdmin {
+		responseArray, err = filterTaskList(responseArray, executor.operationContext.resourceControls,
+			executor.operationContext.userID, executor.operationContext.userTeamIDs)
+		if err != nil {
+			return err
+		}
+	}
+
+	return rewriteResponse(response, responseArray, http.StatusOK)
+}
diff --git a/api/http/proxy/transport.go b/api/http/proxy/transport.go
index 11d98c3d6..83f746d0e 100644
--- a/api/http/proxy/transport.go
+++ b/api/http/proxy/transport.go
@@ -68,6 +68,8 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 		return p.proxySwarmRequest(request)
 	case strings.HasPrefix(path, "/nodes"):
 		return p.proxyNodeRequest(request)
+	case strings.HasPrefix(path, "/tasks"):
+		return p.proxyTaskRequest(request)
 	default:
 		return p.executeDockerRequest(request)
 	}
@@ -203,6 +205,16 @@ func (p *proxyTransport) proxySwarmRequest(request *http.Request) (*http.Respons
 	return p.administratorOperation(request)
 }
 
+func (p *proxyTransport) proxyTaskRequest(request *http.Request) (*http.Response, error) {
+	switch requestPath := request.URL.Path; requestPath {
+	case "/tasks":
+		return p.rewriteOperation(request, taskListOperation)
+	default:
+		// assume /tasks/{id}
+		return p.executeDockerRequest(request)
+	}
+}
+
 // restrictedOperation ensures that the current user has the required authorizations
 // before executing the original request.
 func (p *proxyTransport) restrictedOperation(request *http.Request, resourceID string) (*http.Response, error) {

From 5131c4c10b227dc664ee121f23769f6b8a76270e Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Tue, 19 Sep 2017 20:59:28 +0200
Subject: [PATCH 29/33] feat(notifications): do not display invalid JWT token
 notifications (#1209)

---
 app/services/notifications.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/services/notifications.js b/app/services/notifications.js
index ddc9d0d7a..3679cba18 100644
--- a/app/services/notifications.js
+++ b/app/services/notifications.js
@@ -24,7 +24,9 @@ angular.module('portainer.services')
     } else if (e.data && e.data.err) {
       msg = e.data.err;
     }
-    toastr.error($sanitize(msg), $sanitize(title), {timeOut: 6000});
+    if (msg !== 'Invalid JWT token') {
+      toastr.error($sanitize(msg), $sanitize(title), {timeOut: 6000});
+    }
   };
 
   return service;

From d695657711d52f423985c906c2c73b91c3476a65 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 20 Sep 2017 08:23:36 +0200
Subject: [PATCH 30/33] feat(sidebar): rename Docker to Engine (#1212)

---
 app/app.js                                             | 10 +++++-----
 .../{docker/docker.html => engine/engine.html}         |  2 +-
 .../dockerController.js => engine/engineController.js} | 10 +++++-----
 app/components/sidebar/sidebar.html                    |  2 +-
 4 files changed, 12 insertions(+), 12 deletions(-)
 rename app/components/{docker/docker.html => engine/engine.html} (98%)
 rename app/components/{docker/dockerController.js => engine/engineController.js} (79%)

diff --git a/app/app.js b/app/app.js
index a71659b44..16cb0bc9d 100644
--- a/app/app.js
+++ b/app/app.js
@@ -32,7 +32,7 @@ angular.module('portainer', [
   'createSecret',
   'createService',
   'createVolume',
-  'docker',
+  'engine',
   'endpoint',
   'endpointAccess',
   'endpoints',
@@ -350,12 +350,12 @@ angular.module('portainer', [
         }
       }
     })
-    .state('docker', {
-      url: '/docker/',
+    .state('engine', {
+      url: '/engine/',
       views: {
         'content@': {
-          templateUrl: 'app/components/docker/docker.html',
-          controller: 'DockerController'
+          templateUrl: 'app/components/engine/engine.html',
+          controller: 'EngineController'
         },
         'sidebar@': {
           templateUrl: 'app/components/sidebar/sidebar.html',
diff --git a/app/components/docker/docker.html b/app/components/engine/engine.html
similarity index 98%
rename from app/components/docker/docker.html
rename to app/components/engine/engine.html
index 67aa6db5b..e81f1cdbf 100644
--- a/app/components/docker/docker.html
+++ b/app/components/engine/engine.html
@@ -1,6 +1,6 @@
 <rd-header>
   <rd-header-title title="Engine overview">
-    <a data-toggle="tooltip" title="Refresh" ui-sref="docker" ui-sref-opts="{reload: true}">
+    <a data-toggle="tooltip" title="Refresh" ui-sref="engine" ui-sref-opts="{reload: true}">
       <i class="fa fa-refresh" aria-hidden="true"></i>
     </a>
     <i id="loadingViewSpinner" class="fa fa-cog fa-spin"></i>
diff --git a/app/components/docker/dockerController.js b/app/components/engine/engineController.js
similarity index 79%
rename from app/components/docker/dockerController.js
rename to app/components/engine/engineController.js
index 4e3a160dc..9d7c04163 100644
--- a/app/components/docker/dockerController.js
+++ b/app/components/engine/engineController.js
@@ -1,9 +1,7 @@
-angular.module('docker', [])
-.controller('DockerController', ['$q', '$scope', 'SystemService', 'Notifications',
+angular.module('engine', [])
+.controller('EngineController', ['$q', '$scope', 'SystemService', 'Notifications',
 function ($q, $scope, SystemService, Notifications) {
-  $scope.info = {};
-  $scope.version = {};
-
+  
   function initView() {
     $('#loadingViewSpinner').show();
     $q.all({
@@ -15,6 +13,8 @@ function ($q, $scope, SystemService, Notifications) {
       $scope.info = data.info;
     })
     .catch(function error(err) {
+      $scope.info = {};
+      $scope.version = {};
       Notifications.error('Failure', err, 'Unable to retrieve engine details');
     })
     .finally(function final() {
diff --git a/app/components/sidebar/sidebar.html b/app/components/sidebar/sidebar.html
index 79117e697..aa61d2ce5 100644
--- a/app/components/sidebar/sidebar.html
+++ b/app/components/sidebar/sidebar.html
@@ -50,7 +50,7 @@
       <a ui-sref="swarm" ui-sref-active="active">Swarm <span class="menu-icon fa fa-object-group"></span></a>
     </li>
     <li class="sidebar-list" ng-if="applicationState.endpoint.mode.provider === 'DOCKER_STANDALONE' || applicationState.endpoint.mode.provider === 'VMWARE_VIC'">
-      <a ui-sref="docker" ui-sref-active="active">Docker <span class="menu-icon fa fa-th"></span></a>
+      <a ui-sref="engine" ui-sref-active="active">Engine <span class="menu-icon fa fa-th"></span></a>
     </li>
     <li class="sidebar-title" ng-if="!applicationState.application.authentication || isAdmin || isTeamLeader">
       <span>Portainer settings</span>

From 3cb96235b78012304a48adc047942c341cb7b3b7 Mon Sep 17 00:00:00 2001
From: Thomas Krzero <thomas.kovatchitch@gmail.com>
Date: Wed, 20 Sep 2017 08:32:19 +0200
Subject: [PATCH 31/33] #516 feat(services) - add the ability to manage cpu/mem
 limits

---
 app/app.js                                    |   3 +-
 .../createService/createServiceController.js  |  74 +++++++++-
 .../createService/createservice.html          |   8 +-
 .../createService/includes/placement.html     |  57 --------
 .../includes/resources-placement.html         | 136 ++++++++++++++++++
 .../service/includes/resources.html           |  82 ++++++++---
 app/components/service/serviceController.js   |  40 +++++-
 app/directives/slider/por-slider.js           |  12 ++
 app/directives/slider/porSlider.html          |   3 +
 app/directives/slider/porSliderController.js  |  22 +++
 app/helpers/serviceHelper.js                  |   1 -
 bower.json                                    |   3 +-
 vendor.yml                                    |   4 +
 13 files changed, 353 insertions(+), 92 deletions(-)
 delete mode 100644 app/components/createService/includes/placement.html
 create mode 100644 app/components/createService/includes/resources-placement.html
 create mode 100644 app/directives/slider/por-slider.js
 create mode 100644 app/directives/slider/porSlider.html
 create mode 100644 app/directives/slider/porSliderController.js

diff --git a/app/app.js b/app/app.js
index 16cb0bc9d..02754f6c8 100644
--- a/app/app.js
+++ b/app/app.js
@@ -65,7 +65,8 @@ angular.module('portainer', [
   'users',
   'userSettings',
   'volume',
-  'volumes'])
+  'volumes',
+  'rzModule'])
   .config(['$stateProvider', '$urlRouterProvider', '$httpProvider', 'localStorageServiceProvider', 'jwtOptionsProvider', 'AnalyticsProvider', '$uibTooltipProvider', '$compileProvider', function ($stateProvider, $urlRouterProvider, $httpProvider, localStorageServiceProvider, jwtOptionsProvider, AnalyticsProvider, $uibTooltipProvider, $compileProvider) {
     'use strict';
 
diff --git a/app/components/createService/createServiceController.js b/app/components/createService/createServiceController.js
index d7723503d..c521d0aae 100644
--- a/app/components/createService/createServiceController.js
+++ b/app/components/createService/createServiceController.js
@@ -1,8 +1,8 @@
 // @@OLD_SERVICE_CONTROLLER: this service should be rewritten to use services.
 // See app/components/templates/templatesController.js as a reference.
 angular.module('createService', [])
-.controller('CreateServiceController', ['$q', '$scope', '$state', 'Service', 'ServiceHelper', 'SecretHelper', 'SecretService', 'VolumeService', 'NetworkService', 'ImageHelper', 'LabelHelper', 'Authentication', 'ResourceControlService', 'Notifications', 'FormValidator', 'RegistryService', 'HttpRequestHelper',
-function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretService, VolumeService, NetworkService, ImageHelper, LabelHelper, Authentication, ResourceControlService, Notifications, FormValidator, RegistryService, HttpRequestHelper) {
+.controller('CreateServiceController', ['$q', '$scope', '$state', '$timeout', 'Service', 'ServiceHelper', 'SecretHelper', 'SecretService', 'VolumeService', 'NetworkService', 'ImageHelper', 'LabelHelper', 'Authentication', 'ResourceControlService', 'Notifications', 'FormValidator', 'RegistryService', 'HttpRequestHelper', 'NodeService',
+function ($q, $scope, $state, $timeout, Service, ServiceHelper, SecretHelper, SecretService, VolumeService, NetworkService, ImageHelper, LabelHelper, Authentication, ResourceControlService, Notifications, FormValidator, RegistryService, HttpRequestHelper, NodeService) {
 
   $scope.formValues = {
     Name: '',
@@ -28,13 +28,25 @@ function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretServic
     UpdateOrder: 'stop-first',
     FailureAction: 'pause',
     Secrets: [],
-    AccessControlData: new AccessControlFormData()
+    AccessControlData: new AccessControlFormData(),
+    CpuLimit: 0,
+    CpuReservation: 0,
+    MemoryLimit: 0,
+    MemoryReservation: 0,
+    MemoryLimitUnit: 'MB',
+    MemoryReservationUnit: 'MB'
   };
 
   $scope.state = {
     formValidationError: ''
   };
 
+  $scope.refreshSlider = function () {
+    $timeout(function () {
+      $scope.$broadcast('rzSliderForceRender');
+    });
+  };
+
   $scope.addPortBinding = function() {
     $scope.formValues.Ports.push({ PublishedPort: '', TargetPort: '', Protocol: 'tcp', PublishMode: 'ingress' });
   };
@@ -224,6 +236,38 @@ function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretServic
     }
   }
 
+  function prepareResourcesCpuConfig(config, input) {
+    // CPU Limit
+    if (input.CpuLimit > 0) {
+      config.TaskTemplate.Resources.Limits.NanoCPUs = input.CpuLimit * 1000000000;
+    }
+    // CPU Reservation
+    if (input.CpuReservation > 0) {
+      config.TaskTemplate.Resources.Reservations.NanoCPUs = input.CpuReservation * 1000000000;
+    }
+  }
+
+  function prepareResourcesMemoryConfig(config, input) {
+    // Memory Limit - Round to 0.125
+    var memoryLimit = (Math.round(input.MemoryLimit * 8) / 8).toFixed(3);
+    memoryLimit *= 1024 * 1024;
+    if (input.MemoryLimitUnit === 'GB') {
+      memoryLimit *= 1024;
+    }
+    if (memoryLimit > 0) {
+      config.TaskTemplate.Resources.Limits.MemoryBytes = memoryLimit;
+    }
+    // Memory Resevation - Round to 0.125
+    var memoryReservation = (Math.round(input.MemoryReservation * 8) / 8).toFixed(3);
+    memoryReservation *= 1024 * 1024;
+    if (input.MemoryReservationUnit === 'GB') {
+      memoryReservation *= 1024;
+    }
+    if (memoryReservation > 0) {
+      config.TaskTemplate.Resources.Reservations.MemoryBytes = memoryReservation;
+    }
+  }
+
   function prepareConfiguration() {
     var input = $scope.formValues;
     var config = {
@@ -232,7 +276,11 @@ function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretServic
         ContainerSpec: {
           Mounts: []
         },
-        Placement: {}
+        Placement: {},
+        Resources: {
+          Limits: {},
+          Reservations: {}
+        }
       },
       Mode: {},
       EndpointSpec: {}
@@ -248,6 +296,8 @@ function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretServic
     prepareUpdateConfig(config, input);
     prepareSecretConfig(config, input);
     preparePlacementConfig(config, input);
+    prepareResourcesCpuConfig(config, input);
+    prepareResourcesMemoryConfig(config, input);
     return config;
   }
 
@@ -305,16 +355,30 @@ function ($q, $scope, $state, Service, ServiceHelper, SecretHelper, SecretServic
   function initView() {
     $('#loadingViewSpinner').show();
     var apiVersion = $scope.applicationState.endpoint.apiVersion;
+    var provider = $scope.applicationState.endpoint.mode.provider;
 
     $q.all({
       volumes: VolumeService.volumes(),
       secrets: apiVersion >= 1.25 ? SecretService.secrets() : [],
-      networks: NetworkService.networks(true, true, false, false)
+      networks: NetworkService.networks(true, true, false, false),
+      nodes: NodeService.nodes()
     })
     .then(function success(data) {
       $scope.availableVolumes = data.volumes;
       $scope.availableNetworks = data.networks;
       $scope.availableSecrets = data.secrets;
+      // Set max cpu value
+      var maxCpus = 0;
+      for (var n in data.nodes) {
+        if (data.nodes[n].CPUs && data.nodes[n].CPUs > maxCpus) {
+          maxCpus = data.nodes[n].CPUs;
+        }
+      }
+      if (maxCpus > 0) {
+        $scope.state.sliderMaxCpu = maxCpus / 1000000000;
+      } else {
+        $scope.state.sliderMaxCpu = 32;
+      }
     })
     .catch(function error(err) {
       Notifications.error('Failure', err, 'Unable to initialize view');
diff --git a/app/components/createService/createservice.html b/app/components/createService/createservice.html
index d34ad9bd1..ad3c254ed 100644
--- a/app/components/createService/createservice.html
+++ b/app/components/createService/createservice.html
@@ -133,7 +133,7 @@
           <li class="interactive"><a data-target="#labels" data-toggle="tab">Labels</a></li>
           <li class="interactive"><a data-target="#update-config" data-toggle="tab">Update config</a></li>
           <li class="interactive" ng-if="applicationState.endpoint.apiVersion >= 1.25"><a data-target="#secrets" data-toggle="tab">Secrets</a></li>
-          <li class="interactive"><a data-target="#placement" data-toggle="tab">Placement</a></li>
+          <li class="interactive"><a data-target="#resources-placement" data-toggle="tab" ng-click="refreshSlider()">Resources & Placement</a></li>
         </ul>
         <!-- tab-content -->
         <div class="tab-content">
@@ -442,9 +442,9 @@
           <!-- tab-secrets -->
           <div class="tab-pane" id="secrets" ng-if="applicationState.endpoint.apiVersion >= 1.25" ng-include="'app/components/createService/includes/secret.html'"></div>
           <!-- !tab-secrets -->
-          <!-- tab-placement -->
-          <div class="tab-pane" id="placement" ng-include="'app/components/createService/includes/placement.html'"></div>
-          <!-- !tab-placement -->
+          <!-- tab-resources-placement -->
+          <div class="tab-pane" id="resources-placement" ng-include="'app/components/createService/includes/resources-placement.html'"></div>
+          <!-- !tab-resources-placement -->
         </div>
       </rd-widget-body>
     </rd-widget>
diff --git a/app/components/createService/includes/placement.html b/app/components/createService/includes/placement.html
deleted file mode 100644
index c12547fac..000000000
--- a/app/components/createService/includes/placement.html
+++ /dev/null
@@ -1,57 +0,0 @@
-<form class="form-horizontal" style="margin-top: 15px;">
-  <div class="form-group">
-    <div class="col-sm-12" style="margin-top: 5px;">
-      <label class="control-label text-left">Placement constraints</label>
-      <span class="label label-default interactive" style="margin-left: 10px;" ng-click="addPlacementConstraint()">
-        <i class="fa fa-plus-circle" aria-hidden="true"></i> placement constraint
-      </span>
-    </div>
-    <div class="col-sm-12 form-inline" style="margin-top: 10px;">
-      <div ng-repeat="constraint in formValues.PlacementConstraints" style="margin-top: 2px;">
-        <div class="input-group col-sm-4 input-group-sm">
-          <span class="input-group-addon">name</span>
-          <input type="text" class="form-control" ng-model="constraint.key" placeholder="e.g. node.role">
-        </div>
-        <div class="input-group col-sm-1 input-group-sm">
-          <select name="constraintOperator" class="form-control" ng-model="constraint.operator">
-            <option value="==">==</option>
-            <option value="!=">!=</option>
-          </select>
-        </div>
-        <div class="input-group col-sm-5 input-group-sm">
-          <span class="input-group-addon">value</span>
-          <input type="text" class="form-control" ng-model="constraint.value" placeholder="e.g. manager">
-        </div>
-        <button class="btn btn-sm btn-danger" type="button" ng-click="removePlacementConstraint($index)">
-          <i class="fa fa-trash" aria-hidden="true"></i>
-        </button>
-      </div>
-    </div>
-  </div>
-</form>
-
-<form class="form-horizontal" style="margin-top: 15px;" ng-if="applicationState.endpoint.apiVersion >= 1.30">
-  <div class="form-group">
-    <div class="col-sm-12" style="margin-top: 5px;">
-      <label class="control-label text-left">Placement preferences</label>
-      <span class="label label-default interactive" style="margin-left: 10px;" ng-click="addPlacementPreference()">
-        <i class="fa fa-plus-circle" aria-hidden="true"></i> placement preference
-      </span>
-    </div>
-    <div class="col-sm-12 form-inline" style="margin-top: 10px;">
-      <div ng-repeat="preference in formValues.PlacementPreferences" style="margin-top: 2px;">
-        <div class="input-group col-sm-4 input-group-sm">
-          <span class="input-group-addon">strategy</span>
-          <input type="text" class="form-control" ng-model="preference.strategy" placeholder="e.g. spread">
-        </div>
-        <div class="input-group col-sm-5 input-group-sm">
-          <span class="input-group-addon">value</span>
-          <input type="text" class="form-control" ng-model="preference.value" placeholder="e.g. node.labels.datacenter">
-        </div>
-        <button class="btn btn-sm btn-danger" type="button" ng-click="removePlacementPreference($index)">
-          <i class="fa fa-trash" aria-hidden="true"></i>
-        </button>
-      </div>
-    </div>
-  </div>
-</form>
diff --git a/app/components/createService/includes/resources-placement.html b/app/components/createService/includes/resources-placement.html
new file mode 100644
index 000000000..6c8b85dd6
--- /dev/null
+++ b/app/components/createService/includes/resources-placement.html
@@ -0,0 +1,136 @@
+<form class="form-horizontal" style="margin-top: 15px;">
+  <div class="col-sm-12 form-section-title">
+    Resources
+  </div>
+  <!-- memory-reservation-input -->
+  <div class="form-group">
+    <label for="memory-reservation" class="col-sm-3 col-lg-2 control-label text-left">
+      Memory reservation
+    </label>
+    <div class="col-sm-3">
+      <input type="number" step="0.125" min="0" class="form-control" ng-model="formValues.MemoryReservation" id="memory-reservation" placeholder="e.g. 64">
+    </div>
+    <div class="col-sm-2">
+      <select class="form-control" ng-model="formValues.MemoryReservationUnit">
+        <option value="MB">MB</option>
+        <option value="GB">GB</option>
+      </select>
+    </div>
+    <div class="col-sm-4">
+      <p class="small text-muted">
+        Minimum memory available on a node to run a task
+      </p>
+    </div>
+  </div>
+  <!-- !memory-reservation-input -->
+  <!-- memory-limit-input -->
+  <div class="form-group">
+    <label for="memory-limit" class="col-sm-3 col-lg-2 control-label text-left">
+      Memory limit
+    </label>
+    <div class="col-sm-3">
+      <input type="number" step="0.125" min="0" class="form-control" ng-model="formValues.MemoryLimit" id="memory-limit" placeholder="e.g. 128">
+    </div>
+    <div class="col-sm-2">
+      <select class="form-control" ng-model="formValues.MemoryLimitUnit">
+        <option value="MB">MB</option>
+        <option value="GB">GB</option>
+      </select>
+    </div>
+    <div class="col-sm-4">
+      <p class="small text-muted">
+        Maximum memory usage per task (set to 0 for unlimited)
+      </p>
+    </div>
+  </div>
+  <!-- !memory-limit-input -->
+  <!-- cpu-reservation-input -->
+  <div class="form-group">
+    <label for="cpu-reservation" class="col-sm-3 col-lg-2 control-label text-left" style="margin-top: 20px;">
+      CPU reservation
+    </label>
+    <div class="col-sm-5">
+      <por-slider model="formValues.CpuReservation" floor="0" ceil="state.sliderMaxCpu" step="0.25" precision="2" ng-if="state.sliderMaxCpu"></por-slider>
+    </div>
+    <div class="col-sm-4" style="margin-top: 20px;">
+      <p class="small text-muted">
+        Minimum CPU available on a node to run a task
+      </p>
+    </div>
+  </div>
+  <!-- !cpu-reservation-input -->
+  <!-- cpu-limit-input -->
+  <div class="form-group">
+    <label for="cpu-limit" class="col-sm-3 col-lg-2 control-label text-left" style="margin-top: 20px;">
+      CPU limit
+    </label>
+    <div class="col-sm-5">
+      <por-slider model="formValues.CpuLimit" floor="0" ceil="state.sliderMaxCpu" step="0.25" precision="2" ng-if="state.sliderMaxCpu"></por-slider>
+    </div>
+    <div class="col-sm-4" style="margin-top: 20px;">
+      <p class="small text-muted">
+        Maximum CPU usage per task
+      </p>
+    </div>
+  </div>
+  <!-- !cpu-limit-input -->
+  <div class="col-sm-12 form-section-title">
+    Placement
+  </div>
+  <!-- placement-constraints -->
+  <div class="form-group">
+    <div class="col-sm-12" style="margin-top: 5px;">
+      <label class="control-label text-left">Placement constraints</label>
+      <span class="label label-default interactive" style="margin-left: 10px;" ng-click="addPlacementConstraint()">
+        <i class="fa fa-plus-circle" aria-hidden="true"></i> placement constraint
+      </span>
+    </div>
+    <div class="col-sm-12 form-inline" style="margin-top: 10px;">
+      <div ng-repeat="constraint in formValues.PlacementConstraints" style="margin-top: 2px;">
+        <div class="input-group col-sm-4 input-group-sm">
+          <span class="input-group-addon">name</span>
+          <input type="text" class="form-control" ng-model="constraint.key" placeholder="e.g. node.role">
+        </div>
+        <div class="input-group col-sm-1 input-group-sm">
+          <select name="constraintOperator" class="form-control" ng-model="constraint.operator">
+            <option value="==">==</option>
+            <option value="!=">!=</option>
+          </select>
+        </div>
+        <div class="input-group col-sm-5 input-group-sm">
+          <span class="input-group-addon">value</span>
+          <input type="text" class="form-control" ng-model="constraint.value" placeholder="e.g. manager">
+        </div>
+        <button class="btn btn-sm btn-danger" type="button" ng-click="removePlacementConstraint($index)">
+          <i class="fa fa-trash" aria-hidden="true"></i>
+        </button>
+      </div>
+    </div>
+  </div>
+  <!-- !placement-constraints -->
+  <!-- placement-preferences -->
+  <div class="form-group" ng-if="applicationState.endpoint.apiVersion >= 1.30">
+    <div class="col-sm-12" style="margin-top: 5px;">
+      <label class="control-label text-left">Placement preferences</label>
+      <span class="label label-default interactive" style="margin-left: 10px;" ng-click="addPlacementPreference()">
+        <i class="fa fa-plus-circle" aria-hidden="true"></i> placement preference
+      </span>
+    </div>
+    <div class="col-sm-12 form-inline" style="margin-top: 10px;">
+      <div ng-repeat="preference in formValues.PlacementPreferences" style="margin-top: 2px;">
+        <div class="input-group col-sm-4 input-group-sm">
+          <span class="input-group-addon">strategy</span>
+          <input type="text" class="form-control" ng-model="preference.strategy" placeholder="e.g. spread">
+        </div>
+        <div class="input-group col-sm-5 input-group-sm">
+          <span class="input-group-addon">value</span>
+          <input type="text" class="form-control" ng-model="preference.value" placeholder="e.g. node.labels.datacenter">
+        </div>
+        <button class="btn btn-sm btn-danger" type="button" ng-click="removePlacementPreference($index)">
+          <i class="fa fa-trash" aria-hidden="true"></i>
+        </button>
+      </div>
+    </div>
+  </div>
+  <!-- !placement-preferences -->
+</form>
diff --git a/app/components/service/includes/resources.html b/app/components/service/includes/resources.html
index 12228cb2f..e24de75b5 100644
--- a/app/components/service/includes/resources.html
+++ b/app/components/service/includes/resources.html
@@ -6,31 +6,77 @@
       <table class="table">
         <tbody>
           <tr>
-            <td>CPU limits</td>
-            <td ng-if="service.LimitNanoCPUs">
-              {{ service.LimitNanoCPUs / 1000000000 }}
+            <td style="vertical-align : middle;">
+              Memory reservation (MB)
             </td>
-            <td ng-if="!service.LimitNanoCPUs">None</td>
-          </tr>
-          <tr>
-            <td>Memory limits</td>
-            <td ng-if="service.LimitMemoryBytes">{{service.LimitMemoryBytes|humansize}}</td>
-            <td ng-if="!service.LimitMemoryBytes">None</td>
-          </tr>
-          <tr>
-            <td>CPU reservation</td>
-            <td ng-if="service.ReservationNanoCPUs">
-              {{service.ReservationNanoCPUs / 1000000000}}
+            <td>
+              <input class="input-sm" type="number" step="0.125" min="0" ng-model="service.ReservationMemoryBytes" ng-change="updateServiceAttribute(service, 'ReservationMemoryBytes')" ng-disabled="isUpdating"/>
+            </td>
+            <td style="vertical-align : middle;">
+              <p class="small text-muted">
+                Minimum memory available on a node to run a task (set to 0 for unlimited)
+              </p>
             </td>
-            <td ng-if="!service.ReservationNanoCPUs">None</td>
           </tr>
           <tr>
-            <td>Memory reservation</td>
-            <td ng-if="service.ReservationMemoryBytes">{{service.ReservationMemoryBytes|humansize}}</td>
-            <td ng-if="!service.ReservationMemoryBytes">None</td>
+            <td style="vertical-align : middle;">
+              Memory limit (MB)
+            </td>
+            <td>
+              <input class="input-sm" type="number" step="0.125" min="0" ng-model="service.LimitMemoryBytes" ng-change="updateServiceAttribute(service, 'LimitMemoryBytes')" ng-disabled="isUpdating"/>
+            </td>
+            <td style="vertical-align : middle;">
+              <p class="small text-muted">
+                Maximum memory usage per task (set to 0 for unlimited)
+              </p>
+            </td>
+          </tr>
+          <tr>
+            <td style="vertical-align : middle;">
+              <div>
+                CPU reservation
+              </div>
+            </td>
+            <td>
+              <por-slider model="service.ReservationNanoCPUs" floor="0" ceil="state.sliderMaxCpu" step="0.25" precision="2" ng-if="service && state.sliderMaxCpu" on-change="updateServiceAttribute(service, 'ReservationNanoCPUs')"></por-slider>
+            </td>
+            <td style="vertical-align : middle;">
+              <p class="small text-muted">
+                Minimum CPU available on a node to run a task
+              </p>
+            </td>
+          </tr>
+          <tr>
+            <td style="vertical-align : middle;">
+              <div>
+                CPU limit
+              </div>
+            </td>
+            <td>
+              <por-slider model="service.LimitNanoCPUs" floor="0" ceil="state.sliderMaxCpu" step="0.25" precision="2" ng-if="service && state.sliderMaxCpu" on-change="updateServiceAttribute(service, 'LimitNanoCPUs')"></por-slider>
+            </td>
+            <td style="vertical-align : middle;">
+              <p class="small text-muted">
+                Maximum CPU usage per task
+              </p>
+            </td>
           </tr>
         </tbody>
       </table>
     </rd-widget-body>
+    <rd-widget-footer>
+      <div class="btn-toolbar" role="toolbar">
+        <div class="btn-group" role="group">
+          <button type="button" class="btn btn-primary btn-sm" ng-disabled="!hasChanges(service, ['LimitNanoCPUs', 'LimitMemoryBytes', 'ReservationNanoCPUs', 'ReservationMemoryBytes'])" ng-click="updateService(service)">Apply changes</button>
+          <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+            <span class="caret"></span>
+          </button>
+          <ul class="dropdown-menu">
+            <li><a ng-click="cancelChanges(service, ['LimitNanoCPUs', 'LimitMemoryBytes', 'ReservationNanoCPUs', 'ReservationMemoryBytes'])">Reset changes</a></li>
+            <li><a ng-click="cancelChanges(service)">Reset all changes</a></li>
+          </ul>
+        </div>
+      </div>
+    </rd-widget-footer>
   </rd-widget>
 </div>
diff --git a/app/components/service/serviceController.js b/app/components/service/serviceController.js
index 3b5f8e2a1..775525aa1 100644
--- a/app/components/service/serviceController.js
+++ b/app/components/service/serviceController.js
@@ -204,14 +204,19 @@ function ($q, $scope, $stateParams, $state, $location, $timeout, $anchorScroll,
     config.TaskTemplate.Placement.Constraints = ServiceHelper.translateKeyValueToPlacementConstraints(service.ServiceConstraints);
     config.TaskTemplate.Placement.Preferences = ServiceHelper.translateKeyValueToPlacementPreferences(service.ServicePreferences);
 
+    // Round memory values to 0.125 and convert MB to B
+    var memoryLimit = (Math.round(service.LimitMemoryBytes * 8) / 8).toFixed(3);
+    memoryLimit *= 1024 * 1024;
+    var memoryReservation = (Math.round(service.ReservationMemoryBytes * 8) / 8).toFixed(3);
+    memoryReservation *= 1024 * 1024;
     config.TaskTemplate.Resources = {
       Limits: {
-        NanoCPUs: service.LimitNanoCPUs,
-        MemoryBytes: service.LimitMemoryBytes
+        NanoCPUs: service.LimitNanoCPUs * 1000000000,
+        MemoryBytes: memoryLimit
       },
       Reservations: {
-        NanoCPUs: service.ReservationNanoCPUs,
-        MemoryBytes: service.ReservationMemoryBytes
+        NanoCPUs: service.ReservationNanoCPUs * 1000000000,
+        MemoryBytes: memoryReservation
       }
     };
 
@@ -244,7 +249,11 @@ function ($q, $scope, $stateParams, $state, $location, $timeout, $anchorScroll,
 
     Service.update({ id: service.Id, version: service.Version }, config, function (data) {
       $('#loadingViewSpinner').hide();
-      Notifications.success('Service successfully updated', 'Service updated');
+      if (data.message && data.message.match(/^rpc error:/)) {
+        Notifications.error(data.message, 'Error');
+      } else {
+        Notifications.success('Service successfully updated', 'Service updated');
+      }
       $scope.cancelChanges({});
       initView();
     }, function (e) {
@@ -288,6 +297,13 @@ function ($q, $scope, $stateParams, $state, $location, $timeout, $anchorScroll,
     service.ServicePreferences = ServiceHelper.translatePreferencesToKeyValue(service.Preferences);
   }
 
+  function transformResources(service) {
+    service.LimitNanoCPUs = service.LimitNanoCPUs / 1000000000 || 0;
+    service.ReservationNanoCPUs = service.ReservationNanoCPUs / 1000000000 || 0;
+    service.LimitMemoryBytes = service.LimitMemoryBytes / 1024 / 1024 || 0;
+    service.ReservationMemoryBytes = service.ReservationMemoryBytes / 1024 / 1024 || 0;
+  }
+
   function initView() {
     $('#loadingViewSpinner').show();
     var apiVersion = $scope.applicationState.endpoint.apiVersion;
@@ -299,6 +315,7 @@ function ($q, $scope, $stateParams, $state, $location, $timeout, $anchorScroll,
         $scope.lastVersion = service.Version;
       }
 
+      transformResources(service);
       translateServiceArrays(service);
       $scope.service = service;
       originalService = angular.copy(service);
@@ -314,6 +331,19 @@ function ($q, $scope, $stateParams, $state, $location, $timeout, $anchorScroll,
       $scope.nodes = data.nodes;
       $scope.secrets = data.secrets;
 
+      // Set max cpu value
+      var maxCpus = 0;
+      for (var n in data.nodes) {
+        if (data.nodes[n].CPUs && data.nodes[n].CPUs > maxCpus) {
+          maxCpus = data.nodes[n].CPUs;
+        }
+      }
+      if (maxCpus > 0) {
+        $scope.state.sliderMaxCpu = maxCpus / 1000000000;
+      } else {
+        $scope.state.sliderMaxCpu = 32;
+      }
+
       $timeout(function() {
         $anchorScroll();
       });
diff --git a/app/directives/slider/por-slider.js b/app/directives/slider/por-slider.js
new file mode 100644
index 000000000..a44104789
--- /dev/null
+++ b/app/directives/slider/por-slider.js
@@ -0,0 +1,12 @@
+angular.module('portainer').component('porSlider', {
+  templateUrl: 'app/directives/slider/porSlider.html',
+  controller: 'porSliderController',
+  bindings: {
+    model: '=',
+    onChange: '&',
+    floor: '<',
+    ceil: '<',
+    step: '<',
+    precision: '<'
+  }
+});
diff --git a/app/directives/slider/porSlider.html b/app/directives/slider/porSlider.html
new file mode 100644
index 000000000..94cb04a75
--- /dev/null
+++ b/app/directives/slider/porSlider.html
@@ -0,0 +1,3 @@
+<div>
+  <rzslider rz-slider-options="$ctrl.options" rz-slider-model="$ctrl.model"></rzslider>
+</div>
diff --git a/app/directives/slider/porSliderController.js b/app/directives/slider/porSliderController.js
new file mode 100644
index 000000000..4958800b2
--- /dev/null
+++ b/app/directives/slider/porSliderController.js
@@ -0,0 +1,22 @@
+angular.module('portainer')
+.controller('porSliderController', function () {
+  var ctrl = this;
+
+  ctrl.options = {
+    floor: ctrl.floor,
+    ceil: ctrl.ceil,
+    step: ctrl.step,
+    precision: ctrl.precision,
+    showSelectionBar: true,
+    translate: function(value, sliderId, label) {
+      if (label === 'floor' || value === 0) {
+        return 'unlimited';
+      }
+      return value;
+    },
+    onChange: function() {
+      ctrl.onChange();
+    }
+  };
+
+});
diff --git a/app/helpers/serviceHelper.js b/app/helpers/serviceHelper.js
index bddab33c6..ec3411421 100644
--- a/app/helpers/serviceHelper.js
+++ b/app/helpers/serviceHelper.js
@@ -119,6 +119,5 @@ angular.module('portainer.helpers').factory('ServiceHelper', [function ServiceHe
       }
       return [];
     }
-
   };
 }]);
diff --git a/bower.json b/bower.json
index 3fb1da483..e1ea5474e 100644
--- a/bower.json
+++ b/bower.json
@@ -49,7 +49,8 @@
     "angular-multi-select": "~4.0.0",
     "toastr": "~2.1.3",
     "xterm.js": "~2.8.1",
-    "chart.js": "~2.6.0"
+    "chart.js": "~2.6.0",
+    "angularjs-slider": "^6.4.0"
   },
   "resolutions": {
     "angular": "1.5.11"
diff --git a/vendor.yml b/vendor.yml
index f4846a4e0..2a8a5c52a 100644
--- a/vendor.yml
+++ b/vendor.yml
@@ -13,6 +13,7 @@ js:
   - bower_components/toastr/toastr.js
   - bower_components/xterm.js/dist/xterm.js
   - bower_components/xterm.js/dist/addons/fit/fit.js
+  - bower_components/angularjs-slider/dist/rzslider.js
   minified:
   - bower_components/jquery/dist/jquery.min.js
   - bower_components/bootstrap/dist/js/bootstrap.min.js
@@ -27,6 +28,7 @@ js:
   - bower_components/toastr/toastr.min.js
   - bower_components/xterm.js/dist/xterm.js
   - bower_components/xterm.js/dist/addons/fit/fit.js
+  - bower_components/angularjs-slider/dist/rzslider.min.js
 css:
   regular:
   - bower_components/bootstrap/dist/css/bootstrap.css
@@ -36,6 +38,7 @@ css:
   - bower_components/font-awesome/css/font-awesome.css
   - bower_components/toastr/toastr.css
   - bower_components/xterm.js/dist/xterm.css
+  - bower_components/angularjs-slider/dist/rzslider.css
   minified:
   - bower_components/bootstrap/dist/css/bootstrap.min.css
   - bower_components/rdash-ui/dist/css/rdash.min.css
@@ -44,6 +47,7 @@ css:
   - bower_components/font-awesome/css/font-awesome.min.css
   - bower_components/toastr/toastr.min.css
   - bower_components/xterm.js/dist/xterm.css
+  - bower_components/angularjs-slider/rzslider.min.css
 angular:
   regular:
   - bower_components/angular/angular.js

From 210bdc80221b3000c0030ad36ac369b9ed48f78c Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 20 Sep 2017 14:38:16 +0200
Subject: [PATCH 32/33] refactor(vendor): fix path to min CSS file for rzslider

---
 vendor.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vendor.yml b/vendor.yml
index 2a8a5c52a..949b6f1ce 100644
--- a/vendor.yml
+++ b/vendor.yml
@@ -47,7 +47,7 @@ css:
   - bower_components/font-awesome/css/font-awesome.min.css
   - bower_components/toastr/toastr.min.css
   - bower_components/xterm.js/dist/xterm.css
-  - bower_components/angularjs-slider/rzslider.min.css
+  - bower_components/angularjs-slider/dist/rzslider.min.css
 angular:
   regular:
   - bower_components/angular/angular.js

From 5e2b3c1d0793c6bf6c001f3039e4861cfd95c1d0 Mon Sep 17 00:00:00 2001
From: Anthony Lapenna <lapenna.anthony@gmail.com>
Date: Wed, 20 Sep 2017 15:41:01 +0200
Subject: [PATCH 33/33] chore(version): bump version number

---
 api/portainer.go | 2 +-
 api/swagger.yaml | 4 ++--
 bower.json       | 2 +-
 package.json     | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/api/portainer.go b/api/portainer.go
index 78c303e37..b641ef5cd 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -345,7 +345,7 @@ type (
 
 const (
 	// APIVersion is the version number of the Portainer API.
-	APIVersion = "1.14.0"
+	APIVersion = "1.14.1"
 	// DBVersion is the version number of the Portainer database.
 	DBVersion = 4
 	// DefaultTemplatesURL represents the default URL for the templates definitions.
diff --git a/api/swagger.yaml b/api/swagger.yaml
index 59ac0bdce..255a62949 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -56,7 +56,7 @@ info:
 
     **NOTE**: You can find more information on how to query the Docker API in the [Docker official documentation](https://docs.docker.com/engine/api/v1.30/) as well as in [this Portainer example](https://gist.github.com/deviantony/77026d402366b4b43fa5918d41bc42f8).
 
-  version: "1.14.0"
+  version: "1.14.1"
   title: "Portainer API"
   contact:
     email: "info@portainer.io"
@@ -1869,7 +1869,7 @@ definitions:
         description: "Is analytics enabled"
       Version:
         type: "string"
-        example: "1.14.0"
+        example: "1.14.1"
         description: "Portainer API version"
   PublicSettingsInspectResponse:
     type: "object"
diff --git a/bower.json b/bower.json
index e1ea5474e..764a9fb4d 100644
--- a/bower.json
+++ b/bower.json
@@ -1,6 +1,6 @@
 {
   "name": "portainer",
-  "version": "1.14.0",
+  "version": "1.14.1",
   "homepage": "https://github.com/portainer/portainer",
   "authors": [
     "Anthony Lapenna <anthony.lapenna at gmail dot com>"
diff --git a/package.json b/package.json
index 8c7dec2da..c1ea2d995 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Portainer.io",
   "name": "portainer",
   "homepage": "http://portainer.io",
-  "version": "1.14.0",
+  "version": "1.14.1",
   "repository": {
     "type": "git",
     "url": "git@github.com:portainer/portainer.git"