5 files changed, 29 insertions, 17 deletions
diff --git a/data/templates/accel-ppp/l2tp.config.tmpl b/data/templates/accel-ppp/l2tp.config.tmpl
index 070a966b7..a2a2382fa 100644
--- a/data/templates/accel-ppp/l2tp.config.tmpl
+++ b/data/templates/accel-ppp/l2tp.config.tmpl
@@ -57,6 +57,9 @@ bind={{ outside_addr }}
 {% if lns_shared_secret %}
 secret={{ lns_shared_secret }}
 {% endif %}
+{% if lns_host_name %}
+host-name={{ lns_host_name }}
+{% endif %}
 
 [client-ip-range]
 0.0.0.0/0
diff --git a/data/templates/accel-ppp/sstp.config.tmpl b/data/templates/accel-ppp/sstp.config.tmpl
index d48e9ab0d..7a40a96aa 100644
--- a/data/templates/accel-ppp/sstp.config.tmpl
+++ b/data/templates/accel-ppp/sstp.config.tmpl
@@ -52,9 +52,9 @@ verbose=1
 check-ip=1
 {# MTU #}
 mtu={{ mtu }}
-{% if client_ipv6_pool is defined %}
-ipv6=allow
-{% endif %}
+ipv6={{ 'allow' if ppp_options.ipv6 == "deny" and client_ipv6_pool is defined else ppp_options.ipv6 }}
+ipv4={{ ppp_options.ipv4 }}
+
 mppe={{ ppp_options.mppe }}
 lcp-echo-interval={{ ppp_options.lcp_echo_interval }}
 lcp-echo-timeout={{ ppp_options.lcp_echo_timeout }}
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index 26d0b5d73..d25e5193a 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -41,9 +41,11 @@ server {
         ssl_protocols TLSv1.2 TLSv1.3;
 
         # proxy settings for HTTP API, if enabled; 503, if not
-        location ~ /(retrieve|configure|config-file|image|generate|show) {
+        location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
 {% if server.api %}
                 proxy_pass http://localhost:{{ server.api.port }};
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
                 proxy_read_timeout 600;
                 proxy_buffering off;
 {% else %}
diff --git a/data/templates/openvpn/server.conf.tmpl b/data/templates/openvpn/server.conf.tmpl
index c96b57fb8..c2b0c2ef9 100644
--- a/data/templates/openvpn/server.conf.tmpl
+++ b/data/templates/openvpn/server.conf.tmpl
@@ -257,16 +257,3 @@ auth {{ hash }}
 auth-user-pass {{ auth_user_pass_file }}
 auth-retry nointeract
 {% endif %}
-
-{% if openvpn_option is defined and openvpn_option is not none %}
-#
-# Custom options added by user (not validated)
-#
-{%   for option in openvpn_option %}
-{%     for argument in option.split('--') %}
-{%       if argument is defined and argument != '' %}
---{{ argument }}
-{%       endif %}
-{%     endfor %}
-{%   endfor %}
-{% endif %}
diff --git a/data/templates/openvpn/service-override.conf.tmpl b/data/templates/openvpn/service-override.conf.tmpl
new file mode 100644
index 000000000..069bdbd08
--- /dev/null
+++ b/data/templates/openvpn/service-override.conf.tmpl
@@ -0,0 +1,20 @@
+[Service]
+ExecStart=
+ExecStart=/usr/sbin/openvpn --daemon openvpn-%i --config %i.conf --status %i.status 30 --writepid %i.pid
+{%- if openvpn_option is defined and openvpn_option is not none %}
+{%   for option in openvpn_option %}
+{#     Remove the '--' prefix from variable if it is presented #}
+{%     if option.startswith('--') %}
+{%       set option = option.split('--', maxsplit=1)[1] %}
+{%     endif %}
+{#     Workaround to pass '--push' options properly. Previously openvpn accepted this option without values in double-quotes #}
+{#     But now it stopped doing this, so we need to add them for compatibility #}
+{#     HOWEVER! This is a raw option and we do not promise that this or any other trick will work for all the cases. #}
+{#     Using 'openvpn-option' you take all responsibility for compatibility for yourself. #}
+{%     if option.startswith('push') and not (option.startswith('push "') and option.endswith('"')) %}
+{%       set option = 'push \"%s\"'|format(option.split('push ', maxsplit=1)[1]) %}
+{%     endif %}
+ --{{ option }}
+{%-   endfor %}
+{% endif %}
+