feat: 远程数据库增加连接性测试 (#1928 )

Refs #1924
fix: 优化容器清理提示信息 (#1927 )
2023-08-11 14:20:15 +00:00 · 2023-08-11 14:18:17 +00:00 · 2023-08-11 08:08:14 +00:00 · 2023-08-11 07:52:13 +00:00 · 2023-08-11 07:50:13 +00:00 · 2023-08-11 06:04:12 +00:00
393 changed files with 25390 additions and 5862 deletions
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -12,9 +12,7 @@ jobs:
  build-linux-binary:
    runs-on: ubuntu-latest
    steps:
-      - name: Install cross-compilers
-        run: sudo apt-get update && sudo apt-get -y install gcc-x86-64-linux-gnu gcc-aarch64-linux-gnu gcc-arm-linux-gnueabi gcc-powerpc64le-linux-gnu gcc-s390x-linux-gnu
-      - name: Checkout code
+      - name: Checkout Code
        uses: actions/checkout@v3
      - name: Setup Node
        uses: actions/setup-node@v3
@@ -23,7 +21,7 @@ jobs:
      - name: Build Web
        id: build_frontend
        run: |
-          cd frontend && npm install && npm run build:dev
+          cd frontend && npm install && npm run build:pro
        env:
          NODE_OPTIONS: --max-old-space-size=8192
      - name: Setup Go
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -10,9 +10,7 @@ jobs:
  create-release:
    runs-on: ubuntu-latest
    steps:
-      - name: Install cross-compilers
-        run: sudo apt-get update && sudo apt-get -y install gcc-x86-64-linux-gnu gcc-aarch64-linux-gnu gcc-arm-linux-gnueabi gcc-powerpc64le-linux-gnu gcc-s390x-linux-gnu
-      - name: Checkout code
+      - name: Checkout Code
        uses: actions/checkout@v2
      - name: Setup Node
        uses: actions/setup-node@v3
@@ -20,7 +18,7 @@ jobs:
          node-version: '18.14'
      - name: Build Web
        run: |
-          cd frontend && npm install && npm run build:dev
+          cd frontend && npm install && npm run build:pro
        env:
          NODE_OPTIONS: --max-old-space-size=8192
      - name: Setup Go
@@ -30,17 +28,33 @@ jobs:
      - name: Build Release
        uses: goreleaser/goreleaser-action@v4
        with:
+          distribution: goreleaser
+          version: latest
          args: release --skip-publish --clean
      - name: Upload Assets
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          draft: true
+          body: |
+            # 一、安装和升级
+
+            ## 1.1 一键安装
+            ```sh
+            curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sudo bash quick_start.sh
+            ```
+
+            ## 1.2 在线升级
+
+            登录 1Panel Web 控制台，在页面右下角点击 **【检查更新】** 进行在线升级。
+
+            >更多信息请查阅在线文档：https://1panel.cn/docs/
+
+            # 二、更新日志
+
          files: |
            dist/*.tar.gz
            dist/checksums.txt
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      - name: Setup OSSUTIL
        uses: yizhoumo/setup-ossutil@v1
        with:
@@ -49,4 +63,4 @@ jobs:
          access-key-secret: ${{ secrets.OSS_ACCESS_KEY_SECRET }}
          ossutil-version: '1.7.14'
      - name: Upload Assets to OSS
-        run: ossutil cp -r dist/ oss://resource-fit2cloud-com/1panel/package/stable/${{  github.ref_name }}/release/ --include "*.tar.gz" --include "checksums.txt" --only-current-dir
+        run: ossutil cp -r dist/ oss://resource-fit2cloud-com/1panel/package/stable/${{  github.ref_name }}/release/ --include "*.tar.gz" --include "checksums.txt" --only-current-dir --force
--- a/.gitignore
+++ b/.gitignore
@@ -30,5 +30,8 @@ dist/
 1pctl
 1panel.service
 install.sh
+quick_start.sh
 cmd/server/web/.DS_Store
 cmd/server/.DS_Store
+cmd/server/fileList.txt
+.fileList.txt
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -16,18 +16,8 @@ builds:
      - -trimpath
    ldflags:
      - -w -s
-      - --extldflags "-static -fpic"
-    tags:
-      - osusergo
    env:
-      - CGO_ENABLED=1
-      - >-
-        {{- if eq .Arch "amd64"}}CC=x86_64-linux-gnu-gcc{{- end }}
-        {{- if eq .Arch "arm64"}}CC=aarch64-linux-gnu-gcc{{- end }}
-        {{- if eq .Arch "arm"}}CC=arm-linux-gnueabi-gcc{{- end }}
-        {{- if eq .Arch "loong64"}}CC=loongarch64-linux-gnu-gcc{{- end }}
-        {{- if eq .Arch "ppc64le"}}CC=powerpc64le-linux-gnu-gcc{{- end }}
-        {{- if eq .Arch "s390x"}}CC=s390x-linux-gnu-gcc{{- end }}
+      - CGO_ENABLED=0
    goos:
      - linux
    goarm:
--- a/34
+++ b/34
@@ -1,34 +0,0 @@
-FROM node:18.14 as build_web
-ARG TARGETARCH
-ARG NPM_REGISTRY="https://registry.npmmirror.com"
-ENV NODE_OPTIONS="--max-old-space-size=4096"
-
-WORKDIR /data
-
-RUN set -ex \
-    && npm config set registry ${NPM_REGISTRY}
-
-ADD . /data
-
-RUN set -ex \
-    && cd /data/frontend \
-    && npm install
-
-RUN set -ex \
-    && cd /data/frontend \
-    && npm run build:dev
-
-FROM golang:1.20
-ARG TARGETARCH
-ARG GOPROXY="https://goproxy.cn,direct"
-
-COPY --from=build_web /data /data
-
-WORKDIR /data
-
-RUN set -ex \
-    && go env -w GOPROXY=${GOPROXY} \
-    && go install github.com/goreleaser/goreleaser@latest \
-    && goreleaser build --single-target --snapshot --clean
-
-CMD ["/bin/bash"]
--- a/12
+++ b/12
@@ -23,16 +23,12 @@ build_frontend:

 build_backend_on_linux:
 	cd $(SERVER_PATH) \
-    && CGO_ENABLED=1 GOOS=$(GOOS) GOARCH=$(GOARCH) $(GOBUILD) -trimpath -ldflags '-s -w --extldflags "-static -fpic"' -tags 'osusergo,netgo' -o $(BUILD_PATH)/$(APP_NAME) $(MAIN)
+    && GOOS=$(GOOS) GOARCH=$(GOARCH) $(GOBUILD) -trimpath -ldflags '-s -w' -o $(BUILD_PATH)/$(APP_NAME) $(MAIN)

 build_backend_on_darwin:
 	cd $(SERVER_PATH) \
-    && CGO_ENABLED=1 GOOS=linux GOARCH=amd64 CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++ $(GOBUILD) -trimpath -ldflags '-s -w --extldflags "-static -fpic"'  -o $(BUILD_PATH)/$(APP_NAME) $(MAIN)
+    && GOOS=linux GOARCH=amd64 $(GOBUILD) -trimpath -ldflags '-s -w'  -o $(BUILD_PATH)/$(APP_NAME) $(MAIN)

-build_backend_on_archlinux:
-	cd $(SERVER_PATH) \
-    && CGO_ENABLED=1 GOOS=$(GOOS) GOARCH=$(GOARCH) $(GOBUILD) -trimpath -ldflags '-s -w --extldflags "-fpic"' -tags osusergo -o $(BUILD_PATH)/$(APP_NAME) $(MAIN)
+build_all: build_frontend build_backend_on_linux

-build_all: build_frontend  build_backend_on_linux
-
-build_on_local: clean_assets build_frontend  build_backend_on_darwin upx_bin
+build_on_local: clean_assets build_frontend build_backend_on_darwin upx_bin
--- a/backend/app/api/v1/app.go
+++ b/backend/app/api/v1/app.go
@@ -130,6 +130,22 @@ func (b *BaseApi) GetAppDetailByID(c *gin.Context) {
 	helper.SuccessWithData(c, appDetailDTO)
 }

+// @Tags App
+// @Summary Get Ignore App
+// @Description 获取忽略的应用版本
+// @Accept json
+// @Success 200 {object} response.IgnoredApp
+// @Security ApiKeyAuth
+// @Router /apps/ingored [get]
+func (b *BaseApi) GetIgnoredApp(c *gin.Context) {
+	res, err := appService.GetIgnoredApp()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, res)
+}
+
 // @Tags App
 // @Summary Install app
 // @Description 安装应用
--- a/backend/app/api/v1/app_install.go
+++ b/backend/app/api/v1/app_install.go
@@ -118,7 +118,7 @@ func (b *BaseApi) LoadConnInfo(c *gin.Context) {
 // @Description 删除前检查
 // @Accept json
 // @Param appInstallId path integer true "App install id"
-// @Success 200 {anrry} dto.AppResource
+// @Success 200 {array} dto.AppResource
 // @Security ApiKeyAuth
 // @Router /apps/installed/delete/check/:appInstallId [get]
 func (b *BaseApi) DeleteCheck(c *gin.Context) {
@@ -178,7 +178,7 @@ func (b *BaseApi) OperateInstalled(c *gin.Context) {
 // @Description 通过 key 获取应用 service
 // @Accept json
 // @Param key path string true "request"
-// @Success 200 {anrry} response.AppService
+// @Success 200 {array} response.AppService
 // @Security ApiKeyAuth
 // @Router /apps/services/:key [get]
 func (b *BaseApi) GetServices(c *gin.Context) {
@@ -196,7 +196,7 @@ func (b *BaseApi) GetServices(c *gin.Context) {
 // @Description 通过 install id 获取应用更新版本
 // @Accept json
 // @Param appInstallId path integer true "request"
-// @Success 200 {anrry} dto.AppVersion
+// @Success 200 {array} dto.AppVersion
 // @Security ApiKeyAuth
 // @Router /apps/installed/:appInstallId/versions [get]
 func (b *BaseApi) GetUpdateVersions(c *gin.Context) {
@@ -305,3 +305,25 @@ func (b *BaseApi) UpdateInstalled(c *gin.Context) {
 	}
 	helper.SuccessWithData(c, nil)
 }
+
+// @Tags App
+// @Summary ignore App Update
+// @Description 忽略应用升级版本
+// @Accept json
+// @Param request body request.AppInstalledIgnoreUpgrade true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /apps/installed/ignore [post]
+// @x-panel-log {"bodyKeys":["installId"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"忽略应用 [installId] 版本升级","formatEN":"Application param update [installId]"}
+func (b *BaseApi) IgnoreUpgrade(c *gin.Context) {
+	var req request.AppInstalledIgnoreUpgrade
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := appInstallService.IgnoreUpgrade(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
--- a/backend/app/api/v1/auth.go
+++ b/backend/app/api/v1/auth.go
@@ -120,6 +120,20 @@ func (b *BaseApi) CheckIsDemo(c *gin.Context) {
 	helper.SuccessWithData(c, global.CONF.System.IsDemo)
 }

+// @Tags Auth
+// @Summary Load System Language
+// @Description 获取系统语言设置
+// @Success 200
+// @Router /auth/language [get]
+func (b *BaseApi) GetLanguage(c *gin.Context) {
+	settingInfo, err := settingService.GetSettingInfo()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, settingInfo.Language)
+}
+
 func saveLoginLogs(c *gin.Context, err error) {
 	var logs model.LoginLog
 	if err != nil {
--- a/backend/app/api/v1/backup.go
+++ b/backend/app/api/v1/backup.go
@@ -60,7 +60,7 @@ func (b *BaseApi) CreateBackup(c *gin.Context) {
 // @Description 获取 bucket 列表
 // @Accept json
 // @Param request body dto.ForBuckets true "request"
-// @Success 200 {anrry} string
+// @Success 200 {array} string
 // @Security ApiKeyAuth
 // @Router /settings/backup/search [post]
 func (b *BaseApi) ListBuckets(c *gin.Context) {
@@ -98,6 +98,22 @@ func (b *BaseApi) ListBuckets(c *gin.Context) {
 	helper.SuccessWithData(c, buckets)
 }

+// @Tags Backup Account
+// @Summary Load OneDrive info
+// @Description 获取 OneDrive 信息
+// @Accept json
+// @Success 200 string clientID
+// @Security ApiKeyAuth
+// @Router /settings/backup/onedrive [get]
+func (b *BaseApi) LoadOneDriveInfo(c *gin.Context) {
+	clientID, err := backupService.LoadOneDriveInfo()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, clientID)
+}
+
 // @Tags Backup Account
 // @Summary Delete backup account
 // @Description 删除备份账号
@@ -253,7 +269,7 @@ func (b *BaseApi) UpdateBackup(c *gin.Context) {
 // @Tags Backup Account
 // @Summary List backup accounts
 // @Description 获取备份账号列表
-// @Success 200 {anrry} dto.BackupInfo
+// @Success 200 {array} dto.BackupInfo
 // @Security ApiKeyAuth
 // @Router /settings/backup/search [get]
 func (b *BaseApi) ListBackup(c *gin.Context) {
@@ -271,7 +287,7 @@ func (b *BaseApi) ListBackup(c *gin.Context) {
 // @Description 获取备份账号内文件列表
 // @Accept json
 // @Param request body dto.BackupSearchFile true "request"
-// @Success 200 {anrry} string
+// @Success 200 {array} string
 // @Security ApiKeyAuth
 // @Router /settings/backup/search/files [post]
 func (b *BaseApi) LoadFilesFromBackup(c *gin.Context) {
--- a/backend/app/api/v1/compose_template.go
+++ b/backend/app/api/v1/compose_template.go
@@ -66,7 +66,7 @@ func (b *BaseApi) SearchComposeTemplate(c *gin.Context) {
 // @Summary List compose templates
 // @Description 获取容器编排模版列表
 // @Produce json
-// @Success 200 {anrry} dto.ComposeTemplateInfo
+// @Success 200 {array} dto.ComposeTemplateInfo
 // @Security ApiKeyAuth
 // @Router /containers/template [get]
 func (b *BaseApi) ListComposeTemplate(c *gin.Context) {
--- a/backend/app/api/v1/container.go
+++ b/backend/app/api/v1/container.go
@@ -40,6 +40,23 @@ func (b *BaseApi) SearchContainer(c *gin.Context) {
 	})
 }

+// @Tags Container
+// @Summary List containers
+// @Description 获取容器名称
+// @Accept json
+// @Produce json
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /containers/list [post]
+func (b *BaseApi) ListContainer(c *gin.Context) {
+	list, err := containerService.List()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, list)
+}
+
 // @Tags Container Compose
 // @Summary Page composes
 // @Description 获取编排列表分页
@@ -153,17 +170,97 @@ func (b *BaseApi) OperatorCompose(c *gin.Context) {
 	helper.SuccessWithData(c, nil)
 }

+// @Tags Container
+// @Summary Update container
+// @Description 更新容器
+// @Accept json
+// @Param request body dto.ContainerOperate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /containers/update [post]
+// @x-panel-log {"bodyKeys":["name","image"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"更新容器 [name][image]","formatEN":"update container [name][image]"}
+func (b *BaseApi) ContainerUpdate(c *gin.Context) {
+	var req dto.ContainerOperate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := containerService.ContainerUpdate(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
+
+// @Tags Container
+// @Summary Load container info
+// @Description 获取容器表单信息
+// @Accept json
+// @Param request body dto.OperationWithName true "request"
+// @Success 200 {object} dto.ContainerOperate
+// @Security ApiKeyAuth
+// @Router /containers/info [post]
+func (b *BaseApi) ContainerInfo(c *gin.Context) {
+	var req dto.OperationWithName
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	data, err := containerService.ContainerInfo(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, data)
+}
+
+// @Summary Load container limis
+// @Description 获取容器限制
+// @Success 200 {object} dto.ResourceLimit
+// @Security ApiKeyAuth
+// @Router /containers/limit [get]
+func (b *BaseApi) LoadResouceLimit(c *gin.Context) {
+	data, err := containerService.LoadResouceLimit()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, data)
+}
+
+// @Summary Load container stats
+// @Description 获取容器列表资源占用
+// @Success 200 {array} dto.ContainerListStats
+// @Security ApiKeyAuth
+// @Router /containers/list/stats [get]
+func (b *BaseApi) ContainerListStats(c *gin.Context) {
+	datas, err := containerService.ContainerListStats()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, datas)
+}
+
 // @Tags Container
 // @Summary Create container
 // @Description 创建容器
 // @Accept json
-// @Param request body dto.ContainerCreate true "request"
+// @Param request body dto.ContainerOperate true "request"
 // @Success 200
 // @Security ApiKeyAuth
 // @Router /containers [post]
 // @x-panel-log {"bodyKeys":["name","image"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"创建容器 [name][image]","formatEN":"create container [name][image]"}
 func (b *BaseApi) ContainerCreate(c *gin.Context) {
-	var req dto.ContainerCreate
+	var req dto.ContainerOperate
 	if err := c.ShouldBindJSON(&req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
@@ -179,6 +276,32 @@ func (b *BaseApi) ContainerCreate(c *gin.Context) {
 	helper.SuccessWithData(c, nil)
 }

+// @Tags Container
+// @Summary Upgrade container
+// @Description 更新容器镜像
+// @Accept json
+// @Param request body dto.ContainerUpgrade true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /containers/upgrade [post]
+// @x-panel-log {"bodyKeys":["name","image"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"更新容器镜像 [name][image]","formatEN":"upgrade container image [name][image]"}
+func (b *BaseApi) ContainerUpgrade(c *gin.Context) {
+	var req dto.ContainerUpgrade
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := containerService.ContainerUpgrade(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
+
 // @Tags Container
 // @Summary Clean container
 // @Description 容器清理
@@ -232,6 +355,24 @@ func (b *BaseApi) CleanContainerLog(c *gin.Context) {
 	helper.SuccessWithData(c, nil)
 }

+// @Tags Container
+// @Summary Load container log
+// @Description 获取容器操作日志
+// @Accept json
+// @Param request body dto.OperationWithNameAndType true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /containers/load/log [post]
+func (b *BaseApi) LoadContainerLog(c *gin.Context) {
+	var req dto.OperationWithNameAndType
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	content := containerService.LoadContainerLogs(req)
+	helper.SuccessWithData(c, content)
+}
+
 // @Tags Container
 // @Summary Operate Container
 // @Description 容器操作
@@ -262,7 +403,7 @@ func (b *BaseApi) ContainerOperation(c *gin.Context) {
 // @Summary Container stats
 // @Description 容器监控信息
 // @Param id path integer true "容器id"
-// @Success 200 {object} dto.ContainterStats
+// @Success 200 {object} dto.ContainerStats
 // @Security ApiKeyAuth
 // @Router /containers/stats/:id [get]
 func (b *BaseApi) ContainerStats(c *gin.Context) {
@@ -310,27 +451,29 @@ func (b *BaseApi) Inspect(c *gin.Context) {
 // @Tags Container
 // @Summary Container logs
 // @Description 容器日志
-// @Accept json
-// @Param request body dto.ContainerLog true "request"
-// @Success 200 {string} logs
+// @Param container query string false "容器名称"
+// @Param since query string false "时间筛选"
+// @Param follow query string false "是否追踪"
+// @Param tail query string false "显示行号"
 // @Security ApiKeyAuth
 // @Router /containers/search/log [post]
 func (b *BaseApi) ContainerLogs(c *gin.Context) {
-	var req dto.ContainerLog
-	if err := c.ShouldBindJSON(&req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	if err := global.VALID.Struct(req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	logs, err := containerService.ContainerLogs(req)
+	wsConn, err := upGrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		global.LOG.Errorf("gin context http handler failed, err: %v", err)
+		return
+	}
+	defer wsConn.Close()
+
+	container := c.Query("container")
+	since := c.Query("since")
+	follow := c.Query("follow") == "true"
+	tail := c.Query("tail")
+
+	if err := containerService.ContainerLogs(wsConn, container, since, tail, follow); err != nil {
+		_ = wsConn.WriteMessage(1, []byte(err.Error()))
 		return
 	}
-	helper.SuccessWithData(c, logs)
 }

 // @Tags Container Network
@@ -364,6 +507,23 @@ func (b *BaseApi) SearchNetwork(c *gin.Context) {
 	})
 }

+// @Tags Container Network
+// @Summary List networks
+// @Description 获取容器网络列表
+// @Accept json
+// @Produce json
+// @Success 200 {array} dto.Options
+// @Security ApiKeyAuth
+// @Router /containers/network [get]
+func (b *BaseApi) ListNetwork(c *gin.Context) {
+	list, err := containerService.ListNetwork()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, list)
+}
+
 // @Tags Container Network
 // @Summary Delete network
 // @Description 删除容器网络
@@ -453,11 +613,10 @@ func (b *BaseApi) SearchVolume(c *gin.Context) {
 // @Summary List volumes
 // @Description 获取容器存储卷列表
 // @Accept json
-// @Param request body dto.PageInfo true "request"
 // @Produce json
-// @Success 200 {object} dto.PageResult
+// @Success 200 {array} dto.Options
 // @Security ApiKeyAuth
-// @Router /containers/volume/search [get]
+// @Router /containers/volume [get]
 func (b *BaseApi) ListVolume(c *gin.Context) {
 	list, err := containerService.ListVolume()
 	if err != nil {
--- a/backend/app/api/v1/cronjob.go
+++ b/backend/app/api/v1/cronjob.go
@@ -94,6 +94,28 @@ func (b *BaseApi) SearchJobRecords(c *gin.Context) {
 	})
 }

+// @Tags Cronjob
+// @Summary Load Cronjob record log
+// @Description 获取计划任务记录日志
+// @Accept json
+// @Param request body dto.OperateByID true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /cronjob/record/log [post]
+func (b *BaseApi) LoadRecordLog(c *gin.Context) {
+	var req dto.OperateByID
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	content, err := cronjobService.LoadRecordLog(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, content)
+}
+
 // @Tags Cronjob
 // @Summary Clean job records
 // @Description 清空计划任务记录
@@ -224,7 +246,8 @@ func (b *BaseApi) TargetDownload(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
 	}
-	helper.SuccessWithData(c, filePath)
+
+	c.File(filePath)
 }

 // @Tags Cronjob
--- a/backend/app/api/v1/database_mysql.go
+++ b/backend/app/api/v1/database_mysql.go
@@ -188,12 +188,12 @@ func (b *BaseApi) UpdateMysqlConfByFile(c *gin.Context) {
 // @Summary Page mysql databases
 // @Description 获取 mysql 数据库列表分页
 // @Accept json
-// @Param request body dto.SearchWithPage true "request"
+// @Param request body dto.MysqlDBSearch true "request"
 // @Success 200 {object} dto.PageResult
 // @Security ApiKeyAuth
 // @Router /databases/search [post]
 func (b *BaseApi) SearchMysql(c *gin.Context) {
-	var req dto.SearchWithPage
+	var req dto.MysqlDBSearch
 	if err := c.ShouldBindJSON(&req); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
@@ -216,11 +216,11 @@ func (b *BaseApi) SearchMysql(c *gin.Context) {
 // @Description 获取 mysql 数据库列表
 // @Accept json
 // @Param request body dto.PageInfo true "request"
-// @Success 200 {anrry} string
+// @Success 200 {array} dto.MysqlOption
 // @Security ApiKeyAuth
 // @Router /databases/options [get]
 func (b *BaseApi) ListDBName(c *gin.Context) {
-	list, err := mysqlService.ListDBName()
+	list, err := mysqlService.ListDBOption()
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
@@ -229,12 +229,31 @@ func (b *BaseApi) ListDBName(c *gin.Context) {
 	helper.SuccessWithData(c, list)
 }

+// @Tags Database Mysql
+// @Summary Load mysql database from remote
+// @Description 从服务器获取
+// @Security ApiKeyAuth
+// @Router /databases/load/:from [get]
+func (b *BaseApi) LoadDBFromRemote(c *gin.Context) {
+	from, err := helper.GetStrParamByKey(c, "from")
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := mysqlService.LoadFromRemote(from); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	helper.SuccessWithData(c, nil)
+}
+
 // @Tags Database Mysql
 // @Summary Check before delete mysql database
 // @Description Mysql 数据库删除前检查
 // @Accept json
 // @Param request body dto.OperateByID true "request"
-// @Success 200 {anrry} string
+// @Success 200 {array} string
 // @Security ApiKeyAuth
 // @Router /databases/del/check [post]
 func (b *BaseApi) DeleteCheckMysql(c *gin.Context) {
@@ -302,6 +321,28 @@ func (b *BaseApi) LoadBaseinfo(c *gin.Context) {
 	helper.SuccessWithData(c, data)
 }

+// @Tags Database
+// @Summary Load Database file
+// @Description 获取数据库文件
+// @Accept json
+// @Param request body dto.OperationWithNameAndType true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /databases/load/file [post]
+func (b *BaseApi) LoadDatabaseFile(c *gin.Context) {
+	var req dto.OperationWithNameAndType
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	content, err := mysqlService.LoadDatabaseFile(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, content)
+}
+
 // @Tags Database Mysql
 // @Summary Load mysql remote access
 // @Description 获取 mysql 远程访问权限
--- a/backend/app/api/v1/entry.go
+++ b/backend/app/api/v1/entry.go
@@ -21,8 +21,9 @@ var (
 	imageService           = service.NewIImageService()
 	dockerService          = service.NewIDockerService()

-	mysqlService = service.NewIMysqlService()
-	redisService = service.NewIRedisService()
+	mysqlService    = service.NewIMysqlService()
+	remoteDBService = service.NewIRemoteDBService()
+	redisService    = service.NewIRedisService()

 	cronjobService = service.NewICronjobService()

@@ -49,4 +50,7 @@ var (
 	upgradeService  = service.NewIUpgradeService()

 	runtimeService = service.NewRuntimeService()
+	processService = service.NewIProcessService()
+
+	hostToolService = service.NewIHostToolService()
 )
--- a/backend/app/api/v1/file.go
+++ b/backend/app/api/v1/file.go
@@ -52,7 +52,7 @@ func (b *BaseApi) ListFiles(c *gin.Context) {
 // @Description 分页获取上传文件
 // @Accept json
 // @Param request body request.SearchUploadWithPage true "request"
-// @Success 200 {anrry} response.FileInfo
+// @Success 200 {array} response.FileInfo
 // @Security ApiKeyAuth
 // @Router /files/upload/search [post]
 func (b *BaseApi) SearchUploadWithPage(c *gin.Context) {
@@ -81,7 +81,7 @@ func (b *BaseApi) SearchUploadWithPage(c *gin.Context) {
 // @Description 加载文件树
 // @Accept json
 // @Param request body request.FileOption true "request"
-// @Success 200 {anrry} response.FileTree
+// @Success 200 {array} response.FileTree
 // @Security ApiKeyAuth
 // @Router /files/tree [post]
 func (b *BaseApi) GetFileTree(c *gin.Context) {
@@ -532,7 +532,7 @@ func (b *BaseApi) DownloadChunkFiles(c *gin.Context) {
 		}
 		defer file.Close()

-		file.Seek(startPos, 0)
+		_, _ = file.Seek(startPos, 0)
 		reader := io.LimitReader(file, endPos-startPos+1)
 		_, err = io.CopyBuffer(c.Writer, reader, buffer)
 		if err != nil {
@@ -544,28 +544,6 @@ func (b *BaseApi) DownloadChunkFiles(c *gin.Context) {
 	}
 }

-// @Tags File
-// @Summary Download file with path
-// @Description 下载指定文件
-// @Accept json
-// @Param request body dto.FilePath true "request"
-// @Success 200
-// @Security ApiKeyAuth
-// @Router /files/download/bypath [post]
-// @x-panel-log {"bodyKeys":["path"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"下载文件 [path]","formatEN":"Download file [path]"}
-func (b *BaseApi) DownloadFile(c *gin.Context) {
-	var req dto.FilePath
-	if err := c.ShouldBindJSON(&req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	if err := global.VALID.Struct(req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	c.File(req.Path)
-}
-
 // @Tags File
 // @Summary Load file size
 // @Description 获取文件夹大小
@@ -589,33 +567,6 @@ func (b *BaseApi) Size(c *gin.Context) {
 	helper.SuccessWithData(c, res)
 }

-// @Tags File
-// @Summary Read file
-// @Description 读取文件
-// @Accept json
-// @Param request body dto.FilePath true "request"
-// @Success 200 {string} content
-// @Security ApiKeyAuth
-// @Router /files/loadfile [post]
-func (b *BaseApi) LoadFromFile(c *gin.Context) {
-	var req dto.FilePath
-	if err := c.ShouldBindJSON(&req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	if err := global.VALID.Struct(req); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-
-	content, err := os.ReadFile(req.Path)
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
-		return
-	}
-	helper.SuccessWithData(c, string(content))
-}
-
 func mergeChunks(fileName string, fileDir string, dstDir string, chunkCount int) error {
 	if _, err := os.Stat(path.Dir(dstDir)); err != nil && os.IsNotExist(err) {
 		if err = os.MkdirAll(path.Dir(dstDir), os.ModePerm); err != nil {
@@ -683,7 +634,12 @@ func (b *BaseApi) UploadChunkFiles(c *gin.Context) {
 	}
 	filename := c.PostForm("filename")
 	fileDir := filepath.Join(tmpDir, filename)
-	_ = os.MkdirAll(fileDir, 0755)
+	if chunkIndex == 0 {
+		if fileOp.Stat(fileDir) {
+			_ = fileOp.DeleteDir(fileDir)
+		}
+		_ = os.MkdirAll(fileDir, 0755)
+	}
 	filePath := filepath.Join(fileDir, filename)

 	defer func() {
@@ -734,19 +690,12 @@ var wsUpgrade = websocket.Upgrader{
 	},
 }

-var WsManager = websocket2.Manager{
-	Group:       make(map[string]*websocket2.Client),
-	Register:    make(chan *websocket2.Client, 128),
-	UnRegister:  make(chan *websocket2.Client, 128),
-	ClientCount: 0,
-}
-
 func (b *BaseApi) Ws(c *gin.Context) {
 	ws, err := wsUpgrade.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		return
 	}
-	wsClient := websocket2.NewWsClient("wsClient", ws)
+	wsClient := websocket2.NewWsClient("fileClient", ws)
 	go wsClient.Read()
 	go wsClient.Write()
 }
--- a/backend/app/api/v1/host.go
+++ b/backend/app/api/v1/host.go
@@ -1,13 +1,11 @@
 package v1

 import (
-	"encoding/base64"
-
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
-	"github.com/1Panel-dev/1Panel/backend/utils/copier"
+	"github.com/1Panel-dev/1Panel/backend/utils/encrypt"
 	"github.com/gin-gonic/gin"
 )

@@ -30,22 +28,6 @@ func (b *BaseApi) CreateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
-	if req.AuthMode == "password" && len(req.Password) != 0 {
-		password, err := base64.StdEncoding.DecodeString(req.Password)
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.Password = string(password)
-	}
-	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
-		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
-		if err != nil {
-			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-			return
-		}
-		req.PrivateKey = string(privateKey)
-	}

 	host, err := hostService.Create(req)
 	if err != nil {
@@ -102,7 +84,7 @@ func (b *BaseApi) TestByID(c *gin.Context) {
 // @Description 加载主机树
 // @Accept json
 // @Param request body dto.SearchForTree true "request"
-// @Success 200 {anrry} dto.HostTree
+// @Success 200 {array} dto.HostTree
 // @Security ApiKeyAuth
 // @Router /hosts/tree [post]
 func (b *BaseApi) HostTree(c *gin.Context) {
@@ -126,7 +108,7 @@ func (b *BaseApi) HostTree(c *gin.Context) {
 // @Description 获取主机列表分页
 // @Accept json
 // @Param request body dto.SearchHostWithPage true "request"
-// @Success 200 {anrry} dto.HostTree
+// @Success 200 {array} dto.HostTree
 // @Security ApiKeyAuth
 // @Router /hosts/search [post]
 func (b *BaseApi) SearchHost(c *gin.Context) {
@@ -148,33 +130,6 @@ func (b *BaseApi) SearchHost(c *gin.Context) {
 	})
 }

-// @Tags Host
-// @Summary Load host info
-// @Description 加载主机信息
-// @Accept json
-// @Param id path integer true "request"
-// @Success 200 {object} dto.HostInfo
-// @Security ApiKeyAuth
-// @Router /hosts/:id [get]
-func (b *BaseApi) GetHostInfo(c *gin.Context) {
-	id, err := helper.GetParamID(c)
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	host, err := hostService.GetHostInfo(id)
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
-		return
-	}
-	var hostDto dto.HostInfo
-	if err := copier.Copy(&hostDto, host); err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
-		return
-	}
-	helper.SuccessWithData(c, hostDto)
-}
-
 // @Tags Host
 // @Summary Delete host
 // @Description 删除主机
@@ -221,21 +176,30 @@ func (b *BaseApi) UpdateHost(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
-	if req.AuthMode == "password" && len(req.Password) != 0 {
-		password, err := base64.StdEncoding.DecodeString(req.Password)
+	var err error
+	if len(req.Password) != 0 && req.AuthMode == "password" {
+		req.Password, err = hostService.EncryptHost(req.Password)
 		if err != nil {
 			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 			return
 		}
-		req.Password = string(password)
+		req.PrivateKey = ""
+		req.PassPhrase = ""
 	}
-	if req.AuthMode == "key" && len(req.PrivateKey) != 0 {
-		privateKey, err := base64.StdEncoding.DecodeString(req.PrivateKey)
+	if len(req.PrivateKey) != 0 && req.AuthMode == "key" {
+		req.PrivateKey, err = hostService.EncryptHost(req.PrivateKey)
 		if err != nil {
 			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 			return
 		}
-		req.PrivateKey = string(privateKey)
+		if len(req.PassPhrase) != 0 {
+			req.PassPhrase, err = encrypt.StringEncrypt(req.PassPhrase)
+			if err != nil {
+				helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+				return
+			}
+		}
+		req.Password = ""
 	}

 	upMap := make(map[string]interface{})
@@ -246,10 +210,12 @@ func (b *BaseApi) UpdateHost(c *gin.Context) {
 	upMap["user"] = req.User
 	upMap["auth_mode"] = req.AuthMode
 	upMap["remember_password"] = req.RememberPassword
-	if len(req.Password) != 0 {
+	if req.AuthMode == "password" {
 		upMap["password"] = req.Password
-	}
-	if len(req.PrivateKey) != 0 {
+		upMap["private_key"] = ""
+		upMap["pass_phrase"] = ""
+	} else {
+		upMap["password"] = ""
 		upMap["private_key"] = req.PrivateKey
 		upMap["pass_phrase"] = req.PassPhrase
 	}
--- a/backend/app/api/v1/host_tool.go
+++ b/backend/app/api/v1/host_tool.go
@@ -0,0 +1,213 @@
+package v1
+
+import (
+	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/gin-gonic/gin"
+)
+
+// @Tags Host tool
+// @Summary Get tool
+// @Description 获取主机工具状态
+// @Accept json
+// @Param request body request.HostToolReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool [post]
+func (b *BaseApi) GetToolStatus(c *gin.Context) {
+	var req request.HostToolReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	config, err := hostToolService.GetToolStatus(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, config)
+}
+
+// @Tags Host tool
+// @Summary Create Host tool Config
+// @Description 创建主机工具配置
+// @Accept json
+// @Param request body request.HostToolCreate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/create [post]
+// @x-panel-log {"bodyKeys":["type"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"创建 [type] 配置","formatEN":"create [type] config"}
+func (b *BaseApi) InitToolConfig(c *gin.Context) {
+	var req request.HostToolCreate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	if err := hostToolService.CreateToolConfig(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
+// @Tags Host tool
+// @Summary Operate tool
+// @Description 操作主机工具
+// @Accept json
+// @Param request body request.HostToolReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/operate [post]
+// @x-panel-log {"bodyKeys":["operate","type"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"[operate] [type] ","formatEN":"[operate] [type]"}
+func (b *BaseApi) OperateTool(c *gin.Context) {
+	var req request.HostToolReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	err := hostToolService.OperateTool(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
+// @Tags Host tool
+// @Summary Get tool config
+// @Description 操作主机工具配置文件
+// @Accept json
+// @Param request body request.HostToolConfig true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/config [post]
+// @x-panel-log {"bodyKeys":["operate"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"[operate] 主机工具配置文件 ","formatEN":"[operate] tool config"}
+func (b *BaseApi) OperateToolConfig(c *gin.Context) {
+	var req request.HostToolConfig
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	config, err := hostToolService.OperateToolConfig(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, config)
+}
+
+// @Tags Host tool
+// @Summary Get tool
+// @Description 获取主机工具日志
+// @Accept json
+// @Param request body request.HostToolLogReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/log [post]
+func (b *BaseApi) GetToolLog(c *gin.Context) {
+	var req request.HostToolLogReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	logContent, err := hostToolService.GetToolLog(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, logContent)
+}
+
+// @Tags Host tool
+// @Summary Create Supervisor process
+// @Description 操作守护进程
+// @Accept json
+// @Param request body request.SupervisorProcessConfig true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/supervisor/process [post]
+// @x-panel-log {"bodyKeys":["operate"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"[operate] 守护进程 ","formatEN":"[operate] process"}
+func (b *BaseApi) OperateProcess(c *gin.Context) {
+	var req request.SupervisorProcessConfig
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	err := hostToolService.OperateSupervisorProcess(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
+// @Tags Host tool
+// @Summary Get Supervisor process config
+// @Description 获取 Supervisor 进程配置
+// @Accept json
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/supervisor/process [get]
+func (b *BaseApi) GetProcess(c *gin.Context) {
+	configs, err := hostToolService.GetSupervisorProcessConfig()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, configs)
+}
+
+// @Tags Host tool
+// @Summary Get Supervisor process config
+// @Description 操作 Supervisor 进程文件
+// @Accept json
+// @Param request body request.SupervisorProcessFileReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/tool/supervisor/process/file [post]
+// @x-panel-log {"bodyKeys":["operate"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"[operate] Supervisor 进程文件 ","formatEN":"[operate] Supervisor Process Config file"}
+func (b *BaseApi) GetProcessFile(c *gin.Context) {
+	var req request.SupervisorProcessFileReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	content, err := hostToolService.OperateSupervisorProcessFile(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, content)
+}
--- a/backend/app/api/v1/image.go
+++ b/backend/app/api/v1/image.go
@@ -44,7 +44,7 @@ func (b *BaseApi) SearchImage(c *gin.Context) {
 // @Summary List images
 // @Description 获取镜像列表
 // @Produce json
-// @Success 200 {anrry} dto.Options
+// @Success 200 {array} dto.Options
 // @Security ApiKeyAuth
 // @Router /containers/image [get]
 func (b *BaseApi) ListImage(c *gin.Context) {
--- a/backend/app/api/v1/image_repo.go
+++ b/backend/app/api/v1/image_repo.go
@@ -44,7 +44,7 @@ func (b *BaseApi) SearchRepo(c *gin.Context) {
 // @Summary List image repos
 // @Description 获取镜像仓库列表
 // @Produce json
-// @Success 200 {anrry} dto.ImageRepoOption
+// @Success 200 {array} dto.ImageRepoOption
 // @Security ApiKeyAuth
 // @Router /containers/repo [get]
 func (b *BaseApi) ListRepo(c *gin.Context) {
--- a/backend/app/api/v1/logs.go
+++ b/backend/app/api/v1/logs.go
@@ -89,3 +89,19 @@ func (b *BaseApi) CleanLogs(c *gin.Context) {

 	helper.SuccessWithData(c, nil)
 }
+
+// @Tags Logs
+// @Summary Load system logs
+// @Description 获取系统日志
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /logs/system [get]
+func (b *BaseApi) GetSystemLogs(c *gin.Context) {
+	data, err := logService.LoadSystemLog()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	helper.SuccessWithData(c, data)
+}
--- a/backend/app/api/v1/nginx.go
+++ b/backend/app/api/v1/nginx.go
@@ -27,7 +27,7 @@ func (b *BaseApi) GetNginx(c *gin.Context) {
 // @Description 获取部分 OpenResty 配置信息
 // @Accept json
 // @Param request body request.NginxScopeReq true "request"
-// @Success 200 {anrry} response.NginxParam
+// @Success 200 {array} response.NginxParam
 // @Security ApiKeyAuth
 // @Router /openResty/scope [post]
 func (b *BaseApi) GetNginxConfigByScope(c *gin.Context) {
--- a/backend/app/api/v1/process.go
+++ b/backend/app/api/v1/process.go
@@ -0,0 +1,40 @@
+package v1
+
+import (
+	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	websocket2 "github.com/1Panel-dev/1Panel/backend/utils/websocket"
+	"github.com/gin-gonic/gin"
+)
+
+func (b *BaseApi) ProcessWs(c *gin.Context) {
+	ws, err := wsUpgrade.Upgrade(c.Writer, c.Request, nil)
+	if err != nil {
+		return
+	}
+	wsClient := websocket2.NewWsClient("processClient", ws)
+	go wsClient.Read()
+	go wsClient.Write()
+}
+
+// @Tags Process
+// @Summary Stop Process
+// @Description 停止进程
+// @Param request body request.ProcessReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /process/stop [post]
+// @x-panel-log {"bodyKeys":["PID"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"结束进程 [PID]","formatEN":"结束进程 [PID]"}
+func (b *BaseApi) StopProcess(c *gin.Context) {
+	var req request.ProcessReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := processService.StopProcess(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
--- a/backend/app/api/v1/remote_db.go
+++ b/backend/app/api/v1/remote_db.go
@@ -0,0 +1,180 @@
+package v1
+
+import (
+	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/dto"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/gin-gonic/gin"
+)
+
+// @Tags Database
+// @Summary Create remote database
+// @Description 创建远程数据库
+// @Accept json
+// @Param request body dto.RemoteDBCreate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /databases/remote [post]
+// @x-panel-log {"bodyKeys":["name", "type"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"创建远程数据库 [name][type]","formatEN":"create remote database [name][type]"}
+func (b *BaseApi) CreateRemoteDB(c *gin.Context) {
+	var req dto.RemoteDBCreate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := remoteDBService.Create(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
+
+// @Tags Database
+// @Summary Check remote database
+// @Description 检测远程数据库连接性
+// @Accept json
+// @Param request body dto.RemoteDBCreate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /databases/remote/check [post]
+// @x-panel-log {"bodyKeys":["name", "type"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"检测远程数据库 [name][type] 连接性","formatEN":"check if remote database [name][type] is connectable"}
+func (b *BaseApi) CheckeRemoteDB(c *gin.Context) {
+	var req dto.RemoteDBCreate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	helper.SuccessWithData(c, remoteDBService.CheckeRemoteDB(req))
+}
+
+// @Tags Database
+// @Summary Page remote databases
+// @Description 获取远程数据库列表分页
+// @Accept json
+// @Param request body dto.RemoteDBSearch true "request"
+// @Success 200 {object} dto.PageResult
+// @Security ApiKeyAuth
+// @Router /databases/remote/search [post]
+func (b *BaseApi) SearchRemoteDB(c *gin.Context) {
+	var req dto.RemoteDBSearch
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	total, list, err := remoteDBService.SearchWithPage(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	helper.SuccessWithData(c, dto.PageResult{
+		Items: list,
+		Total: total,
+	})
+}
+
+// @Tags Database
+// @Summary List remote databases
+// @Description 获取远程数据库列表
+// @Success 200 {array} dto.RemoteDBOption
+// @Security ApiKeyAuth
+// @Router /databases/remote/list/:type [get]
+func (b *BaseApi) ListRemoteDB(c *gin.Context) {
+	dbType, err := helper.GetStrParamByKey(c, "type")
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	list, err := remoteDBService.List(dbType)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	helper.SuccessWithData(c, list)
+}
+
+// @Tags Database
+// @Summary Get remote databases
+// @Description 获取远程数据库
+// @Success 200 {object} dto.RemoteDBInfo
+// @Security ApiKeyAuth
+// @Router /databases/remote/:name [get]
+func (b *BaseApi) GetRemoteDB(c *gin.Context) {
+	name, err := helper.GetStrParamByKey(c, "name")
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	data, err := remoteDBService.Get(name)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	helper.SuccessWithData(c, data)
+}
+
+// @Tags Database
+// @Summary Delete remote database
+// @Description 删除远程数据库
+// @Accept json
+// @Param request body dto.OperateByID true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /databases/remote/del [post]
+// @x-panel-log {"bodyKeys":["ids"],"paramKeys":[],"BeforeFuntions":[{"input_column":"id","input_value":"ids","isList":true,"db":"databases","output_column":"name","output_value":"names"}],"formatZH":"删除远程数据库 [names]","formatEN":"delete remote database [names]"}
+func (b *BaseApi) DeleteRemoteDB(c *gin.Context) {
+	var req dto.OperateByID
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	if err := remoteDBService.Delete(req.ID); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
+
+// @Tags Database
+// @Summary Update remote database
+// @Description 更新远程数据库
+// @Accept json
+// @Param request body dto.RemoteDBUpdate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /databases/remote/update [post]
+// @x-panel-log {"bodyKeys":["name"],"paramKeys":[],"BeforeFuntions":[],"formatZH":"更新远程数据库 [name]","formatEN":"update remote database [name]"}
+func (b *BaseApi) UpdateRemoteDB(c *gin.Context) {
+	var req dto.RemoteDBUpdate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := global.VALID.Struct(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+
+	if err := remoteDBService.Update(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
--- a/backend/app/api/v1/setting.go
+++ b/backend/app/api/v1/setting.go
@@ -2,6 +2,10 @@ package v1

 import (
 	"errors"
+	"fmt"
+	"os"
+	"path"
+	"strconv"

 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
@@ -132,6 +136,22 @@ func (b *BaseApi) LoadFromCert(c *gin.Context) {
 	helper.SuccessWithData(c, info)
 }

+// @Tags System Setting
+// @Summary Download system cert
+// @Description 下载证书
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /settings/ssl/download [post]
+func (b *BaseApi) DownloadSSL(c *gin.Context) {
+	pathItem := path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt")
+	if _, err := os.Stat(pathItem); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
+	c.File(pathItem)
+}
+
 // @Tags System Setting
 // @Summary Update system port
 // @Description 更新系统端口
@@ -260,11 +280,23 @@ func (b *BaseApi) CleanMonitor(c *gin.Context) {
 // @Tags System Setting
 // @Summary Load mfa info
 // @Description 获取 mfa 信息
+// @Param interval path string true "request"
 // @Success 200 {object} mfa.Otp
 // @Security ApiKeyAuth
-// @Router /settings/mfa [get]
+// @Router /settings/mfa/:interval [get]
 func (b *BaseApi) GetMFA(c *gin.Context) {
-	otp, err := mfa.GetOtp("admin")
+	intervalStr, ok := c.Params.Get("interval")
+	if !ok {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, errors.New("error interval in path"))
+		return
+	}
+	interval, err := strconv.Atoi(intervalStr)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, fmt.Errorf("type conversion failed, err: %v", err))
+		return
+	}
+
+	otp, err := mfa.GetOtp("admin", interval)
 	if err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
@@ -288,12 +320,17 @@ func (b *BaseApi) MFABind(c *gin.Context) {
 		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
 		return
 	}
-	success := mfa.ValidCode(req.Code, req.Secret)
+	success := mfa.ValidCode(req.Code, req.Interval, req.Secret)
 	if !success {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, errors.New("code is not valid"))
 		return
 	}

+	if err := settingService.Update("MFAInterval", req.Interval); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+
 	if err := settingService.Update("MFAStatus", "enable"); err != nil {
 		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 		return
--- a/backend/app/api/v1/ssh.go
+++ b/backend/app/api/v1/ssh.go
@@ -183,3 +183,18 @@ func (b *BaseApi) LoadSSHLogs(c *gin.Context) {
 	}
 	helper.SuccessWithData(c, data)
 }
+
+// @Tags SSH
+// @Summary Load host ssh conf
+// @Description 获取 ssh 配置文件
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /host/ssh/conf [get]
+func (b *BaseApi) LoadSSHConf(c *gin.Context) {
+	data, err := sshService.LoadSSHConf()
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, data)
+}
--- a/backend/app/api/v1/terminal.go
+++ b/backend/app/api/v1/terminal.go
@@ -9,8 +9,6 @@ import (
 	"strings"
 	"time"

-	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
-	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/1Panel-dev/1Panel/backend/utils/copier"
@@ -22,24 +20,27 @@ import (
 )

 func (b *BaseApi) WsSsh(c *gin.Context) {
-	id, err := strconv.Atoi(c.Query("id"))
+	wsConn, err := upGrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		global.LOG.Errorf("gin context http handler failed, err: %v", err)
+		return
+	}
+	defer wsConn.Close()
+
+	id, err := strconv.Atoi(c.Query("id"))
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param id in request")) {
 		return
 	}
 	cols, err := strconv.Atoi(c.DefaultQuery("cols", "80"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param cols in request")) {
 		return
 	}
 	rows, err := strconv.Atoi(c.DefaultQuery("rows", "40"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param rows in request")) {
 		return
 	}
 	host, err := hostService.GetHostInfo(uint(id))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+	if wshandleError(wsConn, errors.WithMessage(err, "load host info by id failed")) {
 		return
 	}
 	var connInfo ssh.ConnInfo
@@ -49,24 +50,12 @@ func (b *BaseApi) WsSsh(c *gin.Context) {
 		connInfo.PassPhrase = []byte(host.PassPhrase)
 	}

-	wsConn, err := upGrader.Upgrade(c.Writer, c.Request, nil)
-	if err != nil {
-		global.LOG.Errorf("gin context http handler failed, err: %v", err)
-		return
-	}
-	defer wsConn.Close()
-
 	client, err := connInfo.NewClient()
 	if wshandleError(wsConn, errors.WithMessage(err, "failed to set up the connection. Please check the host information")) {
 		return
 	}
 	defer client.Close()
-	ssConn, err := connInfo.NewSshConn(cols, rows)
-	if wshandleError(wsConn, err) {
-		return
-	}
-	defer ssConn.Close()
-
+	
 	sws, err := terminal.NewLogicSshWsSession(cols, rows, true, connInfo.Client, wsConn)
 	if wshandleError(wsConn, err) {
 		return
@@ -85,28 +74,25 @@ func (b *BaseApi) WsSsh(c *gin.Context) {
 }

 func (b *BaseApi) RedisWsSsh(c *gin.Context) {
-	cols, err := strconv.Atoi(c.DefaultQuery("cols", "80"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	rows, err := strconv.Atoi(c.DefaultQuery("rows", "40"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	redisConf, err := redisService.LoadConf()
-	if err != nil {
-		global.LOG.Errorf("load redis container failed, err: %v", err)
-		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
-		return
-	}
-
 	wsConn, err := upGrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		global.LOG.Errorf("gin context http handler failed, err: %v", err)
 		return
 	}
+
+	cols, err := strconv.Atoi(c.DefaultQuery("cols", "80"))
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param cols in request")) {
+		return
+	}
+	rows, err := strconv.Atoi(c.DefaultQuery("rows", "40"))
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param rows in request")) {
+		return
+	}
+	redisConf, err := redisService.LoadConf()
+	if wshandleError(wsConn, errors.WithMessage(err, "load redis container failed")) {
+		return
+	}
+
 	defer wsConn.Close()
 	commands := "redis-cli"
 	if len(redisConf.Requirepass) != 0 {
@@ -138,24 +124,6 @@ func (b *BaseApi) RedisWsSsh(c *gin.Context) {
 }

 func (b *BaseApi) ContainerWsSsh(c *gin.Context) {
-	containerID := c.Query("containerid")
-	command := c.Query("command")
-	user := c.Query("user")
-	if len(command) == 0 || len(containerID) == 0 {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, errors.New("error param of command or containerID"))
-		return
-	}
-	cols, err := strconv.Atoi(c.DefaultQuery("cols", "80"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-	rows, err := strconv.Atoi(c.DefaultQuery("rows", "40"))
-	if err != nil {
-		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
-		return
-	}
-
 	wsConn, err := upGrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		global.LOG.Errorf("gin context http handler failed, err: %v", err)
@@ -163,11 +131,33 @@ func (b *BaseApi) ContainerWsSsh(c *gin.Context) {
 	}
 	defer wsConn.Close()

-	cmds := fmt.Sprintf("docker exec %s %s", containerID, command)
-	if len(user) != 0 {
-		cmds = fmt.Sprintf("docker exec -u %s %s %s", user, containerID, command)
+	containerID := c.Query("containerid")
+	command := c.Query("command")
+	user := c.Query("user")
+	if len(command) == 0 || len(containerID) == 0 {
+		if wshandleError(wsConn, errors.New("error param of command or containerID")) {
+			return
+		}
 	}
-	stdout, err := cmd.Exec(cmds)
+	cols, err := strconv.Atoi(c.DefaultQuery("cols", "80"))
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param cols in request")) {
+		return
+	}
+	rows, err := strconv.Atoi(c.DefaultQuery("rows", "40"))
+	if wshandleError(wsConn, errors.WithMessage(err, "invalid param rows in request")) {
+		return
+	}
+
+	cmds := []string{"exec", containerID, command}
+	if len(user) != 0 {
+		cmds = []string{"exec", "-u", user, containerID, command}
+	}
+	if cmd.CheckIllegal(user, containerID, command) {
+		if wshandleError(wsConn, errors.New("  The command contains illegal characters.")) {
+			return
+		}
+	}
+	stdout, err := cmd.ExecWithCheck("docker", cmds...)
 	if wshandleError(wsConn, errors.WithMessage(err, stdout)) {
 		return
 	}
--- a/backend/app/api/v1/website.go
+++ b/backend/app/api/v1/website.go
@@ -36,7 +36,7 @@ func (b *BaseApi) PageWebsite(c *gin.Context) {
 // @Tags Website
 // @Summary List websites
 // @Description 获取网站列表
-// @Success 200 {anrry} response.WebsiteDTO
+// @Success 200 {array} response.WebsiteDTO
 // @Security ApiKeyAuth
 // @Router /websites/list [get]
 func (b *BaseApi) GetWebsites(c *gin.Context) {
@@ -51,7 +51,7 @@ func (b *BaseApi) GetWebsites(c *gin.Context) {
 // @Tags Website
 // @Summary List website names
 // @Description 获取网站列表
-// @Success 200 {anrry} string
+// @Success 200 {array} string
 // @Security ApiKeyAuth
 // @Router /websites/options [get]
 func (b *BaseApi) GetWebsiteOptions(c *gin.Context) {
@@ -207,7 +207,7 @@ func (b *BaseApi) GetWebsiteNginx(c *gin.Context) {
 // @Description 通过网站 id 查询域名
 // @Accept json
 // @Param websiteId path integer true "request"
-// @Success 200 {anrry} model.WebsiteDomain
+// @Success 200 {array} model.WebsiteDomain
 // @Security ApiKeyAuth
 // @Router /websites/domains/:websiteId [get]
 func (b *BaseApi) GetWebDomains(c *gin.Context) {
@@ -367,7 +367,7 @@ func (b *BaseApi) UpdateHTTPSConfig(c *gin.Context) {
 // @Description 网站创建前检查
 // @Accept json
 // @Param request body request.WebsiteInstallCheckReq true "request"
-// @Success 200 {anrry} request.WebsitePreInstallCheck
+// @Success 200 {array} response.WebsitePreInstallCheck
 // @Security ApiKeyAuth
 // @Router /websites/check [post]
 func (b *BaseApi) CreateWebsiteCheck(c *gin.Context) {
@@ -428,6 +428,28 @@ func (b *BaseApi) UpdateWebsiteWafConfig(c *gin.Context) {
 	helper.SuccessWithData(c, nil)
 }

+// @Tags Website WAF
+// @Summary Update website waf  file
+// @Description 更新 网站 waf 配置文件
+// @Accept json
+// @Param request body request.WebsiteWafUpdate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /websites/waf/file/update [post]
+// @x-panel-log {"bodyKeys":["websiteId"],"paramKeys":[],"BeforeFuntions":[{"input_column":"id","input_value":"websiteId","isList":false,"db":"websites","output_column":"primary_domain","output_value":"domain"}],"formatZH":"WAF 配置文件修改 [domain]","formatEN":"WAF conf file update [domain]"}
+func (b *BaseApi) UpdateWebsiteWafFile(c *gin.Context) {
+	var req request.WebsiteWafFileUpdate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := websiteService.UpdateWafFile(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, nil)
+}
+
 // @Tags Website Nginx
 // @Summary Update website nginx conf
 // @Description 更新 网站 nginx 配置
@@ -541,7 +563,7 @@ func (b *BaseApi) UpdateWebsitePHPConfig(c *gin.Context) {

 // @Tags Website PHP
 // @Summary Update php conf
-// @Description 更新 php 配置
+// @Description 更新 php 配置文件
 // @Accept json
 // @Param request body request.WebsitePHPFileUpdate true "request"
 // @Success 200
@@ -561,6 +583,28 @@ func (b *BaseApi) UpdatePHPFile(c *gin.Context) {
 	helper.SuccessWithData(c, nil)
 }

+// @Tags Website PHP
+// @Summary Update php version
+// @Description 变更 php 版本
+// @Accept json
+// @Param request body request.WebsitePHPVersionReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /websites/php/version [post]
+// @x-panel-log {"bodyKeys":["websiteId"],"paramKeys":[],"BeforeFuntions":[{"input_column":"id","input_value":"websiteId","isList":false,"db":"websites","output_column":"primary_domain","output_value":"domain"}],"formatZH":"php 版本变更 [domain]","formatEN":"php version update [domain]"}
+func (b *BaseApi) ChangePHPVersion(c *gin.Context) {
+	var req request.WebsitePHPVersionReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := websiteService.ChangePHPVersion(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
 // @Tags Website
 // @Summary Get rewrite conf
 // @Description 获取伪静态配置
@@ -801,3 +845,70 @@ func (b *BaseApi) UpdateAntiLeech(c *gin.Context) {
 	}
 	helper.SuccessWithOutData(c)
 }
+
+// @Tags Website
+// @Summary Update redirect conf
+// @Description 修改重定向配置
+// @Accept json
+// @Param request body request.NginxRedirectReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /websites/redirect/update [post]
+// @x-panel-log {"bodyKeys":["websiteID"],"paramKeys":[],"BeforeFuntions":[{"input_column":"id","input_value":"websiteID","isList":false,"db":"websites","output_column":"primary_domain","output_value":"domain"}],"formatZH":"修改网站 [domain] 重定向理配置 ","formatEN":"Update domain [domain] redirect config"}
+func (b *BaseApi) UpdateRedirectConfig(c *gin.Context) {
+	var req request.NginxRedirectReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	err := websiteService.OperateRedirect(req)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
+
+// @Tags Website
+// @Summary Get redirect conf
+// @Description 获取重定向配置
+// @Accept json
+// @Param request body request.WebsiteProxyReq true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /websites/redirect [post]
+func (b *BaseApi) GetRedirectConfig(c *gin.Context) {
+	var req request.WebsiteRedirectReq
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	res, err := websiteService.GetRedirect(req.WebsiteID)
+	if err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithData(c, res)
+}
+
+// @Tags Website
+// @Summary Update redirect file
+// @Description 更新重定向文件
+// @Accept json
+// @Param request body request.NginxRedirectUpdate true "request"
+// @Success 200
+// @Security ApiKeyAuth
+// @Router /websites/redirect/file [post]
+// @x-panel-log {"bodyKeys":["websiteID"],"paramKeys":[],"BeforeFuntions":[{"input_column":"id","input_value":"websiteID","isList":false,"db":"websites","output_column":"primary_domain","output_value":"domain"}],"formatZH":"更新重定向文件 [domain]","formatEN":"Nginx conf redirect file update [domain]"}
+func (b *BaseApi) UpdateRedirectConfigFile(c *gin.Context) {
+	var req request.NginxRedirectUpdate
+	if err := c.ShouldBindJSON(&req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrTypeInvalidParams, err)
+		return
+	}
+	if err := websiteService.UpdateRedirectFile(req); err != nil {
+		helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
+		return
+	}
+	helper.SuccessWithOutData(c)
+}
--- a/backend/app/api/v1/website_ssl.go
+++ b/backend/app/api/v1/website_ssl.go
@@ -35,7 +35,7 @@ func (b *BaseApi) PageWebsiteSSL(c *gin.Context) {
 			Items: accounts,
 		})
 	} else {
-		list, err := websiteSSLService.Search()
+		list, err := websiteSSLService.Search(req)
 		if err != nil {
 			helper.ErrorWithDetail(c, constant.CodeErrInternalServer, constant.ErrTypeInternalServer, err)
 			return
@@ -94,7 +94,7 @@ func (b *BaseApi) RenewWebsiteSSL(c *gin.Context) {
 // @Description 解析网站 ssl
 // @Accept json
 // @Param request body request.WebsiteDNSReq true "request"
-// @Success 200 {anrry} response.WebsiteDNSRes
+// @Success 200 {array} response.WebsiteDNSRes
 // @Security ApiKeyAuth
 // @Router /websites/ssl/resolve [post]
 func (b *BaseApi) GetDNSResolve(c *gin.Context) {
--- a/backend/app/dto/app.go
+++ b/backend/app/dto/app.go
@@ -15,6 +15,10 @@ type AuthParam struct {
 	RootPassword string `json:"PANEL_DB_ROOT_PASSWORD"`
 }

+type RedisAuthParam struct {
+	RootPassword string `json:"PANEL_REDIS_ROOT_PASSWORD"`
+}
+
 type ContainerExec struct {
 	ContainerName string      `json:"containerName"`
 	DbParam       AppDatabase `json:"dbParam"`
--- a/backend/app/dto/auth.go
+++ b/backend/app/dto/auth.go
@@ -12,8 +12,9 @@ type UserLoginInfo struct {
 }

 type MfaCredential struct {
-	Secret string `json:"secret"`
-	Code   string `json:"code"`
+	Secret   string `json:"secret"`
+	Code     string `json:"code"`
+	Interval string `json:"interval"`
 }

 type Login struct {
@@ -23,6 +24,7 @@ type Login struct {
 	Captcha       string `json:"captcha"`
 	CaptchaID     string `json:"captchaID"`
 	AuthMethod    string `json:"authMethod"`
+	Language      string `json:"language"`
 }

 type MFALogin struct {
--- a/backend/app/dto/backup.go
+++ b/backend/app/dto/backup.go
@@ -8,15 +8,17 @@ type BackupOperate struct {
 	Bucket     string `json:"bucket"`
 	AccessKey  string `json:"accessKey"`
 	Credential string `json:"credential"`
+	BackupPath string `json:"backupPath"`
 	Vars       string `json:"vars" validate:"required"`
 }

 type BackupInfo struct {
-	ID        uint      `json:"id"`
-	CreatedAt time.Time `json:"createdAt"`
-	Type      string    `json:"type"`
-	Bucket    string    `json:"bucket"`
-	Vars      string    `json:"vars"`
+	ID         uint      `json:"id"`
+	CreatedAt  time.Time `json:"createdAt"`
+	Type       string    `json:"type"`
+	Bucket     string    `json:"bucket"`
+	BackupPath string    `json:"backupPath"`
+	Vars       string    `json:"vars"`
 }

 type BackupSearch struct {
@@ -36,7 +38,7 @@ type CommonBackup struct {
 	DetailName string `json:"detailName"`
 }
 type CommonRecover struct {
-	Source     string `json:"source" validate:"required,oneof=OSS S3 SFTP MINIO LOCAL COS KODO"`
+	Source     string `json:"source" validate:"required,oneof=OSS S3 SFTP MINIO LOCAL COS KODO OneDrive"`
 	Type       string `json:"type" validate:"required,oneof=app mysql redis website"`
 	Name       string `json:"name"`
 	DetailName string `json:"detailName"`
@@ -60,7 +62,7 @@ type BackupRecords struct {
 }

 type DownloadRecord struct {
-	Source   string `json:"source" validate:"required,oneof=OSS S3 SFTP MINIO LOCAL COS KODO"`
+	Source   string `json:"source" validate:"required,oneof=OSS S3 SFTP MINIO LOCAL COS KODO OneDrive"`
 	FileDir  string `json:"fileDir" validate:"required"`
 	FileName string `json:"fileName" validate:"required"`
 }
--- a/backend/app/dto/common_req.go
+++ b/backend/app/dto/common_req.go
@@ -2,7 +2,9 @@ package dto

 type SearchWithPage struct {
 	PageInfo
-	Info string `json:"info"`
+	Info    string `json:"info"`
+	OrderBy string `json:"orderBy"`
+	Order   string `json:"order"`
 }

 type PageInfo struct {
--- a/backend/app/dto/container.go
+++ b/backend/app/dto/container.go
@@ -5,6 +5,8 @@ import "time"
 type PageContainer struct {
 	PageInfo
 	Name    string `json:"name"`
+	OrderBy string `json:"orderBy"`
+	Order   string `json:"order"`
 	Filters string `json:"filters"`
 }

@@ -22,22 +24,29 @@ type ContainerInfo struct {
 	State       string `json:"state"`
 	RunTime     string `json:"runTime"`

-	CPUPercent    float64  `json:"cpuPercent"`
-	MemoryPercent float64  `json:"memoryPercent"`
-	Ports         []string `json:"ports"`
+	Ports []string `json:"ports"`

 	IsFromApp     bool `json:"isFromApp"`
 	IsFromCompose bool `json:"isFromCompose"`
 }

-type ContainerCreate struct {
+type ResourceLimit struct {
+	CPU    int `json:"cpu"`
+	Memory int `json:"memory"`
+}
+
+type ContainerOperate struct {
+	ContainerID     string         `json:"containerID"`
+	ForcePull       bool           `json:"forcePull"`
 	Name            string         `json:"name"`
 	Image           string         `json:"image"`
+	Network         string         `json:"network"`
 	PublishAllPorts bool           `json:"publishAllPorts"`
 	ExposedPorts    []PortHelper   `json:"exposedPorts"`
 	Cmd             []string       `json:"cmd"`
-	NanoCPUs        int64          `json:"nanoCPUs"`
-	Memory          int64          `json:"memory"`
+	CPUShares       int64          `json:"cpuShares"`
+	NanoCPUs        float64        `json:"nanoCPUs"`
+	Memory          float64        `json:"memory"`
 	AutoRemove      bool           `json:"autoRemove"`
 	Volumes         []VolumeHelper `json:"volumes"`
 	Labels          []string       `json:"labels"`
@@ -45,7 +54,19 @@ type ContainerCreate struct {
 	RestartPolicy   string         `json:"restartPolicy"`
 }

-type ContainterStats struct {
+type ContainerUpgrade struct {
+	Name      string `json:"name" validate:"required"`
+	Image     string `json:"image" validate:"required"`
+	ForcePull bool   `json:"forcePull"`
+}
+
+type ContainerListStats struct {
+	ContainerID   string  `json:"containerID"`
+	CPUPercent    float64 `json:"cpuPercent"`
+	MemoryPercent float64 `json:"memoryPercent"`
+}
+
+type ContainerStats struct {
 	CPUPercent float64 `json:"cpuPercent"`
 	Memory     float64 `json:"memory"`
 	Cache      float64 `json:"cache"`
@@ -69,11 +90,6 @@ type PortHelper struct {
 	Protocol      string `json:"protocol"`
 }

-type ContainerLog struct {
-	ContainerID string `json:"containerID" validate:"required"`
-	Mode        string `json:"mode" validate:"required"`
-}
-
 type ContainerOperation struct {
 	Name      string `json:"name" validate:"required"`
 	Operation string `json:"operation" validate:"required,oneof=start stop restart kill pause unpause rename remove"`
@@ -82,7 +98,7 @@ type ContainerOperation struct {

 type ContainerPrune struct {
 	PruneType  string `json:"pruneType" validate:"required,oneof=container image volume network"`
-	WithTagAll bool   `josn:"withTagAll"`
+	WithTagAll bool   `json:"withTagAll"`
 }

 type ContainerPruneReport struct {
--- a/backend/app/dto/cronjob.go
+++ b/backend/app/dto/cronjob.go
@@ -13,6 +13,7 @@ type CronjobCreate struct {
 	Second   int    `json:"second" validate:"number"`

 	Script         string `json:"script"`
+	ContainerName  string `json:"containerName"`
 	Website        string `json:"website"`
 	ExclusionRules string `json:"exclusionRules"`
 	DBName         string `json:"dbName"`
@@ -34,6 +35,7 @@ type CronjobUpdate struct {
 	Second   int    `json:"second" validate:"number"`

 	Script         string `json:"script"`
+	ContainerName  string `json:"containerName"`
 	Website        string `json:"website"`
 	ExclusionRules string `json:"exclusionRules"`
 	DBName         string `json:"dbName"`
@@ -76,6 +78,7 @@ type CronjobInfo struct {
 	Second   int    `json:"second"`

 	Script         string `json:"script"`
+	ContainerName  string `json:"containerName"`
 	Website        string `json:"website"`
 	ExclusionRules string `json:"exclusionRules"`
 	DBName         string `json:"dbName"`
--- a/backend/app/dto/database.go
+++ b/backend/app/dto/database.go
@@ -2,10 +2,20 @@ package dto

 import "time"

+type MysqlDBSearch struct {
+	PageInfo
+	Info    string `json:"info"`
+	From    string `json:"from"`
+	OrderBy string `json:"orderBy"`
+	Order   string `json:"order"`
+}
+
 type MysqlDBInfo struct {
 	ID          uint      `json:"id"`
 	CreatedAt   time.Time `json:"createdAt"`
 	Name        string    `json:"name"`
+	From        string    `json:"from"`
+	MysqlName   string    `json:"mysqlName"`
 	Format      string    `json:"format"`
 	Username    string    `json:"username"`
 	Password    string    `json:"password"`
@@ -14,8 +24,15 @@ type MysqlDBInfo struct {
 	Description string    `json:"description"`
 }

+type MysqlOption struct {
+	ID   uint   `json:"id"`
+	Name string `json:"name"`
+	From string `json:"from"`
+}
+
 type MysqlDBCreate struct {
 	Name        string `json:"name" validate:"required"`
+	From        string `json:"from" validate:"required"`
 	Format      string `json:"format" validate:"required,oneof=utf8mb4 utf8 gbk big5"`
 	Username    string `json:"username" validate:"required"`
 	Password    string `json:"password" validate:"required"`
@@ -100,6 +117,7 @@ type MysqlConfUpdateByFile struct {

 type ChangeDBInfo struct {
 	ID    uint   `json:"id"`
+	From  string `json:"from"`
 	Value string `json:"value" validate:"required"`
 }

--- a/backend/app/dto/image.go
+++ b/backend/app/dto/image.go
@@ -10,35 +10,35 @@ type ImageInfo struct {
 }

 type ImageLoad struct {
-	Path string `josn:"path" validate:"required"`
+	Path string `json:"path" validate:"required"`
 }

 type ImageBuild struct {
-	From       string   `josn:"from" validate:"required"`
+	From       string   `json:"from" validate:"required"`
 	Name       string   `json:"name" validate:"required"`
-	Dockerfile string   `josn:"dockerfile" validate:"required"`
-	Tags       []string `josn:"tags"`
+	Dockerfile string   `json:"dockerfile" validate:"required"`
+	Tags       []string `json:"tags"`
 }

 type ImagePull struct {
-	RepoID    uint   `josn:"repoID"`
-	ImageName string `josn:"imageName" validate:"required"`
+	RepoID    uint   `json:"repoID"`
+	ImageName string `json:"imageName" validate:"required"`
 }

 type ImageTag struct {
-	RepoID     uint   `josn:"repoID"`
+	RepoID     uint   `json:"repoID"`
 	SourceID   string `json:"sourceID" validate:"required"`
-	TargetName string `josn:"targetName" validate:"required"`
+	TargetName string `json:"targetName" validate:"required"`
 }

 type ImagePush struct {
-	RepoID  uint   `josn:"repoID" validate:"required"`
+	RepoID  uint   `json:"repoID" validate:"required"`
 	TagName string `json:"tagName" validate:"required"`
 	Name    string `json:"name" validate:"required"`
 }

 type ImageSave struct {
 	TagName string `json:"tagName" validate:"required"`
-	Path    string `josn:"path" validate:"required"`
+	Path    string `json:"path" validate:"required"`
 	Name    string `json:"name" validate:"required"`
 }
--- a/backend/app/dto/image_repo.go
+++ b/backend/app/dto/image_repo.go
@@ -6,8 +6,8 @@ type ImageRepoCreate struct {
 	Name        string `json:"name" validate:"required"`
 	DownloadUrl string `json:"downloadUrl"`
 	Protocol    string `json:"protocol"`
-	Username    string `json:"username"`
-	Password    string `json:"password"`
+	Username    string `json:"username" validate:"max=256"`
+	Password    string `json:"password" validate:"max=256"`
 	Auth        bool   `json:"auth"`
 }

@@ -15,8 +15,8 @@ type ImageRepoUpdate struct {
 	ID          uint   `json:"id"`
 	DownloadUrl string `json:"downloadUrl"`
 	Protocol    string `json:"protocol"`
-	Username    string `json:"username"`
-	Password    string `json:"password"`
+	Username    string `json:"username" validate:"max=256"`
+	Password    string `json:"password" validate:"max=256"`
 	Auth        bool   `json:"auth"`
 }

--- a/backend/app/dto/remote_db.go
+++ b/backend/app/dto/remote_db.go
@@ -0,0 +1,52 @@
+package dto
+
+import "time"
+
+type RemoteDBSearch struct {
+	PageInfo
+	Info    string `json:"info"`
+	Type    string `json:"type"`
+	OrderBy string `json:"orderBy"`
+	Order   string `json:"order"`
+}
+
+type RemoteDBInfo struct {
+	ID          uint      `json:"id"`
+	CreatedAt   time.Time `json:"createdAt"`
+	Name        string    `json:"name" validate:"max=256"`
+	From        string    `json:"from"`
+	Version     string    `json:"version"`
+	Address     string    `json:"address"`
+	Port        uint      `json:"port"`
+	Username    string    `json:"username"`
+	Password    string    `json:"password"`
+	Description string    `json:"description"`
+}
+
+type RemoteDBOption struct {
+	ID      uint   `json:"id"`
+	Name    string `json:"name"`
+	Address string `json:"address"`
+}
+
+type RemoteDBCreate struct {
+	Name        string `json:"name" validate:"required,max=256"`
+	Type        string `json:"type" validate:"required,oneof=mysql"`
+	From        string `json:"from" validate:"required,oneof=local remote"`
+	Version     string `json:"version" validate:"required"`
+	Address     string `json:"address"`
+	Port        uint   `json:"port"`
+	Username    string `json:"username" validate:"required"`
+	Password    string `json:"password" validate:"required"`
+	Description string `json:"description"`
+}
+
+type RemoteDBUpdate struct {
+	ID          uint   `json:"id"`
+	Version     string `json:"version" validate:"required"`
+	Address     string `json:"address"`
+	Port        uint   `json:"port"`
+	Username    string `json:"username" validate:"required"`
+	Password    string `json:"password" validate:"required"`
+	Description string `json:"description"`
+}
--- a/backend/app/dto/request/app.go
+++ b/backend/app/dto/request/app.go
@@ -58,6 +58,7 @@ type AppInstalledOperate struct {
 	ForceDelete  bool                `json:"forceDelete"`
 	DeleteBackup bool                `json:"deleteBackup"`
 	DeleteDB     bool                `json:"deleteDB"`
+	Backup       bool                `json:"backup"`
 }

 type AppInstalledUpdate struct {
@@ -66,6 +67,11 @@ type AppInstalledUpdate struct {
 	AppContainerConfig
 }

+type AppInstalledIgnoreUpgrade struct {
+	DetailID uint   `json:"detailID"  validate:"required"`
+	Operate  string `json:"operate"   validate:"required,oneof=cancel ignore"`
+}
+
 type PortUpdate struct {
 	Key  string `json:"key"`
 	Name string `json:"name"`
--- a/backend/app/dto/request/host_tool.go
+++ b/backend/app/dto/request/host_tool.go
@@ -0,0 +1,41 @@
+package request
+
+type HostToolReq struct {
+	Type    string `json:"type" validate:"required,oneof=supervisord"`
+	Operate string `json:"operate" validate:"oneof=status restart start stop"`
+}
+
+type HostToolCreate struct {
+	Type string `json:"type" validate:"required"`
+	SupervisorConfig
+}
+
+type SupervisorConfig struct {
+	ConfigPath  string `json:"configPath"`
+	ServiceName string `json:"serviceName"`
+}
+
+type HostToolLogReq struct {
+	Type string `json:"type" validate:"required,oneof=supervisord"`
+}
+
+type HostToolConfig struct {
+	Type    string `json:"type" validate:"required,oneof=supervisord"`
+	Operate string `json:"operate" validate:"oneof=get set"`
+	Content string `json:"content"`
+}
+
+type SupervisorProcessConfig struct {
+	Name     string `json:"name"`
+	Operate  string `json:"operate"`
+	Command  string `json:"command"`
+	User     string `json:"user"`
+	Dir      string `json:"dir"`
+	Numprocs string `json:"numprocs"`
+}
+type SupervisorProcessFileReq struct {
+	Name    string `json:"name" validate:"required"`
+	Operate string `json:"operate" validate:"required,oneof=get clear update" `
+	Content string `json:"content"`
+	File    string `json:"file" validate:"required,oneof=out.log err.log config"`
+}
--- a/backend/app/dto/request/nginx.go
+++ b/backend/app/dto/request/nginx.go
@@ -3,9 +3,8 @@ package request
 import "github.com/1Panel-dev/1Panel/backend/app/dto"

 type NginxConfigFileUpdate struct {
-	Content  string `json:"content" validate:"required"`
-	FilePath string `json:"filePath" validate:"required"`
-	Backup   bool   `json:"backup" validate:"required"`
+	Content string `json:"content" validate:"required"`
+	Backup  bool   `json:"backup" validate:"required"`
 }

 type NginxScopeReq struct {
@@ -66,3 +65,23 @@ type NginxAntiLeechUpdate struct {
 	LogEnable   bool     `json:"logEnable"`
 	Blocked     bool     `json:"blocked"`
 }
+
+type NginxRedirectReq struct {
+	Name         string   `json:"name" validate:"required"`
+	WebsiteID    uint     `json:"websiteID" validate:"required"`
+	Domains      []string `json:"domains"`
+	KeepPath     bool     `json:"keepPath" validate:"required"`
+	Enable       bool     `json:"enable" validate:"required"`
+	Type         string   `json:"type" validate:"required"`
+	Redirect     string   `json:"redirect" validate:"required"`
+	Path         string   `json:"path"`
+	Target       string   `json:"target" validate:"required"`
+	Operate      string   `json:"operate" validate:"required"`
+	RedirectRoot bool     `json:"redirectRoot"`
+}
+
+type NginxRedirectUpdate struct {
+	WebsiteID uint   `json:"websiteID" validate:"required"`
+	Content   string `json:"content" validate:"required"`
+	Name      string `json:"name" validate:"required"`
+}
--- a/backend/app/dto/request/process.go
+++ b/backend/app/dto/request/process.go
@@ -0,0 +1,5 @@
+package request
+
+type ProcessReq struct {
+	PID int32 `json:"PID"  validate:"required"`
+}
--- a/backend/app/dto/request/website.go
+++ b/backend/app/dto/request/website.go
@@ -7,6 +7,8 @@ import (
 type WebsiteSearch struct {
 	dto.PageInfo
 	Name           string `json:"name"`
+	OrderBy        string `json:"orderBy"`
+	Order          string `json:"order"`
 	WebsiteGroupID uint   `json:"websiteGroupId"`
 }

@@ -73,6 +75,12 @@ type WebsiteWafReq struct {
 	Rule      string `json:"rule" validate:"required"`
 }

+type WebsiteRedirectUpdate struct {
+	WebsiteID uint   `json:"websiteId" validate:"required"`
+	Key       string `json:"key" validate:"required"`
+	Enable    bool   `json:"enable" validate:"required"`
+}
+
 type WebsiteWafUpdate struct {
 	WebsiteID uint   `json:"websiteId" validate:"required"`
 	Key       string `json:"key" validate:"required"`
@@ -113,15 +121,18 @@ type WebsiteDomainDelete struct {
 }

 type WebsiteHTTPSOp struct {
-	WebsiteID    uint     `json:"websiteId" validate:"required"`
-	Enable       bool     `json:"enable" validate:"required"`
-	WebsiteSSLID uint     `json:"websiteSSLId"`
-	Type         string   `json:"type"  validate:"oneof=existed auto manual"`
-	PrivateKey   string   `json:"privateKey"`
-	Certificate  string   `json:"certificate"`
-	HttpConfig   string   `json:"HttpConfig"  validate:"oneof=HTTPSOnly HTTPAlso HTTPToHTTPS"`
-	SSLProtocol  []string `json:"SSLProtocol"`
-	Algorithm    string   `json:"algorithm"`
+	WebsiteID       uint     `json:"websiteId" validate:"required"`
+	Enable          bool     `json:"enable" validate:"required"`
+	WebsiteSSLID    uint     `json:"websiteSSLId"`
+	Type            string   `json:"type"  validate:"oneof=existed auto manual"`
+	PrivateKey      string   `json:"privateKey"`
+	Certificate     string   `json:"certificate"`
+	PrivateKeyPath  string   `json:"privateKeyPath"`
+	CertificatePath string   `json:"certificatePath"`
+	ImportType      string   `json:"importType"`
+	HttpConfig      string   `json:"httpConfig"  validate:"oneof=HTTPSOnly HTTPAlso HTTPToHTTPS"`
+	SSLProtocol     []string `json:"SSLProtocol"`
+	Algorithm       string   `json:"algorithm"`
 }

 type WebsiteNginxUpdate struct {
@@ -153,6 +164,12 @@ type WebsitePHPFileUpdate struct {
 	Content string `json:"content" validate:"required"`
 }

+type WebsitePHPVersionReq struct {
+	WebsiteID    uint `json:"websiteID" validate:"required"`
+	RuntimeID    uint `json:"runtimeID" validate:"required"`
+	RetainConfig bool `json:"retainConfig" validate:"required"`
+}
+
 type WebsiteUpdateDir struct {
 	ID      uint   `json:"id" validate:"required"`
 	SiteDir string `json:"siteDir" validate:"required"`
@@ -184,3 +201,13 @@ type WebsiteProxyConfig struct {
 type WebsiteProxyReq struct {
 	ID uint `json:"id" validate:"required"`
 }
+
+type WebsiteRedirectReq struct {
+	WebsiteID uint `json:"websiteId" validate:"required"`
+}
+
+type WebsiteWafFileUpdate struct {
+	WebsiteID uint   `json:"websiteID" validate:"required"`
+	Content   string `json:"content" validate:"required"`
+	Type      string `json:"type" validate:"required,oneof=cc ip_white ip_block url_white url_block cookie_block args_check post_check ua_check file_ext_block"`
+}
--- a/backend/app/dto/request/website_ssl.go
+++ b/backend/app/dto/request/website_ssl.go
@@ -4,6 +4,7 @@ import "github.com/1Panel-dev/1Panel/backend/app/dto"

 type WebsiteSSLSearch struct {
 	dto.PageInfo
+	AcmeAccountID string `json:"acmeAccountID"`
 }

 type WebsiteSSLCreate struct {
--- a/backend/app/dto/response/app.go
+++ b/backend/app/dto/response/app.go
@@ -48,6 +48,13 @@ type AppDetailDTO struct {
 	Image  string      `json:"image"`
 }

+type IgnoredApp struct {
+	Icon     string `json:"icon"`
+	Name     string `json:"name"`
+	Version  string `json:"version"`
+	DetailID uint   `json:"detailID"`
+}
+
 type AppInstalledDTO struct {
 	model.AppInstall
 	Total     int    `json:"total"`
--- a/backend/app/dto/response/host_tool.go
+++ b/backend/app/dto/response/host_tool.go
@@ -0,0 +1,41 @@
+package response
+
+type HostToolRes struct {
+	Type   string      `json:"type"`
+	Config interface{} `json:"config"`
+}
+
+type Supervisor struct {
+	ConfigPath  string `json:"configPath"`
+	IncludeDir  string `json:"includeDir"`
+	LogPath     string `json:"logPath"`
+	IsExist     bool   `json:"isExist"`
+	Init        bool   `json:"init"`
+	Msg         string `json:"msg"`
+	Version     string `json:"version"`
+	Status      string `json:"status"`
+	CtlExist    bool   `json:"ctlExist"`
+	ServiceName string `json:"serviceName"`
+}
+
+type HostToolConfig struct {
+	Content string `json:"content"`
+}
+
+type SupervisorProcessConfig struct {
+	Name     string          `json:"name"`
+	Command  string          `json:"command"`
+	User     string          `json:"user"`
+	Dir      string          `json:"dir"`
+	Numprocs string          `json:"numprocs"`
+	Msg      string          `json:"msg"`
+	Status   []ProcessStatus `json:"status"`
+}
+
+type ProcessStatus struct {
+	Name   string `json:"name"`
+	Status string `json:"status"`
+	PID    string `json:"PID"`
+	Uptime string `json:"uptime"`
+	Msg    string `json:"msg"`
+}
--- a/backend/app/dto/response/nginx.go
+++ b/backend/app/dto/response/nginx.go
@@ -34,3 +34,22 @@ type NginxAntiLeechRes struct {
 	LogEnable   bool     `json:"logEnable"`
 	Blocked     bool     `json:"blocked"`
 }
+
+type NginxRedirectConfig struct {
+	WebsiteID    uint     `json:"websiteID"`
+	Name         string   `json:"name"`
+	Domains      []string `json:"domains"`
+	KeepPath     bool     `json:"keepPath"`
+	Enable       bool     `json:"enable"`
+	Type         string   `json:"type"`
+	Redirect     string   `json:"redirect"`
+	Path         string   `json:"path"`
+	Target       string   `json:"target"`
+	FilePath     string   `json:"filePath"`
+	Content      string   `json:"content"`
+	RedirectRoot bool     `json:"redirectRoot"`
+}
+
+type NginxFile struct {
+	Content string `json:"content"`
+}
--- a/backend/app/dto/response/website.go
+++ b/backend/app/dto/response/website.go
@@ -26,9 +26,8 @@ type WebsiteNginxConfig struct {
 }

 type WebsiteWafConfig struct {
-	Enable   bool   `json:"enable"`
-	FilePath string `json:"filePath"`
-	Content  string `json:"content"`
+	Enable  bool   `json:"enable"`
+	Content string `json:"content"`
 }

 type WebsiteHTTPS struct {
--- a/backend/app/dto/setting.go
+++ b/backend/app/dto/setting.go
@@ -5,6 +5,7 @@ import "time"
 type SettingInfo struct {
 	UserName      string `json:"userName"`
 	Email         string `json:"email"`
+	SystemIP      string `json:"systemIP"`
 	SystemVersion string `json:"systemVersion"`

 	SessionTimeout string `json:"sessionTimeout"`
@@ -28,6 +29,7 @@ type SettingInfo struct {
 	ComplexityVerification string `json:"complexityVerification"`
 	MFAStatus              string `json:"mfaStatus"`
 	MFASecret              string `json:"mfaSecret"`
+	MFAInterval            string `json:"mfaInterval"`

 	MonitorStatus    string `json:"monitorStatus"`
 	MonitorInterval  string `json:"monitorInterval"`
@@ -74,7 +76,7 @@ type PortUpdate struct {
 }

 type SnapshotCreate struct {
-	From        string `json:"from" validate:"required,oneof=OSS S3 SFTP MINIO COS KODO"`
+	From        string `json:"from" validate:"required,oneof=OSS S3 SFTP MINIO COS KODO OneDrive"`
 	Description string `json:"description" validate:"max=256"`
 }
 type SnapshotRecover struct {
--- a/backend/app/model/app_detail.go
+++ b/backend/app/model/app_detail.go
@@ -12,4 +12,5 @@ type AppDetail struct {
 	DownloadUrl         string `json:"downloadUrl"  gorm:"type:varchar;"`
 	DownloadCallBackUrl string `json:"downloadCallBackUrl" gorm:"type:longtext;"`
 	Update              bool   `json:"update"`
+	IgnoreUpgrade       bool   `json:"ignoreUpgrade"`
 }
--- a/backend/app/model/backup.go
+++ b/backend/app/model/backup.go
@@ -6,6 +6,7 @@ type BackupAccount struct {
 	Bucket     string `gorm:"type:varchar(256)" json:"bucket"`
 	AccessKey  string `gorm:"type:varchar(256)" json:"accessKey"`
 	Credential string `gorm:"type:varchar(256)" json:"credential"`
+	BackupPath string `gorm:"type:varchar(256)" json:"backupPath"`
 	Vars       string `gorm:"type:longText" json:"vars"`
 }

--- a/backend/app/model/cronjob.go
+++ b/backend/app/model/cronjob.go
@@ -15,6 +15,7 @@ type Cronjob struct {
 	Minute   uint64 `gorm:"type:decimal" json:"minute"`
 	Second   uint64 `gorm:"type:decimal" json:"second"`

+	ContainerName  string `gorm:"type:varchar(64)" json:"containerName"`
 	Script         string `gorm:"longtext" json:"script"`
 	Website        string `gorm:"type:varchar(64)" json:"website"`
 	DBName         string `gorm:"type:varchar(64)" json:"dbName"`
--- a/backend/app/model/database_mysql.go
+++ b/backend/app/model/database_mysql.go
@@ -3,6 +3,7 @@ package model
 type DatabaseMysql struct {
 	BaseModel
 	Name        string `json:"name" gorm:"type:varchar(256);not null"`
+	From        string `json:"from" gorm:"type:varchar(256);not null;default:local"`
 	MysqlName   string `json:"mysqlName" gorm:"type:varchar(64);not null"`
 	Format      string `json:"format" gorm:"type:varchar(64);not null"`
 	Username    string `json:"username" gorm:"type:varchar(256);not null"`
--- a/backend/app/model/remote_db.go
+++ b/backend/app/model/remote_db.go
@@ -0,0 +1,14 @@
+package model
+
+type RemoteDB struct {
+	BaseModel
+	Name        string `json:"name" gorm:"type:varchar(64);not null"`
+	Type        string `json:"type" gorm:"type:varchar(64);not null"`
+	Version     string `json:"version" gorm:"type:varchar(64);not null"`
+	From        string `json:"from" gorm:"type:varchar(64);not null"`
+	Address     string `json:"address" gorm:"type:varchar(64);not null"`
+	Port        uint   `json:"port" gorm:"type:decimal;not null"`
+	Username    string `json:"username" gorm:"type:varchar(64)"`
+	Password    string `json:"password" gorm:"type:varchar(64)"`
+	Description string `json:"description" gorm:"type:varchar(256);"`
+}
--- a/backend/app/repo/app_detail.go
+++ b/backend/app/repo/app_detail.go
@@ -13,6 +13,7 @@ type AppDetailRepo struct {
 type IAppDetailRepo interface {
 	WithVersion(version string) DBOption
 	WithAppId(id uint) DBOption
+	WithIgnored() DBOption
 	GetFirst(opts ...DBOption) (model.AppDetail, error)
 	Update(ctx context.Context, detail model.AppDetail) error
 	BatchCreate(ctx context.Context, details []model.AppDetail) error
@@ -31,12 +32,19 @@ func (a AppDetailRepo) WithVersion(version string) DBOption {
 		return g.Where("version = ?", version)
 	}
 }
+
 func (a AppDetailRepo) WithAppId(id uint) DBOption {
 	return func(g *gorm.DB) *gorm.DB {
 		return g.Where("app_id = ?", id)
 	}
 }

+func (a AppDetailRepo) WithIgnored() DBOption {
+	return func(g *gorm.DB) *gorm.DB {
+		return g.Where("ignore_upgrade = 1")
+	}
+}
+
 func (a AppDetailRepo) GetFirst(opts ...DBOption) (model.AppDetail, error) {
 	var detail model.AppDetail
 	err := getDb(opts...).Model(&model.AppDetail{}).Find(&detail).Error
--- a/backend/app/repo/app_install.go
+++ b/backend/app/repo/app_install.go
@@ -126,7 +126,7 @@ func (a *AppInstallRepo) Create(ctx context.Context, install *model.AppInstall)
 }

 func (a *AppInstallRepo) Save(ctx context.Context, install *model.AppInstall) error {
-	return getTx(ctx).Omit(clause.Associations).Save(&install).Error
+	return getTx(ctx).Save(&install).Error
 }

 func (a *AppInstallRepo) DeleteBy(opts ...DBOption) error {
@@ -192,10 +192,19 @@ func (a *AppInstallRepo) LoadBaseInfo(key string, name string) (*RootInfo, error
 	if err := json.Unmarshal([]byte(appInstall.Env), &envMap); err != nil {
 		return nil, err
 	}
-	password, ok := envMap["PANEL_DB_ROOT_PASSWORD"].(string)
-	if ok {
-		info.Password = password
+	switch app.Key {
+	case "mysql":
+		password, ok := envMap["PANEL_DB_ROOT_PASSWORD"].(string)
+		if ok {
+			info.Password = password
+		}
+	case "redis":
+		password, ok := envMap["PANEL_REDIS_ROOT_PASSWORD"].(string)
+		if ok {
+			info.Password = password
+		}
 	}
+
 	userPassword, ok := envMap["PANEL_DB_USER_PASSWORD"].(string)
 	if ok {
 		info.UserPassword = userPassword
--- a/backend/app/repo/common.go
+++ b/backend/app/repo/common.go
@@ -2,6 +2,7 @@ package repo

 import (
 	"context"
+	"fmt"
 	"time"

 	"github.com/1Panel-dev/1Panel/backend/constant"
@@ -16,6 +17,7 @@ type ICommonRepo interface {
 	WithByName(name string) DBOption
 	WithByType(tp string) DBOption
 	WithOrderBy(orderStr string) DBOption
+	WithOrderRuleBy(orderBy, order string) DBOption
 	WithByGroupID(groupID uint) DBOption
 	WithLikeName(name string) DBOption
 	WithIdsIn(ids []uint) DBOption
@@ -93,6 +95,21 @@ func (c *CommonRepo) WithOrderBy(orderStr string) DBOption {
 	}
 }

+func (c *CommonRepo) WithOrderRuleBy(orderBy, order string) DBOption {
+	switch order {
+	case constant.OrderDesc:
+		order = "desc"
+	case constant.OrderAsc:
+		order = "asc"
+	default:
+		orderBy = "created_at"
+		order = "desc"
+	}
+	return func(g *gorm.DB) *gorm.DB {
+		return g.Order(fmt.Sprintf("%s %s", orderBy, order))
+	}
+}
+
 func (c *CommonRepo) WithIdsIn(ids []uint) DBOption {
 	return func(g *gorm.DB) *gorm.DB {
 		return g.Where("id in (?)", ids)
--- a/backend/app/repo/compose_template.go
+++ b/backend/app/repo/compose_template.go
@@ -15,6 +15,7 @@ type IComposeTemplateRepo interface {
 	Update(id uint, vars map[string]interface{}) error
 	Delete(opts ...DBOption) error

+	GetRecord(opts ...DBOption) (model.Compose, error)
 	CreateRecord(compose *model.Compose) error
 	DeleteRecord(opts ...DBOption) error
 	ListRecord() ([]model.Compose, error)
@@ -72,6 +73,16 @@ func (u *ComposeTemplateRepo) Delete(opts ...DBOption) error {
 	return db.Delete(&model.ComposeTemplate{}).Error
 }

+func (u *ComposeTemplateRepo) GetRecord(opts ...DBOption) (model.Compose, error) {
+	var compose model.Compose
+	db := global.DB
+	for _, opt := range opts {
+		db = opt(db)
+	}
+	err := db.First(&compose).Error
+	return compose, err
+}
+
 func (u *ComposeTemplateRepo) ListRecord() ([]model.Compose, error) {
 	var composes []model.Compose
 	if err := global.DB.Find(&composes).Error; err != nil {
--- a/backend/app/repo/cronjob.go
+++ b/backend/app/repo/cronjob.go
@@ -83,7 +83,7 @@ func (u *CronjobRepo) Page(page, size int, opts ...DBOption) (int64, []model.Cro
 	}
 	count := int64(0)
 	db = db.Count(&count)
-	err := db.Order("created_at desc").Limit(size).Offset(size * (page - 1)).Find(&cronjobs).Error
+	err := db.Limit(size).Offset(size * (page - 1)).Find(&cronjobs).Error
 	return count, cronjobs, err
 }

--- a/backend/app/repo/databse_mysql.go
+++ b/backend/app/repo/databse_mysql.go
@@ -13,13 +13,14 @@ type MysqlRepo struct{}
 type IMysqlRepo interface {
 	Get(opts ...DBOption) (model.DatabaseMysql, error)
 	WithByMysqlName(mysqlName string) DBOption
+	WithByFrom(from string) DBOption
 	List(opts ...DBOption) ([]model.DatabaseMysql, error)
 	Page(limit, offset int, opts ...DBOption) (int64, []model.DatabaseMysql, error)
 	Create(ctx context.Context, mysql *model.DatabaseMysql) error
 	Delete(ctx context.Context, opts ...DBOption) error
 	Update(id uint, vars map[string]interface{}) error
 	UpdateDatabaseInfo(id uint, vars map[string]interface{}) error
-	DeleteAll(ctx context.Context) error
+	DeleteLocal(ctx context.Context) error
 }

 func NewIMysqlRepo() IMysqlRepo {
@@ -66,8 +67,8 @@ func (u *MysqlRepo) Delete(ctx context.Context, opts ...DBOption) error {
 	return getTx(ctx, opts...).Delete(&model.DatabaseMysql{}).Error
 }

-func (u *MysqlRepo) DeleteAll(ctx context.Context) error {
-	return getTx(ctx).Where("1 = 1").Delete(&model.DatabaseMysql{}).Error
+func (u *MysqlRepo) DeleteLocal(ctx context.Context) error {
+	return getTx(ctx).Where("`from` = ?", "local").Delete(&model.DatabaseMysql{}).Error
 }

 func (u *MysqlRepo) Update(id uint, vars map[string]interface{}) error {
@@ -86,3 +87,12 @@ func (u *MysqlRepo) WithByMysqlName(mysqlName string) DBOption {
 		return g.Where("mysql_name = ?", mysqlName)
 	}
 }
+
+func (u *MysqlRepo) WithByFrom(from string) DBOption {
+	return func(g *gorm.DB) *gorm.DB {
+		if len(from) != 0 {
+			return g.Where("`from` = ?", from)
+		}
+		return g
+	}
+}
--- a/backend/app/repo/remote_db.go
+++ b/backend/app/repo/remote_db.go
@@ -0,0 +1,84 @@
+package repo
+
+import (
+	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/global"
+	"gorm.io/gorm"
+)
+
+type RemoteDBRepo struct{}
+
+type IRemoteDBRepo interface {
+	GetList(opts ...DBOption) ([]model.RemoteDB, error)
+	Page(limit, offset int, opts ...DBOption) (int64, []model.RemoteDB, error)
+	Create(database *model.RemoteDB) error
+	Update(id uint, vars map[string]interface{}) error
+	Delete(opts ...DBOption) error
+	Get(opts ...DBOption) (model.RemoteDB, error)
+	WithByFrom(from string) DBOption
+	WithoutByFrom(from string) DBOption
+}
+
+func NewIRemoteDBRepo() IRemoteDBRepo {
+	return &RemoteDBRepo{}
+}
+
+func (u *RemoteDBRepo) Get(opts ...DBOption) (model.RemoteDB, error) {
+	var database model.RemoteDB
+	db := global.DB
+	for _, opt := range opts {
+		db = opt(db)
+	}
+	err := db.First(&database).Error
+	return database, err
+}
+
+func (u *RemoteDBRepo) Page(page, size int, opts ...DBOption) (int64, []model.RemoteDB, error) {
+	var users []model.RemoteDB
+	db := global.DB.Model(&model.RemoteDB{})
+	for _, opt := range opts {
+		db = opt(db)
+	}
+	count := int64(0)
+	db = db.Count(&count)
+	err := db.Limit(size).Offset(size * (page - 1)).Find(&users).Error
+	return count, users, err
+}
+
+func (u *RemoteDBRepo) GetList(opts ...DBOption) ([]model.RemoteDB, error) {
+	var databases []model.RemoteDB
+	db := global.DB.Model(&model.RemoteDB{})
+	for _, opt := range opts {
+		db = opt(db)
+	}
+	err := db.Find(&databases).Error
+	return databases, err
+}
+
+func (c *RemoteDBRepo) WithByFrom(from string) DBOption {
+	return func(g *gorm.DB) *gorm.DB {
+		return g.Where("`from` == ?", from)
+	}
+}
+
+func (c *RemoteDBRepo) WithoutByFrom(from string) DBOption {
+	return func(g *gorm.DB) *gorm.DB {
+		return g.Where("`from` != ?", from)
+	}
+}
+
+func (u *RemoteDBRepo) Create(database *model.RemoteDB) error {
+	return global.DB.Create(database).Error
+}
+
+func (u *RemoteDBRepo) Update(id uint, vars map[string]interface{}) error {
+	return global.DB.Model(&model.RemoteDB{}).Where("id = ?", id).Updates(vars).Error
+}
+
+func (u *RemoteDBRepo) Delete(opts ...DBOption) error {
+	db := global.DB
+	for _, opt := range opts {
+		db = opt(db)
+	}
+	return db.Delete(&model.RemoteDB{}).Error
+}
--- a/backend/app/service/app.go
+++ b/backend/app/service/app.go
@@ -24,6 +24,7 @@ import (
 	"os"
 	"path"
 	"strconv"
+	"strings"
 )

 type AppService struct {
@@ -39,6 +40,7 @@ type IAppService interface {
 	GetAppUpdate() (*response.AppUpdateRes, error)
 	GetAppDetailByID(id uint) (*response.AppDetailDTO, error)
 	SyncAppListFromLocal()
+	GetIgnoredApp() ([]response.IgnoredApp, error)
 }

 func NewIAppService() IAppService {
@@ -82,12 +84,16 @@ func (a AppService) PageApp(req request.AppSearch) (interface{}, error) {
 		return nil, err
 	}
 	var appDTOs []*response.AppDTO
-	for _, a := range apps {
+	for _, ap := range apps {
+		ap.ReadMe = ""
+		ap.Website = ""
+		ap.Document = ""
+		ap.Github = ""
 		appDTO := &response.AppDTO{
-			App: a,
+			App: ap,
 		}
 		appDTOs = append(appDTOs, appDTO)
-		appTags, err := appTagRepo.GetByAppId(a.ID)
+		appTags, err := appTagRepo.GetByAppId(ap.ID)
 		if err != nil {
 			continue
 		}
@@ -100,7 +106,7 @@ func (a AppService) PageApp(req request.AppSearch) (interface{}, error) {
 			continue
 		}
 		appDTO.Tags = tags
-		installs, _ := appInstallRepo.ListBy(appInstallRepo.WithAppId(a.ID))
+		installs, _ := appInstallRepo.ListBy(appInstallRepo.WithAppId(ap.ID))
 		appDTO.Installed = len(installs) > 0
 	}
 	res.Items = appDTOs
@@ -163,7 +169,7 @@ func (a AppService) GetAppDetail(appId uint, version, appType string) (response.
 		}
 		fileOp := files.NewFileOp()
 		versionPath := path.Join(constant.AppResourceDir, app.Resource, app.Key, detail.Version)
-		if !fileOp.Stat(versionPath) {
+		if !fileOp.Stat(versionPath) || detail.Update {
 			if err = downloadApp(app, detail, nil); err != nil {
 				return appDetailDTO, err
 			}
@@ -232,6 +238,27 @@ func (a AppService) GetAppDetailByID(id uint) (*response.AppDetailDTO, error) {
 	return res, nil
 }

+func (a AppService) GetIgnoredApp() ([]response.IgnoredApp, error) {
+	var res []response.IgnoredApp
+	details, _ := appDetailRepo.GetBy(appDetailRepo.WithIgnored())
+	if len(details) == 0 {
+		return res, nil
+	}
+	for _, detail := range details {
+		app, err := appRepo.GetFirst(commonRepo.WithByID(detail.AppId))
+		if err != nil {
+			return nil, err
+		}
+		res = append(res, response.IgnoredApp{
+			Name:     app.Name,
+			Version:  detail.Version,
+			DetailID: detail.ID,
+			Icon:     app.Icon,
+		})
+	}
+	return res, nil
+}
+
 func (a AppService) Install(ctx context.Context, req request.AppInstallCreate) (appInstall *model.AppInstall, err error) {
 	if err = docker.CreateDefaultDockerNetwork(); err != nil {
 		err = buserr.WithDetail(constant.Err1PanelNetworkFailed, err.Error(), nil)
@@ -247,14 +274,23 @@ func (a AppService) Install(ctx context.Context, req request.AppInstallCreate) (
 		appDetail model.AppDetail
 		app       model.App
 	)
-	httpPort, err = checkPort("PANEL_APP_PORT_HTTP", req.Params)
-	if err != nil {
-		return
-	}
-	httpsPort, err = checkPort("PANEL_APP_PORT_HTTPS", req.Params)
-	if err != nil {
-		return
+	for key := range req.Params {
+		if !strings.Contains(key, "PANEL_APP_PORT") {
+			continue
+		}
+		var port int
+		if port, err = checkPort(key, req.Params); err == nil {
+			if key == "PANEL_APP_PORT_HTTP" {
+				httpPort = port
+			}
+			if key == "PANEL_APP_PORT_HTTPS" {
+				httpsPort = port
+			}
+		} else {
+			return
+		}
 	}
+
 	appDetail, err = appDetailRepo.GetFirst(commonRepo.WithByID(req.AppDetailId))
 	if err != nil {
 		return
@@ -470,9 +506,13 @@ func (a AppService) SyncAppListFromLocal() {
 				oldDetail, exist := appDetails[version]
 				if exist {
 					newDetail.ID = oldDetail.ID
+					delete(appDetails, version)
 				}
 				app.Details[i] = newDetail
 			}
+			for _, v := range appDetails {
+				app.Details = append(app.Details, v)
+			}
 		}
 		app.TagsKey = append(app.TagsKey, constant.AppResourceLocal)
 		apps[app.Key] = app
@@ -623,6 +663,7 @@ func (a AppService) GetAppUpdate() (*response.AppUpdateRes, error) {
 		return nil, err
 	}
 	appStoreLastModified, _ := strconv.Atoi(setting.AppStoreLastModified)
+	res.AppStoreLastModified = appStoreLastModified
 	if setting.AppStoreLastModified == "" || lastModified != appStoreLastModified {
 		res.CanUpdate = true
 		return res, err
@@ -647,13 +688,13 @@ func getAppFromRepo(downloadPath string) error {
 	return nil
 }

-func (a AppService) SyncAppListFromRemote() error {
+func (a AppService) SyncAppListFromRemote() (err error) {
 	updateRes, err := a.GetAppUpdate()
 	if err != nil {
 		return err
 	}
 	if !updateRes.CanUpdate {
-		return nil
+		return
 	}
 	if err = getAppFromRepo(fmt.Sprintf("%s/%s/1panel.json.zip", global.CONF.System.AppRepo, global.CONF.System.Mode)); err != nil {
 		return err
@@ -664,10 +705,20 @@ func (a AppService) SyncAppListFromRemote() error {
 		return err
 	}
 	list := &dto.AppList{}
-	if err := json.Unmarshal(content, list); err != nil {
+	if err = json.Unmarshal(content, list); err != nil {
+		return
+	}
+
+	if err = NewISettingService().Update("AppStoreLastModified", strconv.Itoa(list.LastModified)); err != nil {
 		return err
 	}

+	defer func() {
+		if err != nil {
+			_ = NewISettingService().Update("AppStoreLastModified", strconv.Itoa(updateRes.AppStoreLastModified))
+		}
+	}()
+
 	var (
 		tags      []*model.Tag
 		appTags   []*model.AppTag
@@ -681,7 +732,7 @@ func (a AppService) SyncAppListFromRemote() error {
 	}
 	oldApps, err := appRepo.GetBy(appRepo.WithResource(constant.AppResourceRemote))
 	if err != nil {
-		return err
+		return
 	}
 	for _, old := range oldApps {
 		oldAppIds = append(oldAppIds, old.ID)
@@ -730,10 +781,8 @@ func (a AppService) SyncAppListFromRemote() error {
 			detail.Params = string(paramByte)
 			detail.DownloadUrl = v.DownloadUrl
 			detail.DownloadCallBackUrl = v.DownloadCallBackUrl
-			if v.LastModified > detail.LastModified {
-				detail.Update = true
-				detail.LastModified = v.LastModified
-			}
+			detail.Update = true
+			detail.LastModified = v.LastModified
 			detailsMap[version] = detail
 		}
 		var newDetails []model.AppDetail
@@ -772,32 +821,32 @@ func (a AppService) SyncAppListFromRemote() error {
 	tx, ctx := getTxAndContext()
 	defer tx.Rollback()
 	if len(addAppArray) > 0 {
-		if err := appRepo.BatchCreate(ctx, addAppArray); err != nil {
-			return err
+		if err = appRepo.BatchCreate(ctx, addAppArray); err != nil {
+			return
 		}
 	}
 	if len(deleteAppArray) > 0 {
-		if err := appRepo.BatchDelete(ctx, deleteAppArray); err != nil {
-			return err
+		if err = appRepo.BatchDelete(ctx, deleteAppArray); err != nil {
+			return
 		}
-		if err := appDetailRepo.DeleteByAppIds(ctx, deleteIds); err != nil {
-			return err
+		if err = appDetailRepo.DeleteByAppIds(ctx, deleteIds); err != nil {
+			return
 		}
 	}
-	if err := tagRepo.DeleteAll(ctx); err != nil {
-		return err
+	if err = tagRepo.DeleteAll(ctx); err != nil {
+		return
 	}
 	if len(tags) > 0 {
-		if err := tagRepo.BatchCreate(ctx, tags); err != nil {
-			return err
+		if err = tagRepo.BatchCreate(ctx, tags); err != nil {
+			return
 		}
 		for _, t := range tags {
 			tagMap[t.Key] = t.ID
 		}
 	}
 	for _, update := range updateAppArray {
-		if err := appRepo.Save(ctx, &update); err != nil {
-			return err
+		if err = appRepo.Save(ctx, &update); err != nil {
+			return
 		}
 	}
 	apps := append(addAppArray, updateAppArray...)
@@ -841,35 +890,32 @@ func (a AppService) SyncAppListFromRemote() error {
 		}
 	}
 	if len(addDetails) > 0 {
-		if err := appDetailRepo.BatchCreate(ctx, addDetails); err != nil {
-			return err
+		if err = appDetailRepo.BatchCreate(ctx, addDetails); err != nil {
+			return
 		}
 	}
 	if len(deleteDetails) > 0 {
-		if err := appDetailRepo.BatchDelete(ctx, deleteDetails); err != nil {
-			return err
+		if err = appDetailRepo.BatchDelete(ctx, deleteDetails); err != nil {
+			return
 		}
 	}
 	for _, u := range updateDetails {
-		if err := appDetailRepo.Update(ctx, u); err != nil {
-			return err
+		if err = appDetailRepo.Update(ctx, u); err != nil {
+			return
 		}
 	}

 	if len(oldAppIds) > 0 {
-		if err := appTagRepo.DeleteByAppIds(ctx, oldAppIds); err != nil {
-			return err
+		if err = appTagRepo.DeleteByAppIds(ctx, oldAppIds); err != nil {
+			return
 		}
 	}

 	if len(appTags) > 0 {
-		if err := appTagRepo.BatchCreate(ctx, appTags); err != nil {
-			return err
+		if err = appTagRepo.BatchCreate(ctx, appTags); err != nil {
+			return
 		}
 	}
 	tx.Commit()
-	if err := NewISettingService().Update("AppStoreLastModified", strconv.Itoa(list.LastModified)); err != nil {
-		return err
-	}
-	return nil
+	return
 }
--- a/backend/app/service/app_install.go
+++ b/backend/app/service/app_install.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/1Panel-dev/1Panel/backend/i18n"
 	"math"
 	"os"
 	"path"
@@ -45,6 +46,7 @@ type IAppInstallService interface {
 	SearchForWebsite(req request.AppInstalledSearch) ([]response.AppInstalledDTO, error)
 	Operate(req request.AppInstalledOperate) error
 	Update(req request.AppInstalledUpdate) error
+	IgnoreUpgrade(req request.AppInstalledIgnoreUpgrade) error
 	SyncAll(systemInit bool) error
 	GetServices(key string) ([]response.AppService, error)
 	GetUpdateVersions(installId uint) ([]dto.AppVersion, error)
@@ -59,7 +61,12 @@ func NewIAppInstalledService() IAppInstallService {
 }

 func (a *AppInstallService) Page(req request.AppInstalledSearch) (int64, []response.AppInstalledDTO, error) {
-	var opts []repo.DBOption
+	var (
+		opts     []repo.DBOption
+		total    int64
+		installs []model.AppInstall
+		err      error
+	)

 	if req.Name != "" {
 		opts = append(opts, commonRepo.WithLikeName(req.Name))
@@ -85,15 +92,25 @@ func (a *AppInstallService) Page(req request.AppInstalledSearch) (int64, []respo
 		opts = append(opts, appInstallRepo.WithAppIdsIn(appIds))
 	}

-	total, installs, err := appInstallRepo.Page(req.Page, req.PageSize, opts...)
-	if err != nil {
-		return 0, nil, err
+	if req.Update {
+		installs, err = appInstallRepo.ListBy(opts...)
+		if err != nil {
+			return 0, nil, err
+		}
+	} else {
+		total, installs, err = appInstallRepo.Page(req.Page, req.PageSize, opts...)
+		if err != nil {
+			return 0, nil, err
+		}
 	}

 	installDTOs, err := handleInstalled(installs, req.Update)
 	if err != nil {
 		return 0, nil, err
 	}
+	if req.Update {
+		total = int64(len(installDTOs))
+	}

 	return total, installDTOs, nil
 }
@@ -219,7 +236,7 @@ func (a *AppInstallService) Operate(req request.AppInstalledOperate) error {
 	case constant.Sync:
 		return syncById(install.ID)
 	case constant.Upgrade:
-		return upgradeInstall(install.ID, req.DetailId)
+		return upgradeInstall(install.ID, req.DetailId, req.Backup)
 	default:
 		return errors.New("operate not support")
 	}
@@ -352,6 +369,15 @@ func (a *AppInstallService) Update(req request.AppInstalledUpdate) error {
 	return nil
 }

+func (a *AppInstallService) IgnoreUpgrade(req request.AppInstalledIgnoreUpgrade) error {
+	appDetail, err := appDetailRepo.GetFirst(commonRepo.WithByID(req.DetailID))
+	if err != nil {
+		return err
+	}
+	appDetail.IgnoreUpgrade = req.Operate == "ignore"
+	return appDetailRepo.Update(context.Background(), appDetail)
+}
+
 func (a *AppInstallService) SyncAll(systemInit bool) error {
 	allList, err := appInstallRepo.ListBy()
 	if err != nil {
@@ -366,8 +392,10 @@ func (a *AppInstallService) SyncAll(systemInit bool) error {
 			}
 			continue
 		}
-		if err := syncById(i.ID); err != nil {
-			global.LOG.Errorf("sync install app[%s] error,mgs: %s", i.Name, err.Error())
+		if !systemInit {
+			if err := syncById(i.ID); err != nil {
+				global.LOG.Errorf("sync install app[%s] error,mgs: %s", i.Name, err.Error())
+			}
 		}
 	}
 	return nil
@@ -412,6 +440,9 @@ func (a *AppInstallService) GetUpdateVersions(installId uint) ([]dto.AppVersion,
 		return versions, err
 	}
 	for _, detail := range details {
+		if detail.IgnoreUpgrade {
+			continue
+		}
 		if common.IsCrossVersion(install.Version, detail.Version) && !app.CrossVersionUpdate {
 			continue
 		}
@@ -538,10 +569,10 @@ func (a *AppInstallService) GetParams(id uint) (*response.AppConfig, error) {
 	if err != nil {
 		return nil, err
 	}
-	if err := json.Unmarshal([]byte(detail.Params), &appForm); err != nil {
+	if err = json.Unmarshal([]byte(detail.Params), &appForm); err != nil {
 		return nil, err
 	}
-	if err := json.Unmarshal([]byte(install.Env), &envs); err != nil {
+	if err = json.Unmarshal([]byte(install.Env), &envs); err != nil {
 		return nil, err
 	}
 	for _, form := range appForm.FormFields {
@@ -571,12 +602,26 @@ func (a *AppInstallService) GetParams(id uint) (*response.AppConfig, error) {
 				appParam.Values = form.Values
 			}
 			params = append(params, appParam)
+		} else {
+			params = append(params, response.AppParam{
+				Edit:    form.Edit,
+				Key:     form.EnvKey,
+				Rule:    form.Rule,
+				Type:    form.Type,
+				LabelZh: form.LabelZh,
+				LabelEn: form.LabelEn,
+				Value:   form.Default,
+				Values:  form.Values,
+			})
 		}
 	}

 	config := getAppCommonConfig(envs)
 	config.DockerCompose = install.DockerCompose
 	res.Params = params
+	if config.ContainerName == "" {
+		config.ContainerName = install.ContainerName
+	}
 	res.AppContainerConfig = config
 	return &res, nil
 }
@@ -589,12 +634,10 @@ func syncById(installId uint) error {
 	if appInstall.Status == constant.Installing {
 		return nil
 	}
-
 	containerNames, err := getContainerNames(appInstall)
 	if err != nil {
 		return err
 	}
-
 	cli, err := docker.NewClient()
 	if err != nil {
 		return err
@@ -620,16 +663,16 @@ func syncById(installId uint) error {
 			errorContainers = append(errorContainers, n.Names[0])
 		}
 	}
-	for _, old := range containerNames {
+	for _, name := range containerNames {
 		exist := false
-		for _, new := range containers {
-			if common.ExistWithStrArray(old, new.Names) {
+		for _, container := range containers {
+			if common.ExistWithStrArray(name, container.Names) {
 				exist = true
 				break
 			}
 		}
 		if !exist {
-			notFoundContainers = append(notFoundContainers, old)
+			notFoundContainers = append(notFoundContainers, name)
 		}
 	}

@@ -642,10 +685,10 @@ func syncById(installId uint) error {

 	if containerCount == 0 {
 		appInstall.Status = constant.Error
-		appInstall.Message = "container is not found"
+		appInstall.Message = i18n.GetMsgWithMap("ErrContainerNotFound", map[string]interface{}{"name": strings.Join(containerNames, ",")})
 		return appInstallRepo.Save(context.Background(), &appInstall)
 	}
-	if errCount == 0 && existedCount == 0 {
+	if errCount == 0 && existedCount == 0 && notFoundCount == 0 {
 		appInstall.Status = constant.Running
 		return appInstallRepo.Save(context.Background(), &appInstall)
 	}
@@ -660,22 +703,14 @@ func syncById(installId uint) error {
 		appInstall.Status = constant.UnHealthy
 	}

-	var errMsg strings.Builder
+	var errMsg string
 	if errCount > 0 {
-		errMsg.Write([]byte(string(rune(errCount)) + " error containers:"))
-		for _, e := range errorContainers {
-			errMsg.Write([]byte(e))
-		}
-		errMsg.Write([]byte("\n"))
+		errMsg += i18n.GetMsgWithMap("ErrContainerMsg", map[string]interface{}{"name": strings.Join(errorContainers, ",")})
 	}
 	if notFoundCount > 0 {
-		errMsg.Write([]byte(string(rune(notFoundCount)) + " not found containers:"))
-		for _, e := range notFoundContainers {
-			errMsg.Write([]byte(e))
-		}
-		errMsg.Write([]byte("\n"))
+		errMsg += i18n.GetMsgWithMap("ErrContainerNotFound", map[string]interface{}{"name": strings.Join(notFoundContainers, ",")})
 	}
-	appInstall.Message = errMsg.String()
+	appInstall.Message = errMsg
 	return appInstallRepo.Save(context.Background(), &appInstall)
 }

@@ -696,7 +731,11 @@ func updateInstallInfoInDB(appKey, appName, param string, isRestart bool, value
 	envKey := ""
 	switch param {
 	case "password":
-		envKey = "PANEL_DB_ROOT_PASSWORD="
+		if appKey == "mysql" {
+			envKey = "PANEL_DB_ROOT_PASSWORD="
+		} else {
+			envKey = "PANEL_REDIS_ROOT_PASSWORD="
+		}
 	case "port":
 		envKey = "PANEL_APP_PORT_HTTP="
 	case "user-password":
@@ -725,6 +764,10 @@ func updateInstallInfoInDB(appKey, appName, param string, isRestart bool, value
 	if param == "password" {
 		oldVal = fmt.Sprintf("\"PANEL_DB_ROOT_PASSWORD\":\"%v\"", appInstall.Password)
 		newVal = fmt.Sprintf("\"PANEL_DB_ROOT_PASSWORD\":\"%v\"", value)
+		if appKey == "redis" {
+			oldVal = fmt.Sprintf("\"PANEL_REDIS_ROOT_PASSWORD\":\"%v\"", appInstall.Password)
+			newVal = fmt.Sprintf("\"PANEL_REDIS_ROOT_PASSWORD\":\"%v\"", value)
+		}
 		_ = appInstallRepo.BatchUpdateBy(map[string]interface{}{
 			"param": strings.ReplaceAll(appInstall.Param, oldVal, newVal),
 			"env":   strings.ReplaceAll(appInstall.Env, oldVal, newVal),
--- a/backend/app/service/app_utils.go
+++ b/backend/app/service/app_utils.go
@@ -5,12 +5,6 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
-	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
-	"github.com/1Panel-dev/1Panel/backend/i18n"
-	"github.com/compose-spec/compose-go/types"
-	"github.com/subosito/gotenv"
-	"gopkg.in/yaml.v3"
 	"math"
 	"net/http"
 	"os"
@@ -21,6 +15,12 @@ import (
 	"strconv"
 	"strings"

+	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
+	"github.com/1Panel-dev/1Panel/backend/i18n"
+	"github.com/subosito/gotenv"
+	"gopkg.in/yaml.v3"
+
 	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/utils/env"

@@ -49,7 +49,20 @@ var (
 func checkPort(key string, params map[string]interface{}) (int, error) {
 	port, ok := params[key]
 	if ok {
-		portN := int(math.Ceil(port.(float64)))
+		portN := 0
+		var err error
+		switch p := port.(type) {
+		case string:
+			portN, err = strconv.Atoi(p)
+			if err != nil {
+				return portN, nil
+			}
+		case float64:
+			portN = int(math.Ceil(p))
+		case int:
+			portN = p
+		}
+
 		oldInstalled, _ := appInstallRepo.ListBy(appInstallRepo.WithPort(portN))
 		if len(oldInstalled) > 0 {
 			var apps []string
@@ -70,20 +83,33 @@ func checkPort(key string, params map[string]interface{}) (int, error) {
 func createLink(ctx context.Context, app model.App, appInstall *model.AppInstall, params map[string]interface{}) error {
 	var dbConfig dto.AppDatabase
 	if app.Type == "runtime" {
-		var authParam dto.AuthParam
-		paramByte, err := json.Marshal(params)
-		if err != nil {
-			return err
-		}
-		if err := json.Unmarshal(paramByte, &authParam); err != nil {
-			return err
-		}
-		if authParam.RootPassword != "" {
-			authByte, err := json.Marshal(authParam)
-			if err != nil {
-				return err
+		switch app.Key {
+		case "mysql", "mariadb", "postgresql":
+			if password, ok := params["PANEL_DB_ROOT_PASSWORD"]; ok {
+				if password != "" {
+					authParam := dto.AuthParam{
+						RootPassword: password.(string),
+					}
+					authByte, err := json.Marshal(authParam)
+					if err != nil {
+						return err
+					}
+					appInstall.Param = string(authByte)
+				}
+			}
+		case "redis":
+			if password, ok := params["PANEL_REDIS_ROOT_PASSWORD"]; ok {
+				if password != "" {
+					authParam := dto.RedisAuthParam{
+						RootPassword: password.(string),
+					}
+					authByte, err := json.Marshal(authParam)
+					if err != nil {
+						return err
+					}
+					appInstall.Param = string(authByte)
+				}
 			}
-			appInstall.Param = string(authByte)
 		}
 	}
 	if app.Type == "website" || app.Type == "tool" {
@@ -91,7 +117,7 @@ func createLink(ctx context.Context, app model.App, appInstall *model.AppInstall
 		if err != nil {
 			return err
 		}
-		if err := json.Unmarshal(paramByte, &dbConfig); err != nil {
+		if err = json.Unmarshal(paramByte, &dbConfig); err != nil {
 			return err
 		}
 	}
@@ -104,7 +130,7 @@ func createLink(ctx context.Context, app model.App, appInstall *model.AppInstall
 		var resourceId uint
 		if dbConfig.DbName != "" && dbConfig.DbUser != "" && dbConfig.Password != "" {
 			iMysqlRepo := repo.NewIMysqlRepo()
-			oldMysqlDb, _ := iMysqlRepo.Get(commonRepo.WithByName(dbConfig.DbName))
+			oldMysqlDb, _ := iMysqlRepo.Get(commonRepo.WithByName(dbConfig.DbName), iMysqlRepo.WithByFrom(constant.ResourceLocal))
 			resourceId = oldMysqlDb.ID
 			if oldMysqlDb.ID > 0 {
 				if oldMysqlDb.Username != dbConfig.DbUser || oldMysqlDb.Password != dbConfig.Password {
@@ -117,6 +143,7 @@ func createLink(ctx context.Context, app model.App, appInstall *model.AppInstall
 				createMysql.Format = "utf8mb4"
 				createMysql.Permission = "%"
 				createMysql.Password = dbConfig.Password
+				createMysql.From = "local"
 				mysqldb, err := NewIMysqlService().Create(ctx, createMysql)
 				if err != nil {
 					return err
@@ -173,15 +200,15 @@ func deleteAppInstall(install model.AppInstall, deleteBackup bool, forceDelete b
 	_ = backupRepo.DeleteRecord(ctx, commonRepo.WithByType("app"), commonRepo.WithByName(install.App.Key), backupRepo.WithByDetailName(install.Name))
 	_ = backupRepo.DeleteRecord(ctx, commonRepo.WithByType(install.App.Key))
 	if install.App.Key == constant.AppMysql {
-		_ = mysqlRepo.DeleteAll(ctx)
+		_ = mysqlRepo.DeleteLocal(ctx)
 	}
-	uploadDir := fmt.Sprintf("%s/1panel/uploads/app/%s/%s", global.CONF.System.BaseDir, install.App.Key, install.Name)
+	uploadDir := path.Join(global.CONF.System.BaseDir, fmt.Sprintf("1panel/uploads/app/%s/%s", install.App.Key, install.Name))
 	if _, err := os.Stat(uploadDir); err == nil {
 		_ = os.RemoveAll(uploadDir)
 	}
 	if deleteBackup {
 		localDir, _ := loadLocalDir()
-		backupDir := fmt.Sprintf("%s/app/%s/%s", localDir, install.App.Key, install.Name)
+		backupDir := path.Join(localDir, fmt.Sprintf("app/%s/%s", install.App.Key, install.Name))
 		if _, err := os.Stat(backupDir); err == nil {
 			_ = os.RemoveAll(backupDir)
 		}
@@ -215,7 +242,7 @@ func deleteLink(ctx context.Context, install *model.AppInstall, deleteDB bool, f
 	return appInstallResourceRepo.DeleteBy(ctx, appInstallResourceRepo.WithAppInstallId(install.ID))
 }

-func upgradeInstall(installId uint, detailId uint) error {
+func upgradeInstall(installId uint, detailId uint, backup bool) error {
 	install, err := appInstallRepo.GetFirst(commonRepo.WithByID(installId))
 	if err != nil {
 		return err
@@ -227,13 +254,14 @@ func upgradeInstall(installId uint, detailId uint) error {
 	if install.Version == detail.Version {
 		return errors.New("two version is same")
 	}
-	if err := NewIBackupService().AppBackup(dto.CommonBackup{Name: install.App.Key, DetailName: install.Name}); err != nil {
-		return err
-	}
-
 	install.Status = constant.Upgrading

 	go func() {
+		if backup {
+			if err = NewIBackupService().AppBackup(dto.CommonBackup{Name: install.App.Key, DetailName: install.Name}); err != nil {
+				global.LOG.Errorf(i18n.GetMsgWithMap("ErrAppBackup", map[string]interface{}{"name": install.Name, "err": err.Error()}))
+			}
+		}
 		var upErr error
 		defer func() {
 			if upErr != nil {
@@ -256,15 +284,10 @@ func upgradeInstall(installId uint, detailId uint) error {
 			detailDir = path.Join(constant.ResourceDir, "apps", "local", strings.TrimPrefix(install.App.Key, "local"), detail.Version)
 		}

-		cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("cp -rf %s/* %s", detailDir, install.GetPath()))
-		stdout, err := cmd.CombinedOutput()
-		if err != nil {
-			if stdout != nil {
-				upErr = errors.New(string(stdout))
-				return
-			}
-			upErr = err
-			return
+		cmd := exec.Command("/bin/bash", "-c", fmt.Sprintf("cp -rn %s/* %s || true", detailDir, install.GetPath()))
+		stdout, _ := cmd.CombinedOutput()
+		if stdout != nil {
+			global.LOG.Errorf("upgrade app [%s] [%s] cp file log : %s ", install.App.Key, install.Name, string(stdout))
 		}

 		composeMap := make(map[string]interface{})
@@ -318,6 +341,24 @@ func upgradeInstall(installId uint, detailId uint) error {
 		install.Version = detail.Version
 		install.AppDetailId = detailId

+		images, err := getImages(install)
+		if err != nil {
+			upErr = err
+			return
+		}
+		dockerCli, err := composeV2.NewClient()
+		if err != nil {
+			upErr = err
+			return
+		}
+
+		for _, image := range images {
+			if err = dockerCli.PullImage(image, true); err != nil {
+				upErr = buserr.WithNameAndErr("ErrDockerPullImage", "", err)
+				return
+			}
+		}
+
 		if out, err := compose.Down(install.GetComposePath()); err != nil {
 			if out != "" {
 				upErr = errors.New(out)
@@ -359,7 +400,6 @@ func getContainerNames(install model.AppInstall) ([]string, error) {
 		return nil, err
 	}
 	containerMap := make(map[string]struct{})
-	containerMap[install.ContainerName] = struct{}{}
 	for _, service := range project.AllServices() {
 		if service.ContainerName == "${CONTAINER_NAME}" || service.ContainerName == "" {
 			continue
@@ -370,9 +410,32 @@ func getContainerNames(install model.AppInstall) ([]string, error) {
 	for k := range containerMap {
 		containerNames = append(containerNames, k)
 	}
+	if len(containerNames) == 0 {
+		containerNames = append(containerNames, install.ContainerName)
+	}
 	return containerNames, nil
 }

+func getImages(install model.AppInstall) ([]string, error) {
+	envStr, err := coverEnvJsonToStr(install.Env)
+	if err != nil {
+		return nil, err
+	}
+	project, err := composeV2.GetComposeProject(install.Name, install.GetPath(), []byte(install.DockerCompose), []byte(envStr), true)
+	if err != nil {
+		return nil, err
+	}
+	imagesMap := make(map[string]struct{})
+	for _, service := range project.AllServices() {
+		imagesMap[service.Image] = struct{}{}
+	}
+	var images []string
+	for k := range imagesMap {
+		images = append(images, k)
+	}
+	return images, nil
+}
+
 func coverEnvJsonToStr(envJson string) (string, error) {
 	envMap := make(map[string]interface{})
 	_ = json.Unmarshal([]byte(envJson), &envMap)
@@ -513,36 +576,19 @@ func copyData(app model.App, appDetail model.AppDetail, appInstall *model.AppIns

 // 处理文件夹权限等问题
 func upAppPre(app model.App, appInstall *model.AppInstall) error {
-	if app.Key == "nexus" {
-		dataPath := path.Join(appInstall.GetPath(), "data")
-		if err := files.NewFileOp().Chown(dataPath, 200, 0); err != nil {
-			return err
-		}
+	dataPath := path.Join(appInstall.GetPath(), "data")
+	fileOp := files.NewFileOp()
+	switch app.Key {
+	case "nexus":
+		return fileOp.ChownR(dataPath, "200", "0", true)
+	case "sftpgo":
+		return fileOp.ChownR(dataPath, "1000", "1000", true)
+	case "pgadmin4":
+		return fileOp.ChownR(dataPath, "5050", "5050", true)
 	}
 	return nil
 }

-func getServiceFromInstall(appInstall *model.AppInstall) (service *composeV2.ComposeService, err error) {
-	var (
-		project *types.Project
-		envStr  string
-	)
-	envStr, err = coverEnvJsonToStr(appInstall.Env)
-	if err != nil {
-		return
-	}
-	project, err = composeV2.GetComposeProject(appInstall.Name, appInstall.GetPath(), []byte(appInstall.DockerCompose), []byte(envStr), true)
-	if err != nil {
-		return
-	}
-	service, err = composeV2.NewComposeService()
-	if err != nil {
-		return
-	}
-	service.SetProject(project)
-	return
-}
-
 func checkContainerNameIsExist(containerName, appDir string) (bool, error) {
 	client, err := composeV2.NewDockerClient()
 	if err != nil {
@@ -571,13 +617,30 @@ func checkContainerNameIsExist(containerName, appDir string) (bool, error) {
 func upApp(appInstall *model.AppInstall) {
 	upProject := func(appInstall *model.AppInstall) (err error) {
 		if err == nil {
-			var composeService *composeV2.ComposeService
-			composeService, err = getServiceFromInstall(appInstall)
-			if err != nil {
-				return err
+			var (
+				out    string
+				errMsg string
+			)
+			if appInstall.App.Type != "php" {
+				out, err = compose.Pull(appInstall.GetComposePath())
+				if err != nil {
+					if out != "" {
+						if strings.Contains(out, "no such host") {
+							errMsg = i18n.GetMsgByKey("ErrNoSuchHost") + ":"
+						}
+						if strings.Contains(out, "timeout") {
+							errMsg = i18n.GetMsgByKey("ErrImagePullTimeOut") + ":"
+						}
+						appInstall.Message = errMsg + out
+					}
+					return err
+				}
 			}
-			err = composeService.ComposeUp()
+			out, err = compose.Up(appInstall.GetComposePath())
 			if err != nil {
+				if out != "" {
+					appInstall.Message = errMsg + out
+				}
 				return err
 			}
 			return
@@ -587,7 +650,6 @@ func upApp(appInstall *model.AppInstall) {
 	}
 	if err := upProject(appInstall); err != nil {
 		appInstall.Status = constant.Error
-		appInstall.Message = err.Error()
 	} else {
 		appInstall.Status = constant.Running
 	}
@@ -751,7 +813,7 @@ func handleErr(install model.AppInstall, err error, out string) error {
 func handleInstalled(appInstallList []model.AppInstall, updated bool) ([]response.AppInstalledDTO, error) {
 	var res []response.AppInstalledDTO
 	for _, installed := range appInstallList {
-		if updated && installed.App.Type == "php" {
+		if updated && (installed.App.Type == "php" || installed.Status == constant.Installing || (installed.App.Key == constant.AppMysql && installed.Version == "5.6.51")) {
 			continue
 		}
 		installDTO := response.AppInstalledDTO{
@@ -768,12 +830,18 @@ func handleInstalled(appInstallList []model.AppInstall, updated bool) ([]respons
 		}
 		var versions []string
 		for _, detail := range details {
+			if detail.IgnoreUpgrade {
+				continue
+			}
 			if common.IsCrossVersion(installed.Version, detail.Version) && !app.CrossVersionUpdate {
 				continue
 			}
 			versions = append(versions, detail.Version)
 		}
 		versions = common.GetSortedVersions(versions)
+		if len(versions) == 0 {
+			continue
+		}
 		lastVersion := versions[0]
 		if common.IsCrossVersion(installed.Version, lastVersion) {
 			installDTO.CanUpdate = app.CrossVersionUpdate
--- a/backend/app/service/auth.go
+++ b/backend/app/service/auth.go
@@ -48,10 +48,12 @@ func (u *AuthService) Login(c *gin.Context, info dto.Login) (*dto.UserLoginInfo,
 	if err != nil {
 		return nil, err
 	}
+	if err = settingRepo.Update("Language", info.Language); err != nil {
+		return nil, err
+	}
 	if mfa.Value == "enable" {
 		return &dto.UserLoginInfo{Name: nameSetting.Value, MfaStatus: mfa.Value}, nil
 	}
-
 	return u.generateSession(c, info.Name, info.AuthMethod)
 }

@@ -76,7 +78,11 @@ func (u *AuthService) MFALogin(c *gin.Context, info dto.MFALogin) (*dto.UserLogi
 	if err != nil {
 		return nil, err
 	}
-	success := mfa.ValidCode(info.Code, mfaSecret.Value)
+	mfaInterval, err := settingRepo.Get(settingRepo.WithByKey("MFAInterval"))
+	if err != nil {
+		return nil, err
+	}
+	success := mfa.ValidCode(info.Code, mfaInterval.Value, mfaSecret.Value)
 	if !success {
 		return nil, constant.ErrAuth
 	}
--- a/backend/app/service/backup.go
+++ b/backend/app/service/backup.go
@@ -2,8 +2,12 @@ package service

 import (
 	"context"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"io"
+	"net/http"
+	"net/url"
 	"os"
 	"path"
 	"strings"
@@ -24,6 +28,7 @@ type BackupService struct{}
 type IBackupService interface {
 	List() ([]dto.BackupInfo, error)
 	SearchRecordsWithPage(search dto.RecordSearch) (int64, []dto.BackupRecords, error)
+	LoadOneDriveInfo() (string, error)
 	DownloadRecord(info dto.DownloadRecord) (string, error)
 	Create(backupDto dto.BackupOperate) error
 	GetBuckets(backupDto dto.ForBuckets) ([]interface{}, error)
@@ -32,7 +37,7 @@ type IBackupService interface {
 	BatchDeleteRecord(ids []uint) error
 	NewClient(backup *model.BackupAccount) (cloud_storage.CloudStorageClient, error)

-	ListFiles(req dto.BackupSearchFile) ([]interface{}, error)
+	ListFiles(req dto.BackupSearchFile) ([]string, error)

 	MysqlBackup(db dto.CommonBackup) error
 	MysqlRecover(db dto.CommonRecover) error
@@ -62,6 +67,7 @@ func (u *BackupService) List() ([]dto.BackupInfo, error) {
 	dtobas = append(dtobas, u.loadByType("MINIO", ops))
 	dtobas = append(dtobas, u.loadByType("COS", ops))
 	dtobas = append(dtobas, u.loadByType("KODO", ops))
+	dtobas = append(dtobas, u.loadByType("OneDrive", ops))
 	return dtobas, err
 }

@@ -84,6 +90,18 @@ func (u *BackupService) SearchRecordsWithPage(search dto.RecordSearch) (int64, [
 	return total, dtobas, err
 }

+func (u *BackupService) LoadOneDriveInfo() (string, error) {
+	OneDriveID, err := settingRepo.Get(settingRepo.WithByKey("OneDriveID"))
+	if err != nil {
+		return "", err
+	}
+	idItem, err := base64.StdEncoding.DecodeString(OneDriveID.Value)
+	if err != nil {
+		return "", err
+	}
+	return string(idItem), err
+}
+
 func (u *BackupService) DownloadRecord(info dto.DownloadRecord) (string, error) {
 	if info.Source == "LOCAL" {
 		return info.FileDir + "/" + info.FileName, nil
@@ -96,7 +114,6 @@ func (u *BackupService) DownloadRecord(info dto.DownloadRecord) (string, error)
 	if err := json.Unmarshal([]byte(backup.Vars), &varMap); err != nil {
 		return "", err
 	}
-	varMap["type"] = backup.Type
 	varMap["bucket"] = backup.Bucket
 	switch backup.Type {
 	case constant.Sftp:
@@ -105,8 +122,10 @@ func (u *BackupService) DownloadRecord(info dto.DownloadRecord) (string, error)
 	case constant.OSS, constant.S3, constant.MinIo, constant.Cos, constant.Kodo:
 		varMap["accessKey"] = backup.AccessKey
 		varMap["secretKey"] = backup.Credential
+	case constant.OneDrive:
+		varMap["accessToken"] = backup.Credential
 	}
-	backClient, err := cloud_storage.NewCloudStorageClient(varMap)
+	backClient, err := cloud_storage.NewCloudStorageClient(backup.Type, varMap)
 	if err != nil {
 		return "", fmt.Errorf("new cloud storage client failed, err: %v", err)
 	}
@@ -117,6 +136,11 @@ func (u *BackupService) DownloadRecord(info dto.DownloadRecord) (string, error)
 		}
 	}
 	srcPath := fmt.Sprintf("%s/%s", info.FileDir, info.FileName)
+	if len(backup.BackupPath) != 0 {
+		itemPath := strings.TrimPrefix(backup.BackupPath, "/")
+		itemPath = strings.TrimSuffix(itemPath, "/") + "/"
+		srcPath = itemPath + srcPath
+	}
 	if exist, _ := backClient.Exist(srcPath); exist {
 		isOK, err := backClient.Download(srcPath, targetPath)
 		if !isOK {
@@ -134,6 +158,12 @@ func (u *BackupService) Create(backupDto dto.BackupOperate) error {
 	if err := copier.Copy(&backup, &backupDto); err != nil {
 		return errors.WithMessage(constant.ErrStructTransform, err.Error())
 	}
+
+	if backupDto.Type == constant.OneDrive {
+		if err := u.loadAccessToken(&backup); err != nil {
+			return err
+		}
+	}
 	if err := backupRepo.Create(&backup); err != nil {
 		return err
 	}
@@ -145,7 +175,6 @@ func (u *BackupService) GetBuckets(backupDto dto.ForBuckets) ([]interface{}, err
 	if err := json.Unmarshal([]byte(backupDto.Vars), &varMap); err != nil {
 		return nil, err
 	}
-	varMap["type"] = backupDto.Type
 	switch backupDto.Type {
 	case constant.Sftp:
 		varMap["username"] = backupDto.AccessKey
@@ -154,7 +183,7 @@ func (u *BackupService) GetBuckets(backupDto dto.ForBuckets) ([]interface{}, err
 		varMap["accessKey"] = backupDto.AccessKey
 		varMap["secretKey"] = backupDto.Credential
 	}
-	client, err := cloud_storage.NewCloudStorageClient(varMap)
+	client, err := cloud_storage.NewCloudStorageClient(backupDto.Type, varMap)
 	if err != nil {
 		return nil, err
 	}
@@ -214,7 +243,17 @@ func (u *BackupService) Update(req dto.BackupOperate) error {
 	upMap := make(map[string]interface{})
 	upMap["bucket"] = req.Bucket
 	upMap["credential"] = req.Credential
+	upMap["backup_path"] = req.BackupPath
 	upMap["vars"] = req.Vars
+	backup.Vars = req.Vars
+
+	if req.Type == constant.OneDrive {
+		if err := u.loadAccessToken(&backup); err != nil {
+			return err
+		}
+		upMap["credential"] = backup.Credential
+		upMap["vars"] = backup.Vars
+	}
 	if err := backupRepo.Update(req.ID, upMap); err != nil {
 		return err
 	}
@@ -234,7 +273,7 @@ func (u *BackupService) Update(req dto.BackupOperate) error {
 	return nil
 }

-func (u *BackupService) ListFiles(req dto.BackupSearchFile) ([]interface{}, error) {
+func (u *BackupService) ListFiles(req dto.BackupSearchFile) ([]string, error) {
 	backup, err := backupRepo.Get(backupRepo.WithByType(req.Type))
 	if err != nil {
 		return nil, err
@@ -243,7 +282,21 @@ func (u *BackupService) ListFiles(req dto.BackupSearchFile) ([]interface{}, erro
 	if err != nil {
 		return nil, err
 	}
-	return client.ListObjects("system_snapshot/")
+	prefix := "system_snapshot"
+	if len(backup.BackupPath) != 0 {
+		prefix = path.Join(strings.TrimPrefix(backup.BackupPath, "/"), prefix)
+	}
+	files, err := client.ListObjects(prefix)
+	if err != nil {
+		return nil, err
+	}
+	var datas []string
+	for _, file := range files {
+		if len(file) != 0 {
+			datas = append(datas, path.Base(file))
+		}
+	}
+	return datas, nil
 }

 func (u *BackupService) NewClient(backup *model.BackupAccount) (cloud_storage.CloudStorageClient, error) {
@@ -251,7 +304,6 @@ func (u *BackupService) NewClient(backup *model.BackupAccount) (cloud_storage.Cl
 	if err := json.Unmarshal([]byte(backup.Vars), &varMap); err != nil {
 		return nil, err
 	}
-	varMap["type"] = backup.Type
 	if backup.Type == "LOCAL" {
 		return nil, errors.New("not support")
 	}
@@ -263,9 +315,11 @@ func (u *BackupService) NewClient(backup *model.BackupAccount) (cloud_storage.Cl
 	case constant.OSS, constant.S3, constant.MinIo, constant.Cos, constant.Kodo:
 		varMap["accessKey"] = backup.AccessKey
 		varMap["secretKey"] = backup.Credential
+	case constant.OneDrive:
+		varMap["accessToken"] = backup.Credential
 	}

-	backClient, err := cloud_storage.NewCloudStorageClient(varMap)
+	backClient, err := cloud_storage.NewCloudStorageClient(backup.Type, varMap)
 	if err != nil {
 		return nil, err
 	}
@@ -286,6 +340,53 @@ func (u *BackupService) loadByType(accountType string, accounts []model.BackupAc
 	return dto.BackupInfo{Type: accountType}
 }

+func (u *BackupService) loadAccessToken(backup *model.BackupAccount) error {
+	varMap := make(map[string]interface{})
+	if err := json.Unmarshal([]byte(backup.Vars), &varMap); err != nil {
+		return fmt.Errorf("unmarshal backup vars failed, err: %v", err)
+	}
+
+	data := url.Values{}
+	data.Set("client_id", global.CONF.System.OneDriveID)
+	data.Set("client_secret", global.CONF.System.OneDriveSc)
+	data.Set("grant_type", "authorization_code")
+	data.Set("code", varMap["code"].(string))
+	data.Set("redirect_uri", constant.OneDriveRedirectURI)
+	client := &http.Client{}
+	req, err := http.NewRequest("POST", "https://login.microsoftonline.com/common/oauth2/v2.0/token", strings.NewReader(data.Encode()))
+	if err != nil {
+		return fmt.Errorf("new http post client for access token failed, err: %v", err)
+	}
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	resp, err := client.Do(req)
+	if err != nil {
+		return fmt.Errorf("request for access token failed, err: %v", err)
+	}
+	delete(varMap, "code")
+	respBody, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return fmt.Errorf("read data from response body failed, err: %v", err)
+	}
+	defer resp.Body.Close()
+
+	token := map[string]interface{}{}
+	if err := json.Unmarshal(respBody, &token); err != nil {
+		return fmt.Errorf("unmarshal data from response body failed, err: %v", err)
+	}
+	accessToken, ok := token["refresh_token"].(string)
+	if !ok {
+		return errors.New("no such access token in response")
+	}
+
+	itemVars, err := json.Marshal(varMap)
+	if err != nil {
+		return fmt.Errorf("json marshal var map failed, err: %v", err)
+	}
+	backup.Credential = accessToken
+	backup.Vars = string(itemVars)
+	return nil
+}
+
 func loadLocalDir() (string, error) {
 	backup, err := backupRepo.Get(commonRepo.WithByType("LOCAL"))
 	if err != nil {
--- a/backend/app/service/backup_app.go
+++ b/backend/app/service/backup_app.go
@@ -34,7 +34,7 @@ func (u *BackupService) AppBackup(req dto.CommonBackup) error {
 	}
 	timeNow := time.Now().Format("20060102150405")

-	backupDir := fmt.Sprintf("%s/app/%s/%s", localDir, req.Name, req.DetailName)
+	backupDir := path.Join(localDir, fmt.Sprintf("app/%s/%s", req.Name, req.DetailName))

 	fileName := fmt.Sprintf("%s_%s.tar.gz", req.DetailName, timeNow)
 	if err := handleAppBackup(&install, backupDir, fileName); err != nil {
@@ -104,18 +104,16 @@ func handleAppBackup(install *model.AppInstall, backupDir, fileName string) erro
 		return err
 	}

-	resource, _ := appInstallResourceRepo.GetFirst(appInstallResourceRepo.WithAppInstallId(install.ID))
-	if resource.ID != 0 && resource.ResourceId != 0 {
-		mysqlInfo, err := appInstallRepo.LoadBaseInfo(constant.AppMysql, "")
-		if err != nil {
-			return err
-		}
-		db, err := mysqlRepo.Get(commonRepo.WithByID(resource.ResourceId))
-		if err != nil {
-			return err
-		}
-		if err := handleMysqlBackup(mysqlInfo, tmpDir, db.Name, fmt.Sprintf("%s.sql.gz", install.Name)); err != nil {
-			return err
+	resources, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithAppInstallId(install.ID))
+	for _, resource := range resources {
+		if resource.Key == "mysql" {
+			db, err := mysqlRepo.Get(commonRepo.WithByID(resource.ResourceId))
+			if err != nil {
+				return err
+			}
+			if err := handleMysqlBackup(db.MysqlName, db.Name, tmpDir, fmt.Sprintf("%s.sql.gz", install.Name)); err != nil {
+				return err
+			}
 		}
 	}

@@ -153,7 +151,7 @@ func handleAppRecover(install *model.AppInstall, recoverFile string, isRollback
 	}

 	if !isRollback {
-		rollbackFile := fmt.Sprintf("%s/original/app/%s_%s.tar.gz", global.CONF.System.BaseDir, install.Name, time.Now().Format("20060102150405"))
+		rollbackFile := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("app/%s_%s.tar.gz", install.Name, time.Now().Format("20060102150405")))
 		if err := handleAppBackup(install, path.Dir(rollbackFile), path.Base(rollbackFile)); err != nil {
 			return fmt.Errorf("backup app %s for rollback before recover failed, err: %v", install.Name, err)
 		}
@@ -173,41 +171,55 @@ func handleAppRecover(install *model.AppInstall, recoverFile string, isRollback
 	}

 	newEnvFile := ""
-	resource, _ := appInstallResourceRepo.GetFirst(appInstallResourceRepo.WithAppInstallId(install.ID))
-	if resource.ID != 0 && install.App.Key != "mysql" {
-		mysqlInfo, err := appInstallRepo.LoadBaseInfo(resource.Key, "")
-		if err != nil {
-			return err
-		}
-		db, err := mysqlRepo.Get(commonRepo.WithByID(resource.ResourceId))
-		if err != nil {
-			return err
-		}
+	resources, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithAppInstallId(install.ID))
+	for _, resource := range resources {
+		if resource.Key == "mysql" {
+			mysqlInfo, err := appInstallRepo.LoadBaseInfo(resource.Key, "")
+			if err != nil {
+				return err
+			}
+			db, err := mysqlRepo.Get(commonRepo.WithByID(resource.ResourceId))
+			if err != nil {
+				return err
+			}

-		newDB, envMap, err := reCreateDB(db.ID, oldInstall.Env)
-		if err != nil {
-			return err
-		}
-		oldHost := fmt.Sprintf("\"PANEL_DB_HOST\":\"%v\"", envMap["PANEL_DB_HOST"].(string))
-		newHost := fmt.Sprintf("\"PANEL_DB_HOST\":\"%v\"", mysqlInfo.ServiceName)
-		oldInstall.Env = strings.ReplaceAll(oldInstall.Env, oldHost, newHost)
-		envMap["PANEL_DB_HOST"] = mysqlInfo.ServiceName
-		newEnvFile, err = coverEnvJsonToStr(oldInstall.Env)
-		if err != nil {
-			return err
-		}
-		_ = appInstallResourceRepo.BatchUpdateBy(map[string]interface{}{"resource_id": newDB.ID}, commonRepo.WithByID(resource.ID))
+			newDB, envMap, err := reCreateDB(db.ID, oldInstall.Env)
+			if err != nil {
+				return err
+			}
+			oldHost := fmt.Sprintf("\"PANEL_DB_HOST\":\"%v\"", envMap["PANEL_DB_HOST"].(string))
+			newHost := fmt.Sprintf("\"PANEL_DB_HOST\":\"%v\"", mysqlInfo.ServiceName)
+			oldInstall.Env = strings.ReplaceAll(oldInstall.Env, oldHost, newHost)
+			envMap["PANEL_DB_HOST"] = mysqlInfo.ServiceName
+			newEnvFile, err = coverEnvJsonToStr(oldInstall.Env)
+			if err != nil {
+				return err
+			}
+			_ = appInstallResourceRepo.BatchUpdateBy(map[string]interface{}{"resource_id": newDB.ID}, commonRepo.WithByID(resource.ID))

-		if err := handleMysqlRecover(mysqlInfo, tmpPath, newDB.Name, fmt.Sprintf("%s.sql.gz", install.Name), true); err != nil {
-			global.LOG.Errorf("handle recover from sql.gz failed, err: %v", err)
-			return err
+			if err := handleMysqlRecover(dto.CommonRecover{
+				Name:       newDB.MysqlName,
+				DetailName: newDB.Name,
+				File:       fmt.Sprintf("%s/%s.sql.gz", tmpPath, install.Name),
+			}, true); err != nil {
+				global.LOG.Errorf("handle recover from sql.gz failed, err: %v", err)
+				return err
+			}
 		}
 	}

+	appDir := install.GetPath()
+	backPath := fmt.Sprintf("%s_bak", appDir)
+	_ = fileOp.Rename(appDir, backPath)
+	_ = fileOp.CreateDir(appDir, 0755)
+
 	if err := handleUnTar(tmpPath+"/app.tar.gz", fmt.Sprintf("%s/%s", constant.AppInstallDir, install.App.Key)); err != nil {
 		global.LOG.Errorf("handle recover from app.tar.gz failed, err: %v", err)
+		_ = fileOp.DeleteDir(appDir)
+		_ = fileOp.Rename(backPath, appDir)
 		return err
 	}
+	_ = fileOp.DeleteDir(backPath)

 	if len(newEnvFile) != 0 {
 		envPath := fmt.Sprintf("%s/%s/%s/.env", constant.AppInstallDir, install.App.Key, install.Name)
@@ -223,11 +235,13 @@ func handleAppRecover(install *model.AppInstall, recoverFile string, isRollback
 	oldInstall.Status = constant.StatusRunning
 	oldInstall.AppId = install.AppId
 	oldInstall.AppDetailId = install.AppDetailId
+	oldInstall.App.ID = install.AppId
 	if err := appInstallRepo.Save(context.Background(), &oldInstall); err != nil {
 		global.LOG.Errorf("save db app install failed, err: %v", err)
 		return err
 	}
 	isOk = true
+
 	return nil
 }

@@ -245,6 +259,7 @@ func reCreateDB(dbID uint, oldEnv string) (*model.DatabaseMysql, map[string]inte
 	oldPassword, _ := envMap["PANEL_DB_USER_PASSWORD"].(string)
 	createDB, err := mysqlService.Create(context.Background(), dto.MysqlDBCreate{
 		Name:       oldName,
+		From:       "local",
 		Format:     "utf8mb4",
 		Username:   oldUser,
 		Password:   oldPassword,
--- a/backend/app/service/backup_mysql.go
+++ b/backend/app/service/backup_mysql.go
@@ -1,10 +1,8 @@
 package service

 import (
-	"compress/gzip"
 	"fmt"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -12,9 +10,9 @@ import (

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
-	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/files"
+	"github.com/1Panel-dev/1Panel/backend/utils/mysql/client"
 	"github.com/pkg/errors"
 )

@@ -23,24 +21,22 @@ func (u *BackupService) MysqlBackup(req dto.CommonBackup) error {
 	if err != nil {
 		return err
 	}
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-	if err != nil {
+
+	timeNow := time.Now().Format("20060102150405")
+	targetDir := path.Join(localDir, fmt.Sprintf("database/mysql/%s/%s", req.Name, req.DetailName))
+	fileName := fmt.Sprintf("%s_%s.sql.gz", req.DetailName, timeNow)
+
+	if err := handleMysqlBackup(req.Name, req.DetailName, targetDir, fileName); err != nil {
 		return err
 	}

-	timeNow := time.Now().Format("20060102150405")
-	backupDir := fmt.Sprintf("%s/database/mysql/%s/%s", localDir, req.Name, req.DetailName)
-	fileName := fmt.Sprintf("%s_%s.sql.gz", req.DetailName, timeNow)
-	if err := handleMysqlBackup(app, backupDir, req.DetailName, fileName); err != nil {
-		return err
-	}
 	record := &model.BackupRecord{
 		Type:       "mysql",
-		Name:       app.Name,
+		Name:       req.Name,
 		DetailName: req.DetailName,
 		Source:     "LOCAL",
 		BackupType: "LOCAL",
-		FileDir:    backupDir,
+		FileDir:    targetDir,
 		FileName:   fileName,
 	}
 	if err := backupRepo.CreateRecord(record); err != nil {
@@ -50,26 +46,13 @@ func (u *BackupService) MysqlBackup(req dto.CommonBackup) error {
 }

 func (u *BackupService) MysqlRecover(req dto.CommonRecover) error {
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-	if err != nil {
-		return err
-	}
-	fileOp := files.NewFileOp()
-	if !fileOp.Stat(req.File) {
-		return errors.New(fmt.Sprintf("%s file is not exist", req.File))
-	}
-	global.LOG.Infof("recover database %s-%s from backup file %s", req.Name, req.DetailName, req.File)
-	if err := handleMysqlRecover(app, path.Dir(req.File), req.DetailName, path.Base(req.File), false); err != nil {
+	if err := handleMysqlRecover(req, false); err != nil {
 		return err
 	}
 	return nil
 }

 func (u *BackupService) MysqlRecoverByUpload(req dto.CommonRecover) error {
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-	if err != nil {
-		return err
-	}
 	file := req.File
 	fileName := path.Base(req.File)
 	if strings.HasSuffix(fileName, ".tar.gz") {
@@ -106,77 +89,92 @@ func (u *BackupService) MysqlRecoverByUpload(req dto.CommonRecover) error {
 		}()
 	}

-	if err := handleMysqlRecover(app, path.Dir(file), req.DetailName, fileName, false); err != nil {
+	req.File = path.Dir(file) + "/" + fileName
+	if err := handleMysqlRecover(req, false); err != nil {
 		return err
 	}
 	global.LOG.Info("recover from uploads successful!")
 	return nil
 }

-func handleMysqlBackup(app *repo.RootInfo, backupDir, dbName, fileName string) error {
-	fileOp := files.NewFileOp()
-	if !fileOp.Stat(backupDir) {
-		if err := os.MkdirAll(backupDir, os.ModePerm); err != nil {
-			return fmt.Errorf("mkdir %s failed, err: %v", backupDir, err)
-		}
+func handleMysqlBackup(name, dbName, targetDir, fileName string) error {
+	dbInfo, err := mysqlRepo.Get(commonRepo.WithByName(dbName), mysqlRepo.WithByMysqlName(name))
+	if err != nil {
+		return err
+	}
+	cli, _, err := LoadMysqlClientByFrom(dbInfo.From)
+	if err != nil {
+		return err
 	}
-	outfile, _ := os.OpenFile(backupDir+"/"+fileName, os.O_RDWR|os.O_CREATE, 0755)
-	global.LOG.Infof("start to mysqldump | gzip > %s.gzip", backupDir+"/"+fileName)
-	cmd := exec.Command("docker", "exec", app.ContainerName, "mysqldump", "-uroot", "-p"+app.Password, dbName)
-	gzipCmd := exec.Command("gzip", "-cf")
-	gzipCmd.Stdin, _ = cmd.StdoutPipe()
-	gzipCmd.Stdout = outfile
-	_ = gzipCmd.Start()
-	_ = cmd.Run()
-	_ = gzipCmd.Wait()

+	backupInfo := client.BackupInfo{
+		Name:      dbName,
+		Format:    dbInfo.Format,
+		TargetDir: targetDir,
+		FileName:  fileName,
+
+		Timeout: 300,
+	}
+	if err := cli.Backup(backupInfo); err != nil {
+		return err
+	}
 	return nil
 }

-func handleMysqlRecover(mysqlInfo *repo.RootInfo, recoverDir, dbName, fileName string, isRollback bool) error {
+func handleMysqlRecover(req dto.CommonRecover, isRollback bool) error {
 	isOk := false
+	fileOp := files.NewFileOp()
+	if !fileOp.Stat(req.File) {
+		return errors.New(fmt.Sprintf("%s file is not exist", req.File))
+	}
+	dbInfo, err := mysqlRepo.Get(commonRepo.WithByName(req.DetailName), mysqlRepo.WithByMysqlName(req.Name))
+	if err != nil {
+		return err
+	}
+	cli, _, err := LoadMysqlClientByFrom(dbInfo.From)
+	if err != nil {
+		return err
+	}
+
 	if !isRollback {
-		rollbackFile := fmt.Sprintf("%s/original/database/%s_%s.sql.gz", global.CONF.System.BaseDir, mysqlInfo.Name, time.Now().Format("20060102150405"))
-		if err := handleMysqlBackup(mysqlInfo, path.Dir(rollbackFile), dbName, path.Base(rollbackFile)); err != nil {
-			return fmt.Errorf("backup mysql db %s for rollback before recover failed, err: %v", mysqlInfo.Name, err)
+		rollbackFile := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("database/mysql/%s_%s.sql.gz", req.DetailName, time.Now().Format("20060102150405")))
+		if err := cli.Backup(client.BackupInfo{
+			Name:      req.DetailName,
+			Format:    dbInfo.Format,
+			TargetDir: path.Dir(rollbackFile),
+			FileName:  path.Base(rollbackFile),
+
+			Timeout: 300,
+		}); err != nil {
+			return fmt.Errorf("backup mysql db %s for rollback before recover failed, err: %v", req.DetailName, err)
 		}
 		defer func() {
 			if !isOk {
 				global.LOG.Info("recover failed, start to rollback now")
-				if err := handleMysqlRecover(mysqlInfo, path.Dir(rollbackFile), dbName, path.Base(rollbackFile), true); err != nil {
-					global.LOG.Errorf("rollback mysql db %s from %s failed, err: %v", dbName, rollbackFile, err)
-					return
+				if err := cli.Recover(client.RecoverInfo{
+					Name:       req.DetailName,
+					Format:     dbInfo.Format,
+					SourceFile: rollbackFile,
+
+					Timeout: 300,
+				}); err != nil {
+					global.LOG.Errorf("rollback mysql db %s from %s failed, err: %v", req.DetailName, rollbackFile, err)
 				}
-				global.LOG.Infof("rollback mysql db %s from %s successful", dbName, rollbackFile)
+				global.LOG.Infof("rollback mysql db %s from %s successful", req.DetailName, rollbackFile)
 				_ = os.RemoveAll(rollbackFile)
 			} else {
 				_ = os.RemoveAll(rollbackFile)
 			}
 		}()
 	}
-	file := recoverDir + "/" + fileName
-	fi, _ := os.Open(file)
-	defer fi.Close()
-	cmd := exec.Command("docker", "exec", "-i", mysqlInfo.ContainerName, "mysql", "-uroot", "-p"+mysqlInfo.Password, dbName)
-	if strings.HasSuffix(fileName, ".gz") {
-		gzipFile, err := os.Open(file)
-		if err != nil {
-			return err
-		}
-		defer gzipFile.Close()
-		gzipReader, err := gzip.NewReader(gzipFile)
-		if err != nil {
-			return err
-		}
-		defer gzipReader.Close()
-		cmd.Stdin = gzipReader
-	} else {
-		cmd.Stdin = fi
-	}
-	stdout, err := cmd.CombinedOutput()
-	stdStr := strings.ReplaceAll(string(stdout), "mysql: [Warning] Using a password on the command line interface can be insecure.\n", "")
-	if err != nil || strings.HasPrefix(string(stdStr), "ERROR ") {
-		return errors.New(stdStr)
+	if err := cli.Recover(client.RecoverInfo{
+		Name:       req.DetailName,
+		Format:     dbInfo.Format,
+		SourceFile: req.File,
+
+		Timeout: 300,
+	}); err != nil {
+		return err
 	}
 	isOk = true
 	return nil
--- a/backend/app/service/backup_redis.go
+++ b/backend/app/service/backup_redis.go
@@ -43,7 +43,7 @@ func (u *BackupService) RedisBackup() error {
 			fileName = fmt.Sprintf("%s.tar.gz", timeNow)
 		}
 	}
-	backupDir := fmt.Sprintf("%s/database/redis/%s", localDir, redisInfo.Name)
+	backupDir := path.Join(localDir, fmt.Sprintf("database/redis/%s", redisInfo.Name))
 	if err := handleRedisBackup(redisInfo, backupDir, fileName); err != nil {
 		return err
 	}
@@ -143,7 +143,7 @@ func handleRedisRecover(redisInfo *repo.RootInfo, recoverFile string, isRollback
 				suffix = "tar.gz"
 			}
 		}
-		rollbackFile := fmt.Sprintf("%s/original/database/redis/%s_%s.%s", global.CONF.System.BaseDir, redisInfo.Name, time.Now().Format("20060102150405"), suffix)
+		rollbackFile := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("database/redis/%s_%s.%s", redisInfo.Name, time.Now().Format("20060102150405"), suffix))
 		if err := handleRedisBackup(redisInfo, path.Dir(rollbackFile), path.Base(rollbackFile)); err != nil {
 			return fmt.Errorf("backup database %s for rollback before recover failed, err: %v", redisInfo.Name, err)
 		}
--- a/backend/app/service/backup_website.go
+++ b/backend/app/service/backup_website.go
@@ -11,6 +11,7 @@ import (

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
@@ -30,7 +31,7 @@ func (u *BackupService) WebsiteBackup(req dto.CommonBackup) error {
 	}

 	timeNow := time.Now().Format("20060102150405")
-	backupDir := fmt.Sprintf("%s/website/%s", localDir, req.Name)
+	backupDir := path.Join(localDir, fmt.Sprintf("website/%s", req.Name))
 	fileName := fmt.Sprintf("%s_%s.tar.gz", website.PrimaryDomain, timeNow)
 	if err := handleWebsiteBackup(&website, backupDir, fileName); err != nil {
 		return err
@@ -80,11 +81,11 @@ func handleWebsiteRecover(website *model.Website, recoverFile string, isRollback

 	temPathWithName := tmpPath + "/" + website.Alias
 	if !fileOp.Stat(tmpPath+"/website.json") || !fileOp.Stat(temPathWithName+".conf") || !fileOp.Stat(temPathWithName+".web.tar.gz") {
-		return errors.New("the wrong recovery package does not have .conf or .web.tar.gz files")
+		return buserr.WithDetail(constant.ErrBackupExist, ".conf or .web.tar.gz", nil)
 	}
 	if website.Type == constant.Deployment {
 		if !fileOp.Stat(temPathWithName + ".app.tar.gz") {
-			return errors.New("the wrong recovery package does not have .app.tar.gz files")
+			return buserr.WithDetail(constant.ErrBackupExist, ".app.tar.gz", nil)
 		}
 	}
 	var oldWebsite model.Website
@@ -95,13 +96,14 @@ func handleWebsiteRecover(website *model.Website, recoverFile string, isRollback
 	if err := json.Unmarshal(websiteJson, &oldWebsite); err != nil {
 		return fmt.Errorf("unmarshal app.json failed, err: %v", err)
 	}
-	if oldWebsite.Alias != website.Alias || oldWebsite.Type != website.Type || oldWebsite.ID != website.ID {
-		return errors.New("the current backup file does not match the application")
+
+	if err := checkValidOfWebsite(&oldWebsite, website); err != nil {
+		return err
 	}

 	isOk := false
 	if !isRollback {
-		rollbackFile := fmt.Sprintf("%s/original/website/%s_%s.tar.gz", global.CONF.System.BaseDir, website.Alias, time.Now().Format("20060102150405"))
+		rollbackFile := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("website/%s_%s.tar.gz", website.Alias, time.Now().Format("20060102150405")))
 		if err := handleWebsiteBackup(website, path.Dir(rollbackFile), path.Base(rollbackFile)); err != nil {
 			return fmt.Errorf("backup website %s for rollback before recover failed, err: %v", website.Alias, err)
 		}
@@ -155,6 +157,7 @@ func handleWebsiteRecover(website *model.Website, recoverFile string, isRollback
 		return errors.New(string(stdout))
 	}

+	oldWebsite.ID = website.ID
 	if err := websiteRepo.SaveWithoutCtx(&oldWebsite); err != nil {
 		global.LOG.Errorf("handle save website data failed, err: %v", err)
 		return err
@@ -212,3 +215,26 @@ func handleWebsiteBackup(website *model.Website, backupDir, fileName string) err

 	return nil
 }
+
+func checkValidOfWebsite(oldWebsite, website *model.Website) error {
+	if oldWebsite.Alias != website.Alias || oldWebsite.Type != website.Type {
+		return buserr.WithDetail(constant.ErrBackupMatch, fmt.Sprintf("oldName: %s, oldType: %v", oldWebsite.Alias, oldWebsite.Type), nil)
+	}
+	if oldWebsite.AppInstallID != 0 {
+		_, err := appInstallRepo.GetFirst(commonRepo.WithByID(website.AppInstallID))
+		if err != nil {
+			return buserr.WithDetail(constant.ErrBackupMatch, "app", nil)
+		}
+	}
+	if oldWebsite.RuntimeID != 0 {
+		if _, err := runtimeRepo.GetFirst(commonRepo.WithByID(website.RuntimeID)); err != nil {
+			return buserr.WithDetail(constant.ErrBackupMatch, "runtime", nil)
+		}
+	}
+	if oldWebsite.WebsiteSSLID != 0 {
+		if _, err := websiteSSLRepo.GetFirst(commonRepo.WithByID(website.WebsiteSSLID)); err != nil {
+			return buserr.WithDetail(constant.ErrBackupMatch, "ssl", nil)
+		}
+	}
+	return nil
+}
--- a/backend/app/service/container.go
+++ b/backend/app/service/container.go
@@ -3,11 +3,12 @@ package service
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"os"
 	"os/exec"
+	"path"
+	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
@@ -18,6 +19,7 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/1Panel-dev/1Panel/backend/utils/common"
 	"github.com/1Panel-dev/1Panel/backend/utils/docker"
 	"github.com/docker/docker/api/types"
@@ -26,24 +28,34 @@ import (
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/nat"
+	"github.com/gorilla/websocket"
 	v1 "github.com/opencontainers/image-spec/specs-go/v1"
+	"github.com/shirou/gopsutil/v3/cpu"
+	"github.com/shirou/gopsutil/v3/mem"
 )

 type ContainerService struct{}

 type IContainerService interface {
 	Page(req dto.PageContainer) (int64, interface{}, error)
+	List() ([]string, error)
 	PageNetwork(req dto.SearchWithPage) (int64, interface{}, error)
+	ListNetwork() ([]dto.Options, error)
 	PageVolume(req dto.SearchWithPage) (int64, interface{}, error)
 	ListVolume() ([]dto.Options, error)
 	PageCompose(req dto.SearchWithPage) (int64, interface{}, error)
 	CreateCompose(req dto.ComposeCreate) (string, error)
 	ComposeOperation(req dto.ComposeOperation) error
-	ContainerCreate(req dto.ContainerCreate) error
+	ContainerCreate(req dto.ContainerOperate) error
+	ContainerUpdate(req dto.ContainerOperate) error
+	ContainerUpgrade(req dto.ContainerUpgrade) error
+	ContainerInfo(req dto.OperationWithName) (*dto.ContainerOperate, error)
+	ContainerListStats() ([]dto.ContainerListStats, error)
+	LoadResouceLimit() (*dto.ResourceLimit, error)
 	ContainerLogClean(req dto.OperationWithName) error
 	ContainerOperation(req dto.ContainerOperation) error
-	ContainerLogs(param dto.ContainerLog) (string, error)
-	ContainerStats(id string) (*dto.ContainterStats, error)
+	ContainerLogs(wsConn *websocket.Conn, container, since, tail string, follow bool) error
+	ContainerStats(id string) (*dto.ContainerStats, error)
 	Inspect(req dto.InspectReq) (string, error)
 	DeleteNetwork(req dto.BatchDelete) error
 	CreateNetwork(req dto.NetworkCreate) error
@@ -52,6 +64,8 @@ type IContainerService interface {
 	TestCompose(req dto.ComposeCreate) (bool, error)
 	ComposeUpdate(req dto.ComposeUpdate) error
 	Prune(req dto.ContainerPrune) (dto.ContainerPruneReport, error)
+
+	LoadContainerLogs(req dto.OperationWithNameAndType) string
 }

 func NewIContainerService() IContainerService {
@@ -60,9 +74,8 @@ func NewIContainerService() IContainerService {

 func (u *ContainerService) Page(req dto.PageContainer) (int64, interface{}, error) {
 	var (
-		records   []types.Container
-		list      []types.Container
-		backDatas []dto.ContainerInfo
+		records []types.Container
+		list    []types.Container
 	)
 	client, err := docker.NewDockerClient()
 	if err != nil {
@@ -88,9 +101,30 @@ func (u *ContainerService) Page(req dto.PageContainer) (int64, interface{}, erro
 			}
 		}
 	}
-	sort.Slice(list, func(i, j int) bool {
-		return list[i].Created > list[j].Created
-	})
+	switch req.OrderBy {
+	case "name":
+		sort.Slice(list, func(i, j int) bool {
+			if req.Order == constant.OrderAsc {
+				return list[i].Names[0][1:] < list[j].Names[0][1:]
+			}
+			return list[i].Names[0][1:] > list[j].Names[0][1:]
+		})
+	case "state":
+		sort.Slice(list, func(i, j int) bool {
+			if req.Order == constant.OrderAsc {
+				return list[i].State < list[j].State
+			}
+			return list[i].State > list[j].State
+		})
+	default:
+		sort.Slice(list, func(i, j int) bool {
+			if req.Order == constant.OrderAsc {
+				return list[i].Created < list[j].Created
+			}
+			return list[i].Created > list[j].Created
+		})
+	}
+
 	total, start, end := len(list), (req.Page-1)*req.PageSize, req.Page*req.PageSize
 	if start > total {
 		records = make([]types.Container, 0)
@@ -101,49 +135,87 @@ func (u *ContainerService) Page(req dto.PageContainer) (int64, interface{}, erro
 		records = list[start:end]
 	}

-	var wg sync.WaitGroup
-	wg.Add(len(records))
-	for _, container := range records {
-		go func(item types.Container) {
-			IsFromCompose := false
-			if _, ok := item.Labels[composeProjectLabel]; ok {
-				IsFromCompose = true
-			}
-			IsFromApp := false
-			if created, ok := item.Labels[composeCreatedBy]; ok && created == "Apps" {
-				IsFromApp = true
-			}
+	backDatas := make([]dto.ContainerInfo, len(records))
+	for i := 0; i < len(records); i++ {
+		item := records[i]
+		IsFromCompose := false
+		if _, ok := item.Labels[composeProjectLabel]; ok {
+			IsFromCompose = true
+		}
+		IsFromApp := false
+		if created, ok := item.Labels[composeCreatedBy]; ok && created == "Apps" {
+			IsFromApp = true
+		}

-			var ports []string
-			for _, port := range item.Ports {
-				if port.IP == "::" || port.PublicPort == 0 {
-					continue
-				}
-				ports = append(ports, fmt.Sprintf("%v:%v/%s", port.PublicPort, port.PrivatePort, port.Type))
+		var ports []string
+		for _, port := range item.Ports {
+			itemPortStr := fmt.Sprintf("%v/%s", port.PrivatePort, port.Type)
+			if port.PublicPort != 0 {
+				itemPortStr = fmt.Sprintf("%s:%v->%v/%s", port.IP, port.PublicPort, port.PrivatePort, port.Type)
 			}
-			cpu, mem := loadCpuAndMem(client, item.ID)
-			backDatas = append(backDatas, dto.ContainerInfo{
-				ContainerID:   item.ID,
-				CreateTime:    time.Unix(item.Created, 0).Format("2006-01-02 15:04:05"),
-				Name:          item.Names[0][1:],
-				ImageId:       strings.Split(item.ImageID, ":")[1],
-				ImageName:     item.Image,
-				State:         item.State,
-				RunTime:       item.Status,
-				CPUPercent:    cpu,
-				MemoryPercent: mem,
-				Ports:         ports,
-				IsFromApp:     IsFromApp,
-				IsFromCompose: IsFromCompose,
-			})
-			wg.Done()
-		}(container)
+			ports = append(ports, itemPortStr)
+		}
+		backDatas[i] = dto.ContainerInfo{
+			ContainerID:   item.ID,
+			CreateTime:    time.Unix(item.Created, 0).Format("2006-01-02 15:04:05"),
+			Name:          item.Names[0][1:],
+			ImageId:       strings.Split(item.ImageID, ":")[1],
+			ImageName:     item.Image,
+			State:         item.State,
+			RunTime:       item.Status,
+			Ports:         ports,
+			IsFromApp:     IsFromApp,
+			IsFromCompose: IsFromCompose,
+		}
 	}
-	wg.Wait()

 	return int64(total), backDatas, nil
 }

+func (u *ContainerService) List() ([]string, error) {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return nil, err
+	}
+	containers, err := client.ContainerList(context.Background(), types.ContainerListOptions{All: true})
+	if err != nil {
+		return nil, err
+	}
+	var datas []string
+	for _, container := range containers {
+		for _, name := range container.Names {
+			if len(name) != 0 {
+				datas = append(datas, strings.TrimPrefix(name, "/"))
+			}
+		}
+	}
+
+	return datas, nil
+}
+
+func (u *ContainerService) ContainerListStats() ([]dto.ContainerListStats, error) {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return nil, err
+	}
+	list, err := client.ContainerList(context.Background(), types.ContainerListOptions{All: true})
+	if err != nil {
+		return nil, err
+	}
+	var datas []dto.ContainerListStats
+	var wg sync.WaitGroup
+	wg.Add(len(list))
+	for i := 0; i < len(list); i++ {
+		go func(item types.Container) {
+			cpu, mem := loadCpuAndMem(client, item.ID)
+			datas = append(datas, dto.ContainerListStats{CPUPercent: cpu, MemoryPercent: mem, ContainerID: item.ID})
+			wg.Done()
+		}(list[i])
+	}
+	wg.Wait()
+	return datas, nil
+}
+
 func (u *ContainerService) Inspect(req dto.InspectReq) (string, error) {
 	client, err := docker.NewDockerClient()
 	if err != nil {
@@ -213,63 +285,52 @@ func (u *ContainerService) Prune(req dto.ContainerPrune) (dto.ContainerPruneRepo
 	return report, nil
 }

-func (u *ContainerService) ContainerCreate(req dto.ContainerCreate) error {
-	portMap, err := checkPortStats(req.ExposedPorts)
+func (u *ContainerService) LoadResouceLimit() (*dto.ResourceLimit, error) {
+	cpuCounts, err := cpu.Counts(true)
 	if err != nil {
-		return err
+		return nil, fmt.Errorf("load cpu limit failed, err: %v", err)
 	}
+	memoryInfo, err := mem.VirtualMemory()
+	if err != nil {
+		return nil, fmt.Errorf("load memory limit failed, err: %v", err)
+	}
+
+	data := dto.ResourceLimit{
+		CPU:    cpuCounts,
+		Memory: int(memoryInfo.Total),
+	}
+	return &data, nil
+}
+
+func (u *ContainerService) ContainerCreate(req dto.ContainerOperate) error {
 	client, err := docker.NewDockerClient()
 	if err != nil {
 		return err
 	}
+	ctx := context.Background()
+	newContainer, _ := client.ContainerInspect(ctx, req.Name)
+	if newContainer.ContainerJSONBase != nil {
+		return buserr.New(constant.ErrContainerName)
+	}

-	exposeds := make(nat.PortSet)
-	for port := range portMap {
-		exposeds[port] = struct{}{}
-	}
-	config := &container.Config{
-		Image:        req.Image,
-		Cmd:          req.Cmd,
-		Env:          req.Env,
-		Labels:       stringsToMap(req.Labels),
-		Tty:          true,
-		OpenStdin:    true,
-		ExposedPorts: exposeds,
-	}
-	hostConf := &container.HostConfig{
-		AutoRemove:      req.AutoRemove,
-		PublishAllPorts: req.PublishAllPorts,
-		RestartPolicy:   container.RestartPolicy{Name: req.RestartPolicy},
-	}
-	if req.RestartPolicy == "on-failure" {
-		hostConf.RestartPolicy.MaximumRetryCount = 5
-	}
-	if req.NanoCPUs != 0 {
-		hostConf.NanoCPUs = req.NanoCPUs * 1000000000
-	}
-	if req.Memory != 0 {
-		hostConf.Memory = req.Memory
-	}
-	if len(req.ExposedPorts) != 0 {
-		hostConf.PortBindings = portMap
-	}
-	if len(req.Volumes) != 0 {
-		config.Volumes = make(map[string]struct{})
-		for _, volume := range req.Volumes {
-			config.Volumes[volume.ContainerDir] = struct{}{}
-			hostConf.Binds = append(hostConf.Binds, fmt.Sprintf("%s:%s:%s", volume.SourceDir, volume.ContainerDir, volume.Mode))
-		}
+	var config container.Config
+	var hostConf container.HostConfig
+	var networkConf network.NetworkingConfig
+	if err := loadConfigInfo(req, &config, &hostConf, &networkConf); err != nil {
+		return err
 	}

 	global.LOG.Infof("new container info %s has been made, now start to create", req.Name)

-	ctx := context.Background()
-	if !checkImageExist(client, req.Image) {
+	if !checkImageExist(client, req.Image) || req.ForcePull {
 		if err := pullImages(ctx, client, req.Image); err != nil {
-			return err
+			if !req.ForcePull {
+				return err
+			}
+			global.LOG.Errorf("force pull image %s failed, err: %v", req.Image, err)
 		}
 	}
-	container, err := client.ContainerCreate(ctx, config, hostConf, &network.NetworkingConfig{}, &v1.Platform{}, req.Name)
+	container, err := client.ContainerCreate(ctx, &config, &hostConf, &networkConf, &v1.Platform{}, req.Name)
 	if err != nil {
 		_ = client.ContainerRemove(ctx, req.Name, types.ContainerRemoveOptions{RemoveVolumes: true, Force: true})
 		return err
@@ -282,6 +343,156 @@ func (u *ContainerService) ContainerCreate(req dto.ContainerCreate) error {
 	return nil
 }

+func (u *ContainerService) ContainerInfo(req dto.OperationWithName) (*dto.ContainerOperate, error) {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return nil, err
+	}
+	ctx := context.Background()
+	oldContainer, err := client.ContainerInspect(ctx, req.Name)
+	if err != nil {
+		return nil, err
+	}
+
+	var data dto.ContainerOperate
+	data.ContainerID = oldContainer.ID
+	data.Name = strings.ReplaceAll(oldContainer.Name, "/", "")
+	data.Image = oldContainer.Config.Image
+	if oldContainer.NetworkSettings != nil {
+		for network := range oldContainer.NetworkSettings.Networks {
+			data.Network = network
+			break
+		}
+	}
+	data.Cmd = oldContainer.Config.Cmd
+	data.Env = oldContainer.Config.Env
+	data.CPUShares = oldContainer.HostConfig.CPUShares
+	for key, val := range oldContainer.Config.Labels {
+		data.Labels = append(data.Labels, fmt.Sprintf("%s=%s", key, val))
+	}
+	for key, val := range oldContainer.HostConfig.PortBindings {
+		var itemPort dto.PortHelper
+		if !strings.Contains(string(key), "/") {
+			continue
+		}
+		itemPort.ContainerPort = strings.Split(string(key), "/")[0]
+		itemPort.Protocol = strings.Split(string(key), "/")[1]
+		for _, binds := range val {
+			itemPort.HostIP = binds.HostIP
+			itemPort.HostPort = binds.HostPort
+			data.ExposedPorts = append(data.ExposedPorts, itemPort)
+		}
+	}
+	data.AutoRemove = oldContainer.HostConfig.AutoRemove
+	data.PublishAllPorts = oldContainer.HostConfig.PublishAllPorts
+	data.RestartPolicy = oldContainer.HostConfig.RestartPolicy.Name
+	if oldContainer.HostConfig.NanoCPUs != 0 {
+		data.NanoCPUs = float64(oldContainer.HostConfig.NanoCPUs) / 1000000000
+	}
+	if oldContainer.HostConfig.Memory != 0 {
+		data.Memory = float64(oldContainer.HostConfig.Memory) / 1024 / 1024
+	}
+	data.Volumes = loadVolumeBinds(oldContainer.HostConfig.Binds)
+
+	return &data, nil
+}
+
+func (u *ContainerService) ContainerUpdate(req dto.ContainerOperate) error {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return err
+	}
+	ctx := context.Background()
+	newContainer, _ := client.ContainerInspect(ctx, req.Name)
+	if newContainer.ContainerJSONBase != nil && newContainer.ID != req.ContainerID {
+		return buserr.New(constant.ErrContainerName)
+	}
+
+	oldContainer, err := client.ContainerInspect(ctx, req.ContainerID)
+	if err != nil {
+		return err
+	}
+	if !checkImageExist(client, req.Image) || req.ForcePull {
+		if err := pullImages(ctx, client, req.Image); err != nil {
+			if !req.ForcePull {
+				return err
+			}
+			global.LOG.Errorf("force pull image %s failed, err: %v", req.Image, err)
+		}
+	}
+
+	if err := client.ContainerRemove(ctx, req.ContainerID, types.ContainerRemoveOptions{Force: true}); err != nil {
+		return err
+	}
+
+	config := oldContainer.Config
+	hostConf := oldContainer.HostConfig
+	var networkConf network.NetworkingConfig
+	if err := loadConfigInfo(req, config, hostConf, &networkConf); err != nil {
+		reCreateAfterUpdate(req.Name, client, oldContainer.Config, oldContainer.HostConfig, oldContainer.NetworkSettings)
+		return err
+	}
+
+	global.LOG.Infof("new container info %s has been update, now start to recreate", req.Name)
+	container, err := client.ContainerCreate(ctx, config, hostConf, &networkConf, &v1.Platform{}, req.Name)
+	if err != nil {
+		reCreateAfterUpdate(req.Name, client, oldContainer.Config, oldContainer.HostConfig, oldContainer.NetworkSettings)
+		return fmt.Errorf("update contianer failed, err: %v", err)
+	}
+	global.LOG.Infof("update container %s successful! now check if the container is started.", req.Name)
+	if err := client.ContainerStart(ctx, container.ID, types.ContainerStartOptions{}); err != nil {
+		return fmt.Errorf("update successful but start failed, err: %v", err)
+	}
+
+	return nil
+}
+
+func (u *ContainerService) ContainerUpgrade(req dto.ContainerUpgrade) error {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return err
+	}
+	ctx := context.Background()
+	oldContainer, err := client.ContainerInspect(ctx, req.Name)
+	if err != nil {
+		return err
+	}
+	if !checkImageExist(client, req.Image) || req.ForcePull {
+		if err := pullImages(ctx, client, req.Image); err != nil {
+			if !req.ForcePull {
+				return err
+			}
+			global.LOG.Errorf("force pull image %s failed, err: %v", req.Image, err)
+		}
+	}
+	config := oldContainer.Config
+	config.Image = req.Image
+	hostConf := oldContainer.HostConfig
+	var networkConf network.NetworkingConfig
+	if oldContainer.NetworkSettings != nil {
+		for networkKey := range oldContainer.NetworkSettings.Networks {
+			networkConf.EndpointsConfig = map[string]*network.EndpointSettings{networkKey: {}}
+			break
+		}
+	}
+	if err := client.ContainerRemove(ctx, req.Name, types.ContainerRemoveOptions{Force: true}); err != nil {
+		return err
+	}
+
+	global.LOG.Infof("new container info %s has been update, now start to recreate", req.Name)
+	container, err := client.ContainerCreate(ctx, config, hostConf, &networkConf, &v1.Platform{}, req.Name)
+	if err != nil {
+		reCreateAfterUpdate(req.Name, client, oldContainer.Config, oldContainer.HostConfig, oldContainer.NetworkSettings)
+		return fmt.Errorf("upgrade contianer failed, err: %v", err)
+	}
+	global.LOG.Infof("upgrade container %s successful! now check if the container is started.", req.Name)
+	if err := client.ContainerStart(ctx, container.ID, types.ContainerStartOptions{}); err != nil {
+		return fmt.Errorf("upgrade successful but start failed, err: %v", err)
+	}
+
+	return nil
+}
+
 func (u *ContainerService) ContainerOperation(req dto.ContainerOperation) error {
 	var err error
 	ctx := context.Background()
@@ -304,6 +515,10 @@ func (u *ContainerService) ContainerOperation(req dto.ContainerOperation) error
 	case constant.ContainerOpUnpause:
 		err = client.ContainerUnpause(ctx, req.Name)
 	case constant.ContainerOpRename:
+		newContainer, _ := client.ContainerInspect(ctx, req.NewName)
+		if newContainer.ContainerJSONBase != nil {
+			return buserr.New(constant.ErrContainerName)
+		}
 		err = client.ContainerRename(ctx, req.Name, req.NewName)
 	case constant.ContainerOpRemove:
 		err = client.ContainerRemove(ctx, req.Name, types.ContainerRemoveOptions{RemoveVolumes: true, Force: true})
@@ -329,22 +544,57 @@ func (u *ContainerService) ContainerLogClean(req dto.OperationWithName) error {
 		return err
 	}
 	_, _ = file.Seek(0, 0)
+
+	files, _ := filepath.Glob(fmt.Sprintf("%s.*", container.LogPath))
+	for _, file := range files {
+		_ = os.Remove(file)
+	}
 	return nil
 }

-func (u *ContainerService) ContainerLogs(req dto.ContainerLog) (string, error) {
-	cmd := exec.Command("docker", "logs", req.ContainerID)
-	if req.Mode != "all" {
-		cmd = exec.Command("docker", "logs", req.ContainerID, "--since", req.Mode)
+func (u *ContainerService) ContainerLogs(wsConn *websocket.Conn, container, since, tail string, follow bool) error {
+	if cmd.CheckIllegal(container, since, tail) {
+		return buserr.New(constant.ErrCmdIllegal)
 	}
-	stdout, err := cmd.CombinedOutput()
+	command := fmt.Sprintf("docker logs %s", container)
+	if tail != "0" {
+		command += " -n " + tail
+	}
+	if since != "all" {
+		command += " --since " + since
+	}
+	if follow {
+		command += " -f"
+	}
+	command += " 2>&1"
+	cmd := exec.Command("bash", "-c", command)
+	stdout, err := cmd.StdoutPipe()
 	if err != nil {
-		return "", errors.New(string(stdout))
+		return err
 	}
-	return string(stdout), nil
+	if err := cmd.Start(); err != nil {
+		return err
+	}
+
+	buffer := make([]byte, 1024)
+	for {
+		n, err := stdout.Read(buffer)
+		if err != nil {
+			if err == io.EOF {
+				break
+			}
+			global.LOG.Errorf("read bytes from container log failed, err: %v", err)
+			continue
+		}
+		if err = wsConn.WriteMessage(websocket.TextMessage, buffer[:n]); err != nil {
+			global.LOG.Errorf("send message with container log to ws failed, err: %v", err)
+			break
+		}
+	}
+	return nil
 }

-func (u *ContainerService) ContainerStats(id string) (*dto.ContainterStats, error) {
+func (u *ContainerService) ContainerStats(id string) (*dto.ContainerStats, error) {
 	client, err := docker.NewDockerClient()
 	if err != nil {
 		return nil, err
@@ -365,7 +615,7 @@ func (u *ContainerService) ContainerStats(id string) (*dto.ContainterStats, erro
 	if err := json.Unmarshal(body, &stats); err != nil {
 		return nil, err
 	}
-	var data dto.ContainterStats
+	var data dto.ContainerStats
 	data.CPUPercent = calculateCPUPercentUnix(stats)
 	data.IORead, data.IOWrite = calculateBlockIO(stats.BlkioStats)
 	data.Memory = float64(stats.MemoryStats.Usage) / 1024 / 1024
@@ -378,6 +628,48 @@ func (u *ContainerService) ContainerStats(id string) (*dto.ContainterStats, erro
 	return &data, nil
 }

+func (u *ContainerService) LoadContainerLogs(req dto.OperationWithNameAndType) string {
+	filePath := ""
+	switch req.Type {
+	case "image-pull", "image-push", "image-build":
+		filePath = path.Join(global.CONF.System.TmpDir, fmt.Sprintf("docker_logs/%s", req.Name))
+	case "compose-detail", "compose-create":
+		client, err := docker.NewDockerClient()
+		if err != nil {
+			return ""
+		}
+		options := types.ContainerListOptions{All: true}
+		options.Filters = filters.NewArgs()
+		options.Filters.Add("label", fmt.Sprintf("%s=%s", composeProjectLabel, req.Name))
+		containers, err := client.ContainerList(context.Background(), options)
+		if err != nil {
+			return ""
+		}
+		for _, container := range containers {
+			config := container.Labels[composeConfigLabel]
+			workdir := container.Labels[composeWorkdirLabel]
+			if len(config) != 0 && len(workdir) != 0 && strings.Contains(config, workdir) {
+				filePath = config
+				break
+			} else {
+				filePath = workdir
+				break
+			}
+		}
+		if req.Type == "compose-create" {
+			filePath = path.Join(path.Dir(filePath), "compose.log")
+		}
+	}
+	if _, err := os.Stat(filePath); err != nil {
+		return ""
+	}
+	content, err := os.ReadFile(filePath)
+	if err != nil {
+		return ""
+	}
+	return string(content)
+}
+
 func stringsToMap(list []string) map[string]string {
 	var lableMap = make(map[string]string)
 	for _, label := range list {
@@ -529,3 +821,103 @@ func checkPortStats(ports []dto.PortHelper) (nat.PortMap, error) {
 	}
 	return portMap, nil
 }
+
+func loadConfigInfo(req dto.ContainerOperate, config *container.Config, hostConf *container.HostConfig, networkConf *network.NetworkingConfig) error {
+	portMap, err := checkPortStats(req.ExposedPorts)
+	if err != nil {
+		return err
+	}
+	exposeds := make(nat.PortSet)
+	for port := range portMap {
+		exposeds[port] = struct{}{}
+	}
+	config.Image = req.Image
+	config.Cmd = req.Cmd
+	config.Env = req.Env
+	config.Labels = stringsToMap(req.Labels)
+	config.ExposedPorts = exposeds
+
+	if len(req.Network) != 0 {
+		networkConf.EndpointsConfig = map[string]*network.EndpointSettings{req.Network: {}}
+	} else {
+		networkConf = &network.NetworkingConfig{}
+	}
+
+	hostConf.AutoRemove = req.AutoRemove
+	hostConf.CPUShares = req.CPUShares
+	hostConf.PublishAllPorts = req.PublishAllPorts
+	hostConf.RestartPolicy = container.RestartPolicy{Name: req.RestartPolicy}
+	if req.RestartPolicy == "on-failure" {
+		hostConf.RestartPolicy.MaximumRetryCount = 5
+	}
+	hostConf.NanoCPUs = int64(req.NanoCPUs * 1000000000)
+	hostConf.Memory = int64(req.Memory * 1024 * 1024)
+	hostConf.PortBindings = portMap
+	hostConf.Binds = []string{}
+	config.Volumes = make(map[string]struct{})
+	for _, volume := range req.Volumes {
+		config.Volumes[volume.ContainerDir] = struct{}{}
+		hostConf.Binds = append(hostConf.Binds, fmt.Sprintf("%s:%s:%s", volume.SourceDir, volume.ContainerDir, volume.Mode))
+	}
+	return nil
+}
+
+func reCreateAfterUpdate(name string, client *client.Client, config *container.Config, hostConf *container.HostConfig, networkConf *types.NetworkSettings) {
+	ctx := context.Background()
+
+	var oldNetworkConf network.NetworkingConfig
+	if networkConf != nil {
+		for networkKey := range networkConf.Networks {
+			oldNetworkConf.EndpointsConfig = map[string]*network.EndpointSettings{networkKey: {}}
+			break
+		}
+	}
+
+	oldContainer, err := client.ContainerCreate(ctx, config, hostConf, &oldNetworkConf, &v1.Platform{}, name)
+	if err != nil {
+		global.LOG.Errorf("recreate after container update failed, err: %v", err)
+		return
+	}
+	if err := client.ContainerStart(ctx, oldContainer.ID, types.ContainerStartOptions{}); err != nil {
+		global.LOG.Errorf("restart after container update failed, err: %v", err)
+	}
+}
+
+func loadVolumeBinds(binds []string) []dto.VolumeHelper {
+	var datas []dto.VolumeHelper
+	for _, bind := range binds {
+		parts := strings.Split(bind, ":")
+		var volumeItem dto.VolumeHelper
+		if len(parts) > 3 {
+			continue
+		}
+		volumeItem.SourceDir = parts[0]
+		if len(parts) == 1 {
+			volumeItem.ContainerDir = parts[0]
+			volumeItem.Mode = "rw"
+		}
+		if len(parts) == 2 {
+			switch parts[1] {
+			case "r", "ro":
+				volumeItem.ContainerDir = parts[0]
+				volumeItem.Mode = "ro"
+			case "rw":
+				volumeItem.ContainerDir = parts[0]
+				volumeItem.Mode = "rw"
+			default:
+				volumeItem.ContainerDir = parts[1]
+				volumeItem.Mode = "rw"
+			}
+		}
+		if len(parts) == 3 {
+			volumeItem.ContainerDir = parts[1]
+			if parts[2] == "r" {
+				volumeItem.Mode = "ro"
+			} else {
+				volumeItem.Mode = parts[2]
+			}
+		}
+		datas = append(datas, volumeItem)
+	}
+	return datas
+}
--- a/backend/app/service/container_compose.go
+++ b/backend/app/service/container_compose.go
@@ -14,8 +14,10 @@ import (

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/1Panel-dev/1Panel/backend/utils/compose"
 	"github.com/1Panel-dev/1Panel/backend/utils/docker"
 	"github.com/docker/docker/api/types"
@@ -92,7 +94,7 @@ func (u *ContainerService) PageCompose(req dto.SearchWithPage) (int64, interface
 		}
 	}
 	for _, item := range composeCreatedByLocal {
-		if err := composeRepo.DeleteRecord(commonRepo.WithByName(item.Name)); err != nil {
+		if err := composeRepo.DeleteRecord(commonRepo.WithByID(item.ID)); err != nil {
 			global.LOG.Error(err)
 		}
 	}
@@ -127,6 +129,13 @@ func (u *ContainerService) PageCompose(req dto.SearchWithPage) (int64, interface
 }

 func (u *ContainerService) TestCompose(req dto.ComposeCreate) (bool, error) {
+	if cmd.CheckIllegal(req.Path) {
+		return false, buserr.New(constant.ErrCmdIllegal)
+	}
+	composeItem, _ := composeRepo.GetRecord(commonRepo.WithByName(req.Name))
+	if composeItem.ID != 0 {
+		return false, constant.ErrRecordExist
+	}
 	if err := u.loadPath(&req); err != nil {
 		return false, err
 	}
@@ -139,13 +148,16 @@ func (u *ContainerService) TestCompose(req dto.ComposeCreate) (bool, error) {
 }

 func (u *ContainerService) CreateCompose(req dto.ComposeCreate) (string, error) {
+	if cmd.CheckIllegal(req.Name, req.Path) {
+		return "", buserr.New(constant.ErrCmdIllegal)
+	}
 	if err := u.loadPath(&req); err != nil {
 		return "", err
 	}
 	global.LOG.Infof("docker-compose.yml %s create successful, start to docker-compose up", req.Name)

 	if req.From == "path" {
-		req.Name = path.Base(strings.ReplaceAll(req.Path, "/"+path.Base(req.Path), ""))
+		req.Name = path.Base(path.Dir(req.Path))
 	}
 	logName := path.Dir(req.Path) + "/compose.log"
 	file, err := os.OpenFile(logName, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
@@ -169,10 +181,13 @@ func (u *ContainerService) CreateCompose(req dto.ComposeCreate) (string, error)
 		_, _ = file.WriteString("docker-compose up successful!")
 	}()

-	return logName, nil
+	return req.Name, nil
 }

 func (u *ContainerService) ComposeOperation(req dto.ComposeOperation) error {
+	if cmd.CheckIllegal(req.Path, req.Operation) {
+		return buserr.New(constant.ErrCmdIllegal)
+	}
 	if _, err := os.Stat(req.Path); err != nil {
 		return fmt.Errorf("load file with path %s failed, %v", req.Path, err)
 	}
@@ -191,6 +206,9 @@ func (u *ContainerService) ComposeOperation(req dto.ComposeOperation) error {
 }

 func (u *ContainerService) ComposeUpdate(req dto.ComposeUpdate) error {
+	if cmd.CheckIllegal(req.Name, req.Path) {
+		return buserr.New(constant.ErrCmdIllegal)
+	}
 	if _, err := os.Stat(req.Path); err != nil {
 		return fmt.Errorf("load file with path %s failed, %v", req.Path, err)
 	}
--- a/backend/app/service/container_network.go
+++ b/backend/app/service/container_network.go
@@ -75,6 +75,26 @@ func (u *ContainerService) PageNetwork(req dto.SearchWithPage) (int64, interface

 	return int64(total), data, nil
 }
+
+func (u *ContainerService) ListNetwork() ([]dto.Options, error) {
+	client, err := docker.NewDockerClient()
+	if err != nil {
+		return nil, err
+	}
+	list, err := client.NetworkList(context.TODO(), types.NetworkListOptions{})
+	if err != nil {
+		return nil, err
+	}
+	var datas []dto.Options
+	for _, item := range list {
+		datas = append(datas, dto.Options{Option: item.Name})
+	}
+	sort.Slice(datas, func(i, j int) bool {
+		return datas[i].Option < datas[j].Option
+	})
+	return datas, nil
+}
+
 func (u *ContainerService) DeleteNetwork(req dto.BatchDelete) error {
 	client, err := docker.NewDockerClient()
 	if err != nil {
--- a/backend/app/service/container_volume.go
+++ b/backend/app/service/container_volume.go
@@ -80,13 +80,16 @@ func (u *ContainerService) ListVolume() ([]dto.Options, error) {
 	if err != nil {
 		return nil, err
 	}
-	var data []dto.Options
+	var datas []dto.Options
 	for _, item := range list.Volumes {
-		data = append(data, dto.Options{
+		datas = append(datas, dto.Options{
 			Option: item.Name,
 		})
 	}
-	return data, nil
+	sort.Slice(datas, func(i, j int) bool {
+		return datas[i].Option < datas[j].Option
+	})
+	return datas, nil
 }
 func (u *ContainerService) DeleteVolume(req dto.BatchDelete) error {
 	client, err := docker.NewDockerClient()
--- a/backend/app/service/cornjob.go
+++ b/backend/app/service/cornjob.go
@@ -9,6 +9,7 @@ import (

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/jinzhu/copier"
@@ -29,6 +30,8 @@ type ICronjobService interface {
 	Download(down dto.CronjobDownload) (string, error)
 	StartJob(cronjob *model.Cronjob) (int, error)
 	CleanRecord(req dto.CronjobClean) error
+
+	LoadRecordLog(req dto.OperateByID) (string, error)
 }

 func NewICronjobService() ICronjobService {
@@ -36,7 +39,7 @@ func NewICronjobService() ICronjobService {
 }

 func (u *CronjobService) SearchWithPage(search dto.SearchWithPage) (int64, interface{}, error) {
-	total, cronjobs, err := cronjobRepo.Page(search.Page, search.PageSize, commonRepo.WithLikeName(search.Info))
+	total, cronjobs, err := cronjobRepo.Page(search.Page, search.PageSize, commonRepo.WithLikeName(search.Info), commonRepo.WithOrderRuleBy(search.OrderBy, search.Order))
 	var dtoCronjobs []dto.CronjobInfo
 	for _, cronjob := range cronjobs {
 		var item dto.CronjobInfo
@@ -80,6 +83,21 @@ func (u *CronjobService) SearchRecords(search dto.SearchRecord) (int64, interfac
 	return total, dtoCronjobs, err
 }

+func (u *CronjobService) LoadRecordLog(req dto.OperateByID) (string, error) {
+	record, err := cronjobRepo.GetRecord(commonRepo.WithByID(req.ID))
+	if err != nil {
+		return "", err
+	}
+	if _, err := os.Stat(record.Records); err != nil {
+		return "", buserr.New("ErrHttpReqNotFound")
+	}
+	content, err := os.ReadFile(record.Records)
+	if err != nil {
+		return "", err
+	}
+	return string(content), nil
+}
+
 func (u *CronjobService) CleanRecord(req dto.CronjobClean) error {
 	cronjob, err := cronjobRepo.Get(commonRepo.WithByID(req.CronjobID))
 	if err != nil {
@@ -100,9 +118,9 @@ func (u *CronjobService) CleanRecord(req dto.CronjobClean) error {
 			if err != nil {
 				return err
 			}
-			u.HandleRmExpired(backup.Type, localDir, &cronjob, client)
+			u.HandleRmExpired(backup.Type, backup.BackupPath, localDir, &cronjob, client)
 		} else {
-			u.HandleRmExpired(backup.Type, "", &cronjob, nil)
+			u.HandleRmExpired(backup.Type, backup.BackupPath, "", &cronjob, nil)
 		}
 	}
 	delRecords, err := cronjobRepo.ListRecord(cronjobRepo.WithByJobID(int(req.CronjobID)))
@@ -123,29 +141,27 @@ func (u *CronjobService) Download(down dto.CronjobDownload) (string, error) {
 	if record.ID == 0 {
 		return "", constant.ErrRecordNotFound
 	}
-	cronjob, _ := cronjobRepo.Get(commonRepo.WithByID(record.CronjobID))
-	if cronjob.ID == 0 {
-		return "", constant.ErrRecordNotFound
-	}
 	backup, _ := backupRepo.Get(commonRepo.WithByID(down.BackupAccountID))
-	if cronjob.ID == 0 {
+	if backup.ID == 0 {
 		return "", constant.ErrRecordNotFound
 	}
 	if backup.Type == "LOCAL" || record.FromLocal {
 		if _, err := os.Stat(record.File); err != nil && os.IsNotExist(err) {
-			return "", constant.ErrRecordNotFound
+			return "", err
 		}
 		return record.File, nil
 	}
-	client, err := NewIBackupService().NewClient(&backup)
-	if err != nil {
-		return "", err
-	}
 	tempPath := fmt.Sprintf("%s/download/%s", constant.DataDir, record.File)
-	_ = os.MkdirAll(path.Dir(tempPath), os.ModePerm)
-	isOK, err := client.Download(record.File, tempPath)
-	if !isOK || err != nil {
-		return "", constant.ErrRecordNotFound
+	if _, err := os.Stat(tempPath); err != nil && os.IsNotExist(err) {
+		client, err := NewIBackupService().NewClient(&backup)
+		if err != nil {
+			return "", err
+		}
+		_ = os.MkdirAll(path.Dir(tempPath), os.ModePerm)
+		isOK, err := client.Download(record.File, tempPath)
+		if !isOK || err != nil {
+			return "", err
+		}
 	}
 	return tempPath, nil
 }
@@ -238,6 +254,7 @@ func (u *CronjobService) Update(id uint, req dto.CronjobUpdate) error {
 	upMap["name"] = req.Name
 	upMap["spec"] = cronjob.Spec
 	upMap["script"] = req.Script
+	upMap["container_name"] = req.ContainerName
 	upMap["spec_type"] = req.SpecType
 	upMap["week"] = req.Week
 	upMap["day"] = req.Day
--- a/backend/app/service/cronjob_helper.go
+++ b/backend/app/service/cronjob_helper.go
@@ -5,12 +5,12 @@ import (
 	"fmt"
 	"os"
 	"path"
+	"strconv"
 	"strings"
 	"sync"
 	"time"

 	"github.com/1Panel-dev/1Panel/backend/app/model"
-	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cloud_storage"
@@ -32,17 +32,21 @@ func (u *CronjobService) HandleJob(cronjob *model.Cronjob) {
 			if len(cronjob.Script) == 0 {
 				return
 			}
-			message, err = u.handleShell(cronjob.Type, cronjob.Name, cronjob.Script)
-			u.HandleRmExpired("LOCAL", "", cronjob, nil)
+			if len(cronjob.ContainerName) != 0 {
+				message, err = u.handleShell(cronjob.Type, cronjob.Name, fmt.Sprintf("docker exec %s %s", cronjob.ContainerName, cronjob.Script))
+			} else {
+				message, err = u.handleShell(cronjob.Type, cronjob.Name, cronjob.Script)
+			}
+			u.HandleRmExpired("LOCAL", "", "", cronjob, nil)
 		case "curl":
 			if len(cronjob.URL) == 0 {
 				return
 			}
 			message, err = u.handleShell(cronjob.Type, cronjob.Name, fmt.Sprintf("curl '%s'", cronjob.URL))
-			u.HandleRmExpired("LOCAL", "", cronjob, nil)
+			u.HandleRmExpired("LOCAL", "", "", cronjob, nil)
 		case "ntp":
 			err = u.handleNtpSync()
-			u.HandleRmExpired("LOCAL", "", cronjob, nil)
+			u.HandleRmExpired("LOCAL", "", "", cronjob, nil)
 		case "website":
 			record.File, err = u.handleBackup(cronjob, record.StartTime)
 		case "database":
@@ -114,18 +118,14 @@ func (u *CronjobService) handleBackup(cronjob *model.Cronjob, startTime time.Tim

 	switch cronjob.Type {
 	case "database":
-		app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-		if err != nil {
-			return "", err
-		}
-		paths, err := u.handleDatabase(*cronjob, app, backup, startTime)
+		paths, err := u.handleDatabase(*cronjob, backup, startTime)
 		return strings.Join(paths, ","), err
 	case "website":
 		paths, err := u.handleWebsite(*cronjob, backup, startTime)
 		return strings.Join(paths, ","), err
 	default:
 		fileName := fmt.Sprintf("directory%s_%s.tar.gz", strings.ReplaceAll(cronjob.SourceDir, "/", "_"), startTime.Format("20060102150405"))
-		backupDir := fmt.Sprintf("%s/%s/%s", localDir, cronjob.Type, cronjob.Name)
+		backupDir := path.Join(localDir, fmt.Sprintf("%s/%s", cronjob.Type, cronjob.Name))
 		itemFileDir := fmt.Sprintf("%s/%s", cronjob.Type, cronjob.Name)
 		global.LOG.Infof("handle tar %s to %s", backupDir, fileName)
 		if err := handleTar(cronjob.SourceDir, backupDir, fileName, cronjob.ExclusionRules); err != nil {
@@ -142,39 +142,55 @@ func (u *CronjobService) handleBackup(cronjob *model.Cronjob, startTime time.Tim
 			if err != nil {
 				return "", err
 			}
+			if len(backup.BackupPath) != 0 {
+				itemPath := strings.TrimPrefix(backup.BackupPath, "/")
+				itemPath = strings.TrimSuffix(itemPath, "/") + "/"
+				itemFileDir = itemPath + itemFileDir
+			}
 			if _, err = client.Upload(backupDir+"/"+fileName, itemFileDir+"/"+fileName); err != nil {
 				return "", err
 			}
 		}
-		u.HandleRmExpired(backup.Type, localDir, cronjob, client)
+		u.HandleRmExpired(backup.Type, backup.BackupPath, localDir, cronjob, client)
 		if backup.Type == "LOCAL" || cronjob.KeepLocal {
-			return fmt.Sprintf("%s/%s/%s/%s", localDir, cronjob.Type, cronjob.Name, fileName), nil
+			return fmt.Sprintf("%s/%s", backupDir, fileName), nil
+		} else {
+			return fmt.Sprintf("%s/%s", itemFileDir, fileName), nil
 		}
-		return fmt.Sprintf("%s/%s/%s", cronjob.Type, cronjob.Name, fileName), nil
 	}
 }

-func (u *CronjobService) HandleRmExpired(backType, localDir string, cronjob *model.Cronjob, backClient cloud_storage.CloudStorageClient) {
+func (u *CronjobService) HandleRmExpired(backType, backupPath, localDir string, cronjob *model.Cronjob, backClient cloud_storage.CloudStorageClient) {
 	global.LOG.Infof("start to handle remove expired, retain copies: %d", cronjob.RetainCopies)
 	records, _ := cronjobRepo.ListRecord(cronjobRepo.WithByJobID(int(cronjob.ID)), commonRepo.WithOrderBy("created_at desc"))
-	if len(records) > int(cronjob.RetainCopies) {
-		for i := int(cronjob.RetainCopies); i < len(records); i++ {
-			if len(records[i].File) != 0 {
-				files := strings.Split(records[i].File, ",")
-				for _, file := range files {
-					if backType != "LOCAL" {
-						_, _ = backClient.Delete(strings.ReplaceAll(file, localDir+"/", ""))
-						_ = os.Remove(file)
-					} else {
-						_ = os.Remove(file)
-					}
-					_ = backupRepo.DeleteRecord(context.TODO(), backupRepo.WithByFileName(path.Base(file)))
+	if len(records) <= int(cronjob.RetainCopies) {
+		return
+	}
+	for i := int(cronjob.RetainCopies); i < len(records); i++ {
+		if len(records[i].File) != 0 {
+			files := strings.Split(records[i].File, ",")
+			for _, file := range files {
+				_ = os.Remove(file)
+				_ = backupRepo.DeleteRecord(context.TODO(), backupRepo.WithByFileName(path.Base(file)))
+				if backType == "LOCAL" {
+					continue
 				}
-			}

-			_ = cronjobRepo.DeleteRecord(commonRepo.WithByID(uint(records[i].ID)))
-			_ = os.Remove(records[i].Records)
+				fileItem := file
+				if cronjob.KeepLocal {
+					if len(backupPath) != 0 {
+						itemPath := strings.TrimPrefix(backupPath, "/")
+						itemPath = strings.TrimSuffix(itemPath, "/") + "/"
+						fileItem = itemPath + strings.TrimPrefix(file, localDir+"/")
+					} else {
+						fileItem = strings.TrimPrefix(file, localDir+"/")
+					}
+				}
+				_, _ = backClient.Delete(fileItem)
+			}
 		}
+		_ = cronjobRepo.DeleteRecord(commonRepo.WithByID(uint(records[i].ID)))
+		_ = os.Remove(records[i].Records)
 	}
 }

@@ -197,6 +213,9 @@ func handleTar(sourceDir, targetDir, name, exclusionRules string) error {
 	if strings.Contains(sourceDir, "/") {
 		itemDir := strings.ReplaceAll(sourceDir[strings.LastIndex(sourceDir, "/"):], "/", "")
 		aheadDir := sourceDir[:strings.LastIndex(sourceDir, "/")]
+		if len(aheadDir) == 0 {
+			aheadDir = "/"
+		}
 		path += fmt.Sprintf("-C %s %s", aheadDir, itemDir)
 	} else {
 		path = sourceDir
@@ -204,7 +223,7 @@ func handleTar(sourceDir, targetDir, name, exclusionRules string) error {

 	commands := fmt.Sprintf("tar zcvf %s %s %s", targetDir+"/"+name, excludeRules, path)
 	global.LOG.Debug(commands)
-	stdout, err := cmd.ExecWithTimeOut(commands, 5*time.Minute)
+	stdout, err := cmd.ExecWithTimeOut(commands, 24*time.Hour)
 	if err != nil {
 		global.LOG.Errorf("do handle tar failed, stdout: %s, err: %v", stdout, err)
 		return errors.New(stdout)
@@ -221,7 +240,7 @@ func handleUnTar(sourceFile, targetDir string) error {

 	commands := fmt.Sprintf("tar zxvfC %s %s", sourceFile, targetDir)
 	global.LOG.Debug(commands)
-	stdout, err := cmd.ExecWithTimeOut(commands, 5*time.Minute)
+	stdout, err := cmd.ExecWithTimeOut(commands, 24*time.Hour)
 	if err != nil {
 		global.LOG.Errorf("do handle untar failed, stdout: %s, err: %v", stdout, err)
 		return errors.New(stdout)
@@ -229,22 +248,25 @@ func handleUnTar(sourceFile, targetDir string) error {
 	return nil
 }

-func (u *CronjobService) handleDatabase(cronjob model.Cronjob, app *repo.RootInfo, backup model.BackupAccount, startTime time.Time) ([]string, error) {
+func (u *CronjobService) handleDatabase(cronjob model.Cronjob, backup model.BackupAccount, startTime time.Time) ([]string, error) {
 	var paths []string
 	localDir, err := loadLocalDir()
 	if err != nil {
 		return paths, err
 	}

-	var dblist []string
+	var dbs []model.DatabaseMysql
 	if cronjob.DBName == "all" {
-		mysqlService := NewIMysqlService()
-		dblist, err = mysqlService.ListDBName()
+		dbs, err = mysqlRepo.List()
 		if err != nil {
 			return paths, err
 		}
 	} else {
-		dblist = append(dblist, cronjob.DBName)
+		itemID, _ := (strconv.Atoi(cronjob.DBName))
+		dbs, err = mysqlRepo.List(commonRepo.WithByID(uint(itemID)))
+		if err != nil {
+			return paths, err
+		}
 	}

 	var client cloud_storage.CloudStorageClient
@@ -255,27 +277,27 @@ func (u *CronjobService) handleDatabase(cronjob model.Cronjob, app *repo.RootInf
 		}
 	}

-	for _, dbName := range dblist {
+	for _, dbInfo := range dbs {
 		var record model.BackupRecord

 		record.Type = "mysql"
-		record.Name = app.Name
 		record.Source = "LOCAL"
 		record.BackupType = backup.Type

-		backupDir := fmt.Sprintf("%s/database/mysql/%s/%s", localDir, app.Name, dbName)
-		record.FileName = fmt.Sprintf("db_%s_%s.sql.gz", dbName, startTime.Format("20060102150405"))
-		if err = handleMysqlBackup(app, backupDir, dbName, record.FileName); err != nil {
+		record.Name = dbInfo.MysqlName
+		backupDir := path.Join(localDir, fmt.Sprintf("database/mysql/%s/%s", record.Name, dbInfo.Name))
+		record.FileName = fmt.Sprintf("db_%s_%s.sql.gz", dbInfo.Name, startTime.Format("20060102150405"))
+		if err = handleMysqlBackup(dbInfo.MysqlName, dbInfo.Name, backupDir, record.FileName); err != nil {
 			return paths, err
 		}
-		record.DetailName = dbName
+
+		record.DetailName = dbInfo.Name
 		record.FileDir = backupDir
-		itemFileDir := strings.ReplaceAll(backupDir, localDir+"/", "")
+		itemFileDir := strings.TrimPrefix(backupDir, localDir+"/")
 		if !cronjob.KeepLocal && backup.Type != "LOCAL" {
 			record.Source = backup.Type
 			record.FileDir = itemFileDir
 		}
-		paths = append(paths, fmt.Sprintf("%s/%s", record.FileDir, record.FileName))

 		if err := backupRepo.CreateRecord(&record); err != nil {
 			global.LOG.Errorf("save backup record failed, err: %v", err)
@@ -287,12 +309,22 @@ func (u *CronjobService) handleDatabase(cronjob model.Cronjob, app *repo.RootInf
 					_ = os.RemoveAll(fmt.Sprintf("%s/%s", backupDir, record.FileName))
 				}()
 			}
+			if len(backup.BackupPath) != 0 {
+				itemPath := strings.TrimPrefix(backup.BackupPath, "/")
+				itemPath = strings.TrimSuffix(itemPath, "/") + "/"
+				itemFileDir = itemPath + itemFileDir
+			}
 			if _, err = client.Upload(backupDir+"/"+record.FileName, itemFileDir+"/"+record.FileName); err != nil {
 				return paths, err
 			}
 		}
+		if backup.Type == "LOCAL" || cronjob.KeepLocal {
+			paths = append(paths, fmt.Sprintf("%s/%s", record.FileDir, record.FileName))
+		} else {
+			paths = append(paths, fmt.Sprintf("%s/%s", itemFileDir, record.FileName))
+		}
 	}
-	u.HandleRmExpired(backup.Type, localDir, &cronjob, client)
+	u.HandleRmExpired(backup.Type, backup.BackupPath, localDir, &cronjob, client)
 	return paths, nil
 }

@@ -327,10 +359,10 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 				wg.Done()
 				return
 			}
-			websiteLogDir := path.Join(baseDir, website.PrimaryDomain, "log")
+			websiteLogDir := path.Join(baseDir, website.Alias, "log")
 			srcAccessLogPath := path.Join(websiteLogDir, "access.log")
 			srcErrorLogPath := path.Join(websiteLogDir, "error.log")
-			dstLogDir := path.Join(global.CONF.System.Backup, "log", "website", website.PrimaryDomain)
+			dstLogDir := path.Join(global.CONF.System.Backup, "log", "website", website.Alias)
 			if !fileOp.Stat(dstLogDir) {
 				_ = os.MkdirAll(dstLogDir, 0755)
 			}
@@ -338,7 +370,7 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 			dstName := fmt.Sprintf("%s_log_%s.gz", website.PrimaryDomain, startTime.Format("20060102150405"))
 			filePaths = append(filePaths, path.Join(dstLogDir, dstName))
 			if err = fileOp.Compress([]string{srcAccessLogPath, srcErrorLogPath}, dstLogDir, dstName, files.Gz); err != nil {
-				global.LOG.Errorf("There was an error in compressing the website[%s] access.log", website.PrimaryDomain)
+				global.LOG.Errorf("There was an error in compressing the website[%s] access.log, err: %v", website.PrimaryDomain, err)
 			} else {
 				_ = fileOp.WriteFile(srcAccessLogPath, strings.NewReader(""), 0755)
 				_ = fileOp.WriteFile(srcErrorLogPath, strings.NewReader(""), 0755)
@@ -358,7 +390,7 @@ func (u *CronjobService) handleCutWebsiteLog(cronjob *model.Cronjob, startTime t
 		}()
 	}
 	wg.Wait()
-	u.HandleRmExpired("LOCAL", "", cronjob, nil)
+	u.HandleRmExpired("LOCAL", "", "", cronjob, nil)
 	return strings.Join(filePaths, ","), nil
 }

@@ -397,15 +429,14 @@ func (u *CronjobService) handleWebsite(cronjob model.Cronjob, backup model.Backu
 		if err != nil {
 			return paths, err
 		}
-		backupDir := fmt.Sprintf("%s/website/%s", localDir, website.PrimaryDomain)
+		backupDir := path.Join(localDir, fmt.Sprintf("website/%s", website.PrimaryDomain))
 		record.FileDir = backupDir
-		itemFileDir := strings.ReplaceAll(backupDir, localDir+"/", "")
+		itemFileDir := strings.TrimPrefix(backupDir, localDir+"/")
 		if !cronjob.KeepLocal && backup.Type != "LOCAL" {
 			record.Source = backup.Type
-			record.FileDir = strings.ReplaceAll(backupDir, localDir+"/", "")
+			record.FileDir = strings.TrimPrefix(backupDir, localDir+"/")
 		}
 		record.FileName = fmt.Sprintf("website_%s_%s.tar.gz", website.PrimaryDomain, startTime.Format("20060102150405"))
-		paths = append(paths, fmt.Sprintf("%s/%s", record.FileDir, record.FileName))
 		if err := handleWebsiteBackup(&website, backupDir, record.FileName); err != nil {
 			return paths, err
 		}
@@ -420,11 +451,21 @@ func (u *CronjobService) handleWebsite(cronjob model.Cronjob, backup model.Backu
 					_ = os.RemoveAll(fmt.Sprintf("%s/%s", backupDir, record.FileName))
 				}()
 			}
+			if len(backup.BackupPath) != 0 {
+				itemPath := strings.TrimPrefix(backup.BackupPath, "/")
+				itemPath = strings.TrimSuffix(itemPath, "/") + "/"
+				itemFileDir = itemPath + itemFileDir
+			}
 			if _, err = client.Upload(backupDir+"/"+record.FileName, itemFileDir+"/"+record.FileName); err != nil {
 				return paths, err
 			}
 		}
+		if backup.Type == "LOCAL" || cronjob.KeepLocal {
+			paths = append(paths, fmt.Sprintf("%s/%s", record.FileDir, record.FileName))
+		} else {
+			paths = append(paths, fmt.Sprintf("%s/%s", itemFileDir, record.FileName))
+		}
 	}
-	u.HandleRmExpired(backup.Type, localDir, &cronjob, client)
+	u.HandleRmExpired(backup.Type, backup.BackupPath, localDir, &cronjob, client)
 	return paths, nil
 }
--- a/backend/app/service/database_mysql.go
+++ b/backend/app/service/database_mysql.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"regexp"
 	"strconv"
 	"strings"
@@ -17,8 +18,11 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/1Panel-dev/1Panel/backend/utils/common"
 	"github.com/1Panel-dev/1Panel/backend/utils/compose"
+	"github.com/1Panel-dev/1Panel/backend/utils/mysql"
+	"github.com/1Panel-dev/1Panel/backend/utils/mysql/client"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/jinzhu/copier"
 	"github.com/pkg/errors"
@@ -27,9 +31,10 @@ import (
 type MysqlService struct{}

 type IMysqlService interface {
-	SearchWithPage(search dto.SearchWithPage) (int64, interface{}, error)
-	ListDBName() ([]string, error)
+	SearchWithPage(search dto.MysqlDBSearch) (int64, interface{}, error)
+	ListDBOption() ([]dto.MysqlOption, error)
 	Create(ctx context.Context, req dto.MysqlDBCreate) (*model.DatabaseMysql, error)
+	LoadFromRemote(from string) error
 	ChangeAccess(info dto.ChangeDBInfo) error
 	ChangePassword(info dto.ChangeDBInfo) error
 	UpdateVariables(updates []dto.MysqlVariablesUpdate) error
@@ -41,14 +46,20 @@ type IMysqlService interface {
 	LoadVariables() (*dto.MysqlVariables, error)
 	LoadBaseInfo() (*dto.DBBaseInfo, error)
 	LoadRemoteAccess() (bool, error)
+
+	LoadDatabaseFile(req dto.OperationWithNameAndType) (string, error)
 }

 func NewIMysqlService() IMysqlService {
 	return &MysqlService{}
 }

-func (u *MysqlService) SearchWithPage(search dto.SearchWithPage) (int64, interface{}, error) {
-	total, mysqls, err := mysqlRepo.Page(search.Page, search.PageSize, commonRepo.WithLikeName(search.Info))
+func (u *MysqlService) SearchWithPage(search dto.MysqlDBSearch) (int64, interface{}, error) {
+	total, mysqls, err := mysqlRepo.Page(search.Page, search.PageSize,
+		mysqlRepo.WithByFrom(search.From),
+		commonRepo.WithLikeName(search.Info),
+		commonRepo.WithOrderRuleBy(search.OrderBy, search.Order),
+	)
 	var dtoMysqls []dto.MysqlDBInfo
 	for _, mysql := range mysqls {
 		var item dto.MysqlDBInfo
@@ -60,55 +71,115 @@ func (u *MysqlService) SearchWithPage(search dto.SearchWithPage) (int64, interfa
 	return total, dtoMysqls, err
 }

-func (u *MysqlService) ListDBName() ([]string, error) {
+func (u *MysqlService) ListDBOption() ([]dto.MysqlOption, error) {
 	mysqls, err := mysqlRepo.List()
-	var dbNames []string
+	var dbs []dto.MysqlOption
 	for _, mysql := range mysqls {
-		dbNames = append(dbNames, mysql.Name)
+		var item dto.MysqlOption
+		if err := copier.Copy(&item, &mysql); err != nil {
+			return nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
+		}
+		dbs = append(dbs, item)
 	}
-	return dbNames, err
-}
-
-var formatMap = map[string]string{
-	"utf8":    "utf8_general_ci",
-	"utf8mb4": "utf8mb4_general_ci",
-	"gbk":     "gbk_chinese_ci",
-	"big5":    "big5_chinese_ci",
+	return dbs, err
 }

 func (u *MysqlService) Create(ctx context.Context, req dto.MysqlDBCreate) (*model.DatabaseMysql, error) {
-	if req.Username == "root" {
-		return nil, errors.New("Cannot set root as user name")
+	if cmd.CheckIllegal(req.Name, req.Username, req.Password, req.Format, req.Permission) {
+		return nil, buserr.New(constant.ErrCmdIllegal)
 	}
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-	if err != nil {
-		return nil, err
-	}
-	mysql, _ := mysqlRepo.Get(commonRepo.WithByName(req.Name))
+
+	mysql, _ := mysqlRepo.Get(commonRepo.WithByName(req.Name), remoteDBRepo.WithByFrom(req.From))
 	if mysql.ID != 0 {
 		return nil, constant.ErrRecordExist
 	}
-	if err := copier.Copy(&mysql, &req); err != nil {
+
+	var createItem model.DatabaseMysql
+	if err := copier.Copy(&createItem, &req); err != nil {
 		return nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
 	}

-	createSql := fmt.Sprintf("create database `%s` default character set %s collate %s", req.Name, req.Format, formatMap[req.Format])
-	if err := excSQL(app.ContainerName, app.Password, createSql); err != nil {
-		if strings.Contains(err.Error(), "ERROR 1007") {
-			return nil, buserr.New(constant.ErrDatabaseIsExist)
-		}
+	if req.From == "local" && req.Username == "root" {
+		return nil, errors.New("Cannot set root as user name")
+	}
+
+	cli, version, err := LoadMysqlClientByFrom(req.From)
+	if err != nil {
 		return nil, err
 	}
-	if err := u.createUser(app.ContainerName, app.Password, app.Version, req); err != nil {
+
+	if req.From == "local" {
+		app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+		if err != nil {
+			return nil, err
+		}
+		createItem.MysqlName = app.Name
+	} else {
+		createItem.MysqlName = req.From
+	}
+	defer cli.Close()
+	if err := cli.Create(client.CreateInfo{
+		Name:       req.Name,
+		Format:     req.Format,
+		Username:   req.Username,
+		Password:   req.Password,
+		Permission: req.Permission,
+		Version:    version,
+		Timeout:    300,
+	}); err != nil {
 		return nil, err
 	}

 	global.LOG.Infof("create database %s successful!", req.Name)
-	mysql.MysqlName = app.Name
-	if err := mysqlRepo.Create(ctx, &mysql); err != nil {
+	if err := mysqlRepo.Create(ctx, &createItem); err != nil {
 		return nil, err
 	}
-	return &mysql, nil
+	return &createItem, nil
+}
+
+func (u *MysqlService) LoadFromRemote(from string) error {
+	client, version, err := LoadMysqlClientByFrom(from)
+	if err != nil {
+		return err
+	}
+
+	mysqlName := from
+	if from == "local" {
+		app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+		if err != nil {
+			return err
+		}
+		mysqlName = app.Name
+	}
+
+	databases, err := mysqlRepo.List(remoteDBRepo.WithByFrom(from))
+	if err != nil {
+		return err
+	}
+	datas, err := client.SyncDB(version)
+	if err != nil {
+		return err
+	}
+	for _, data := range datas {
+		hasOld := false
+		for _, oldData := range databases {
+			if strings.EqualFold(oldData.Name, data.Name) {
+				hasOld = true
+				break
+			}
+		}
+		if !hasOld {
+			var createItem model.DatabaseMysql
+			if err := copier.Copy(&createItem, &data); err != nil {
+				return errors.WithMessage(constant.ErrStructTransform, err.Error())
+			}
+			createItem.MysqlName = mysqlName
+			if err := mysqlRepo.Create(context.Background(), &createItem); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
 }

 func (u *MysqlService) UpdateDescription(req dto.UpdateDescription) error {
@@ -117,46 +188,62 @@ func (u *MysqlService) UpdateDescription(req dto.UpdateDescription) error {

 func (u *MysqlService) DeleteCheck(id uint) ([]string, error) {
 	var appInUsed []string
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
-	if err != nil {
-		return appInUsed, err
-	}
-
 	db, err := mysqlRepo.Get(commonRepo.WithByID(id))
 	if err != nil {
 		return appInUsed, err
 	}

-	apps, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithLinkId(app.ID), appInstallResourceRepo.WithResourceId(db.ID))
-	for _, app := range apps {
-		appInstall, _ := appInstallRepo.GetFirst(commonRepo.WithByID(app.AppInstallId))
-		if appInstall.ID != 0 {
-			appInUsed = append(appInUsed, appInstall.Name)
+	if db.From == "local" {
+		app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+		if err != nil {
+			return appInUsed, err
+		}
+		apps, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithLinkId(app.ID), appInstallResourceRepo.WithResourceId(db.ID))
+		for _, app := range apps {
+			appInstall, _ := appInstallRepo.GetFirst(commonRepo.WithByID(app.AppInstallId))
+			if appInstall.ID != 0 {
+				appInUsed = append(appInUsed, appInstall.Name)
+			}
+		}
+	} else {
+		apps, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithResourceId(db.ID))
+		for _, app := range apps {
+			appInstall, _ := appInstallRepo.GetFirst(commonRepo.WithByID(app.AppInstallId))
+			if appInstall.ID != 0 {
+				appInUsed = append(appInUsed, appInstall.Name)
+			}
 		}
 	}
+
 	return appInUsed, nil
 }

 func (u *MysqlService) Delete(ctx context.Context, req dto.MysqlDBDelete) error {
+	db, err := mysqlRepo.Get(commonRepo.WithByID(req.ID))
+	if err != nil && !req.ForceDelete {
+		return err
+	}
+	cli, version, err := LoadMysqlClientByFrom(db.From)
+	if err != nil {
+		return err
+	}
+	defer cli.Close()
+	if err := cli.Delete(client.DeleteInfo{
+		Name:       db.Name,
+		Version:    version,
+		Username:   db.Username,
+		Permission: db.Permission,
+		Timeout:    300,
+	}); err != nil {
+		return err
+	}
+
 	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
 	if err != nil && !req.ForceDelete {
 		return err
 	}

-	db, err := mysqlRepo.Get(commonRepo.WithByID(req.ID))
-	if err != nil && !req.ForceDelete {
-		return err
-	}
-
-	if err := excSQL(app.ContainerName, app.Password, fmt.Sprintf("drop user if exists '%s'@'%s'", db.Username, db.Permission)); err != nil && !req.ForceDelete {
-		return err
-	}
-	if err := excSQL(app.ContainerName, app.Password, fmt.Sprintf("drop database if exists `%s`", db.Name)); err != nil && !req.ForceDelete {
-		return err
-	}
-	global.LOG.Info("execute delete database sql successful, now start to drop uploads and records")
-
-	uploadDir := fmt.Sprintf("%s/1panel/uploads/database/mysql/%s/%s", global.CONF.System.BaseDir, app.Name, db.Name)
+	uploadDir := path.Join(global.CONF.System.BaseDir, fmt.Sprintf("1panel/uploads/database/mysql/%s/%s", app.Name, db.Name))
 	if _, err := os.Stat(uploadDir); err == nil {
 		_ = os.RemoveAll(uploadDir)
 	}
@@ -165,7 +252,7 @@ func (u *MysqlService) Delete(ctx context.Context, req dto.MysqlDBDelete) error
 		if err != nil && !req.ForceDelete {
 			return err
 		}
-		backupDir := fmt.Sprintf("%s/database/mysql/%s/%s", localDir, db.MysqlName, db.Name)
+		backupDir := path.Join(localDir, fmt.Sprintf("database/mysql/%s/%s", db.MysqlName, db.Name))
 		if _, err := os.Stat(backupDir); err == nil {
 			_ = os.RemoveAll(backupDir)
 		}
@@ -178,27 +265,48 @@ func (u *MysqlService) Delete(ctx context.Context, req dto.MysqlDBDelete) error
 }

 func (u *MysqlService) ChangePassword(info dto.ChangeDBInfo) error {
-	var (
-		mysql model.DatabaseMysql
-		err   error
-	)
-	if info.ID != 0 {
-		mysql, err = mysqlRepo.Get(commonRepo.WithByID(info.ID))
-		if err != nil {
-			return err
-		}
+	if cmd.CheckIllegal(info.Value) {
+		return buserr.New(constant.ErrCmdIllegal)
 	}
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+	cli, version, err := LoadMysqlClientByFrom(info.From)
 	if err != nil {
 		return err
 	}
+	defer cli.Close()
+	var (
+		mysqlData    model.DatabaseMysql
+		passwordInfo client.PasswordChangeInfo
+	)
+	passwordInfo.Password = info.Value
+	passwordInfo.Timeout = 300
+	passwordInfo.Version = version

-	passwordChangeCMD := fmt.Sprintf("set password for '%s'@'%s' = password('%s')", mysql.Username, mysql.Permission, info.Value)
-	if !strings.HasPrefix(app.Version, "5.7") {
-		passwordChangeCMD = fmt.Sprintf("ALTER USER '%s'@'%s' IDENTIFIED WITH mysql_native_password BY '%s';", mysql.Username, mysql.Permission, info.Value)
-	}
 	if info.ID != 0 {
-		appRess, _ := appInstallResourceRepo.GetBy(appInstallResourceRepo.WithLinkId(app.ID), appInstallResourceRepo.WithResourceId(mysql.ID))
+		mysqlData, err = mysqlRepo.Get(commonRepo.WithByID(info.ID))
+		if err != nil {
+			return err
+		}
+		passwordInfo.Name = mysqlData.Name
+		passwordInfo.Username = mysqlData.Username
+		passwordInfo.Permission = mysqlData.Permission
+	} else {
+		passwordInfo.Username = "root"
+	}
+	if err := cli.ChangePassword(passwordInfo); err != nil {
+		return err
+	}
+
+	if info.ID != 0 {
+		var appRess []model.AppInstallResource
+		if info.From == "local" {
+			app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+			if err != nil {
+				return err
+			}
+			appRess, _ = appInstallResourceRepo.GetBy(appInstallResourceRepo.WithLinkId(app.ID), appInstallResourceRepo.WithResourceId(mysqlData.ID))
+		} else {
+			appRess, _ = appInstallResourceRepo.GetBy(appInstallResourceRepo.WithResourceId(mysqlData.ID))
+		}
 		for _, appRes := range appRess {
 			appInstall, err := appInstallRepo.GetFirst(commonRepo.WithByID(appRes.AppInstallId))
 			if err != nil {
@@ -214,29 +322,11 @@ func (u *MysqlService) ChangePassword(info dto.ChangeDBInfo) error {
 				return err
 			}
 		}
-		if err := excuteSql(app.ContainerName, app.Password, passwordChangeCMD); err != nil {
-			return err
-		}
 		global.LOG.Info("excute password change sql successful")
-		_ = mysqlRepo.Update(mysql.ID, map[string]interface{}{"password": info.Value})
+		_ = mysqlRepo.Update(mysqlData.ID, map[string]interface{}{"password": info.Value})
 		return nil
 	}

-	hosts, err := excuteSqlForRows(app.ContainerName, app.Password, "select host from mysql.user where user='root';")
-	if err != nil {
-		return err
-	}
-	for _, host := range hosts {
-		if host == "%" || host == "localhost" {
-			passwordRootChangeCMD := fmt.Sprintf("set password for 'root'@'%s' = password('%s')", host, info.Value)
-			if !strings.HasPrefix(app.Version, "5.7") {
-				passwordRootChangeCMD = fmt.Sprintf("alter user 'root'@'%s' identified with mysql_native_password BY '%s';", host, info.Value)
-			}
-			if err := excuteSql(app.ContainerName, app.Password, passwordRootChangeCMD); err != nil {
-				return err
-			}
-		}
-	}
 	if err := updateInstallInfoInDB("mysql", "", "password", false, info.Value); err != nil {
 		return err
 	}
@@ -247,65 +337,41 @@ func (u *MysqlService) ChangePassword(info dto.ChangeDBInfo) error {
 }

 func (u *MysqlService) ChangeAccess(info dto.ChangeDBInfo) error {
-	var (
-		mysql model.DatabaseMysql
-		err   error
-	)
-	if info.ID != 0 {
-		mysql, err = mysqlRepo.Get(commonRepo.WithByID(info.ID))
-		if err != nil {
-			return err
-		}
-		if info.Value == mysql.Permission {
-			return nil
-		}
+	if cmd.CheckIllegal(info.Value) {
+		return buserr.New(constant.ErrCmdIllegal)
 	}
-	app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+	cli, version, err := LoadMysqlClientByFrom(info.From)
 	if err != nil {
 		return err
 	}
-	if info.ID == 0 {
-		mysql.Name = "*"
-		mysql.Username = "root"
-		mysql.Permission = "%"
-		mysql.Password = app.Password
-	}
+	defer cli.Close()
+	var (
+		mysqlData  model.DatabaseMysql
+		accessInfo client.AccessChangeInfo
+	)
+	accessInfo.Permission = info.Value
+	accessInfo.Timeout = 300
+	accessInfo.Version = version

-	if info.Value != mysql.Permission {
-		var userlist []string
-		if strings.Contains(mysql.Permission, ",") {
-			userlist = strings.Split(mysql.Permission, ",")
-		} else {
-			userlist = append(userlist, mysql.Permission)
-		}
-		for _, user := range userlist {
-			if len(user) != 0 {
-				if err := excuteSql(app.ContainerName, app.Password, fmt.Sprintf("drop user if exists '%s'@'%s'", mysql.Username, user)); err != nil {
-					return err
-				}
-			}
-		}
-		if info.ID == 0 {
-			return nil
+	if info.ID != 0 {
+		mysqlData, err = mysqlRepo.Get(commonRepo.WithByID(info.ID))
+		if err != nil {
+			return err
 		}
+		accessInfo.Name = mysqlData.Name
+		accessInfo.Username = mysqlData.Username
+		accessInfo.Password = mysqlData.Password
+		accessInfo.OldPermission = mysqlData.Permission
+	} else {
+		accessInfo.Username = "root"
 	}
-
-	if err := u.createUser(app.ContainerName, app.Password, app.Version, dto.MysqlDBCreate{
-		Username:   mysql.Username,
-		Name:       mysql.Name,
-		Permission: info.Value,
-		Password:   mysql.Password,
-	}); err != nil {
+	if err := cli.ChangeAccess(accessInfo); err != nil {
 		return err
 	}
-	if err := excuteSql(app.ContainerName, app.Password, "flush privileges"); err != nil {
-		return err
-	}
-	if info.ID == 0 {
-		return nil
-	}

-	_ = mysqlRepo.Update(mysql.ID, map[string]interface{}{"permission": info.Value})
+	if mysqlData.ID != 0 {
+		_ = mysqlRepo.Update(mysqlData.ID, map[string]interface{}{"permission": info.Value})
+	}

 	return nil
 }
@@ -346,7 +412,7 @@ func (u *MysqlService) UpdateVariables(updates []dto.MysqlVariablesUpdate) error

 	group := "[mysqld]"
 	for _, info := range updates {
-		if !strings.HasPrefix(app.Version, "5.7") {
+		if !strings.HasPrefix(app.Version, "5.7") && !strings.HasPrefix(app.Version, "5.6") {
 			if info.Param == "query_cache_size" {
 				continue
 			}
@@ -469,51 +535,24 @@ func (u *MysqlService) LoadStatus() (*dto.MysqlStatus, error) {
 	return &info, nil
 }

-func (u *MysqlService) createUser(container, password, version string, req dto.MysqlDBCreate) error {
-	var userlist []string
-	if strings.Contains(req.Permission, ",") {
-		ips := strings.Split(req.Permission, ",")
-		for _, ip := range ips {
-			if len(ip) != 0 {
-				userlist = append(userlist, fmt.Sprintf("'%s'@'%s'", req.Username, ip))
-			}
-		}
-	} else {
-		userlist = append(userlist, fmt.Sprintf("'%s'@'%s'", req.Username, req.Permission))
+func (u *MysqlService) LoadDatabaseFile(req dto.OperationWithNameAndType) (string, error) {
+	filePath := ""
+	switch req.Type {
+	case "mysql-conf":
+		filePath = path.Join(global.CONF.System.DataDir, fmt.Sprintf("apps/mysql/%s/conf/my.cnf", req.Name))
+	case "redis-conf":
+		filePath = path.Join(global.CONF.System.DataDir, fmt.Sprintf("apps/redis/%s/conf/redis.conf", req.Name))
+	case "slow-logs":
+		filePath = path.Join(global.CONF.System.DataDir, fmt.Sprintf("apps/mysql/%s/data/1Panel-slow.log", req.Name))
 	}
-
-	for _, user := range userlist {
-		if err := excSQL(container, password, fmt.Sprintf("create user %s identified by '%s';", user, req.Password)); err != nil {
-			if strings.Contains(err.Error(), "ERROR 1396") {
-				handleCreateError(container, password, req.Name, userlist, false)
-				return buserr.New(constant.ErrUserIsExist)
-			}
-			handleCreateError(container, password, req.Name, userlist, true)
-			return err
-		}
-		grantStr := fmt.Sprintf("grant all privileges on `%s`.* to %s", req.Name, user)
-		if req.Name == "*" {
-			grantStr = fmt.Sprintf("grant all privileges on *.* to %s", user)
-		}
-		if strings.HasPrefix(version, "5.7") {
-			grantStr = fmt.Sprintf("%s identified by '%s' with grant option;", grantStr, req.Password)
-		}
-		if err := excSQL(container, password, grantStr); err != nil {
-			handleCreateError(container, password, req.Name, userlist, true)
-			return err
-		}
+	if _, err := os.Stat(filePath); err != nil {
+		return "", buserr.New("ErrHttpReqNotFound")
 	}
-	return nil
-}
-func handleCreateError(contaienr, password, dbName string, userlist []string, dropUser bool) {
-	_ = excSQL(contaienr, password, fmt.Sprintf("drop database `%s`", dbName))
-	if dropUser {
-		for _, user := range userlist {
-			if err := excSQL(contaienr, password, fmt.Sprintf("drop user if exists %s", user)); err != nil {
-				global.LOG.Errorf("drop user failed, err: %v", err)
-			}
-		}
+	content, err := os.ReadFile(filePath)
+	if err != nil {
+		return "", err
 	}
+	return string(content), nil
 }

 func excuteSqlForMaps(containerName, password, command string) (map[string]string, error) {
@@ -545,31 +584,6 @@ func excuteSqlForRows(containerName, password, command string) ([]string, error)
 	return strings.Split(stdStr, "\n"), nil
 }

-func excuteSql(containerName, password, command string) error {
-	cmd := exec.Command("docker", "exec", containerName, "mysql", "-uroot", "-p"+password, "-e", command)
-	stdout, err := cmd.CombinedOutput()
-	stdStr := strings.ReplaceAll(string(stdout), "mysql: [Warning] Using a password on the command line interface can be insecure.\n", "")
-	if err != nil || strings.HasPrefix(string(stdStr), "ERROR ") {
-		return errors.New(stdStr)
-	}
-	return nil
-}
-
-func excSQL(containerName, password, command string) error {
-	ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
-	defer cancel()
-	cmd := exec.CommandContext(ctx, "docker", "exec", containerName, "mysql", "-uroot", "-p"+password, "-e", command)
-	stdout, err := cmd.CombinedOutput()
-	if ctx.Err() == context.DeadlineExceeded {
-		return buserr.WithDetail(constant.ErrExecTimeOut, containerName, nil)
-	}
-	stdStr := strings.ReplaceAll(string(stdout), "mysql: [Warning] Using a password on the command line interface can be insecure.\n", "")
-	if err != nil || strings.HasPrefix(string(stdStr), "ERROR ") {
-		return errors.New(stdStr)
-	}
-	return nil
-}
-
 func updateMyCnf(oldFiles []string, group string, param string, value interface{}) []string {
 	isOn := false
 	hasGroup := false
@@ -610,3 +624,41 @@ func updateMyCnf(oldFiles []string, group string, param string, value interface{
 	}
 	return newFiles
 }
+
+func LoadMysqlClientByFrom(from string) (mysql.MysqlClient, string, error) {
+	var (
+		dbInfo  client.DBInfo
+		version string
+		err     error
+	)
+
+	dbInfo.From = from
+	dbInfo.Timeout = 300
+	if from != "local" {
+		databaseItem, err := remoteDBRepo.Get(commonRepo.WithByName(from))
+		if err != nil {
+			return nil, "", err
+		}
+		dbInfo.Address = databaseItem.Address
+		dbInfo.Port = databaseItem.Port
+		dbInfo.Username = databaseItem.Username
+		dbInfo.Password = databaseItem.Password
+		version = databaseItem.Version
+
+	} else {
+		app, err := appInstallRepo.LoadBaseInfo("mysql", "")
+		if err != nil {
+			return nil, "", err
+		}
+		dbInfo.Address = app.ContainerName
+		dbInfo.Username = "root"
+		dbInfo.Password = app.Password
+		version = app.Version
+	}
+
+	cli, err := mysql.NewMysqlClient(dbInfo)
+	if err != nil {
+		return nil, "", err
+	}
+	return cli, version, nil
+}
--- a/backend/app/service/database_redis.go
+++ b/backend/app/service/database_redis.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"strings"

@@ -163,7 +164,7 @@ func (u *RedisService) SearchBackupListWithPage(req dto.PageInfo) (int64, interf
 	if err != nil {
 		return 0, nil, err
 	}
-	backupDir := fmt.Sprintf("%s/database/redis/%s", localDir, redisInfo.Name)
+	backupDir := path.Join(localDir, fmt.Sprintf("database/redis/%s", redisInfo.Name))
 	_ = filepath.Walk(backupDir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return nil
--- a/backend/app/service/docker.go
+++ b/backend/app/service/docker.go
@@ -136,12 +136,14 @@ func (u *DockerService) UpdateConf(req dto.SettingUpdate) error {

 	switch req.Key {
 	case "Registries":
+		req.Value = strings.TrimSuffix(req.Value, ",")
 		if len(req.Value) == 0 {
 			delete(daemonMap, "insecure-registries")
 		} else {
 			daemonMap["insecure-registries"] = strings.Split(req.Value, ",")
 		}
 	case "Mirrors":
+		req.Value = strings.TrimSuffix(req.Value, ",")
 		if len(req.Value) == 0 {
 			delete(daemonMap, "registry-mirrors")
 		} else {
--- a/backend/app/service/entry.go
+++ b/backend/app/service/entry.go
@@ -12,7 +12,8 @@ var (
 	appInstallRepo         = repo.NewIAppInstallRepo()
 	appInstallResourceRepo = repo.NewIAppInstallResourceRpo()

-	mysqlRepo = repo.NewIMysqlRepo()
+	mysqlRepo    = repo.NewIMysqlRepo()
+	remoteDBRepo = repo.NewIRemoteDBRepo()

 	imageRepoRepo = repo.NewIImageRepoRepo()
 	composeRepo   = repo.NewIComposeTemplateRepo()
--- a/backend/app/service/firewall.go
+++ b/backend/app/service/firewall.go
@@ -304,7 +304,6 @@ func OperateFirewallPort(oldPorts, newPorts []int) error {
 		return err
 	}
 	for _, port := range newPorts {
-
 		if err := client.Port(fireClient.FireInfo{Port: strconv.Itoa(port), Protocol: "tcp", Strategy: "accept"}, "add"); err != nil {
 			return err
 		}
--- a/backend/app/service/host.go
+++ b/backend/app/service/host.go
@@ -7,6 +7,7 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
 	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/utils/encrypt"
 	"github.com/1Panel-dev/1Panel/backend/utils/ssh"
 	"github.com/jinzhu/copier"
 	"github.com/pkg/errors"
@@ -23,6 +24,8 @@ type IHostService interface {
 	Create(hostDto dto.HostOperate) (*dto.HostInfo, error)
 	Update(id uint, upMap map[string]interface{}) error
 	Delete(id []uint) error
+
+	EncryptHost(itemVal string) (string, error)
 }

 func NewIHostService() IHostService {
@@ -89,8 +92,25 @@ func (u *HostService) TestLocalConn(id uint) bool {
 	if err := copier.Copy(&connInfo, &host); err != nil {
 		return false
 	}
-	connInfo.PrivateKey = []byte(host.PrivateKey)
+	if len(host.Password) != 0 {
+		host.Password, err = encrypt.StringDecrypt(host.Password)
+		if err != nil {
+			return false
+		}
+		connInfo.Password = host.Password
+	}
+	if len(host.PrivateKey) != 0 {
+		host.PrivateKey, err = encrypt.StringDecrypt(host.PrivateKey)
+		if err != nil {
+			return false
+		}
+		connInfo.PrivateKey = []byte(host.PrivateKey)
+	}
 	if len(host.PassPhrase) != 0 {
+		host.PassPhrase, err = encrypt.StringDecrypt(host.PassPhrase)
+		if err != nil {
+			return false
+		}
 		connInfo.PassPhrase = []byte(host.PassPhrase)
 	}
 	client, err := connInfo.NewClient()
@@ -107,6 +127,25 @@ func (u *HostService) GetHostInfo(id uint) (*model.Host, error) {
 	if err != nil {
 		return nil, constant.ErrRecordNotFound
 	}
+	if len(host.Password) != 0 {
+		host.Password, err = encrypt.StringDecrypt(host.Password)
+		if err != nil {
+			return nil, err
+		}
+	}
+	if len(host.PrivateKey) != 0 {
+		host.PrivateKey, err = encrypt.StringDecrypt(host.PrivateKey)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if len(host.PassPhrase) != 0 {
+		host.PassPhrase, err = encrypt.StringDecrypt(host.PassPhrase)
+		if err != nil {
+			return nil, err
+		}
+	}
 	return &host, err
 }

@@ -127,6 +166,25 @@ func (u *HostService) SearchWithPage(search dto.SearchHostWithPage) (int64, inte
 			item.Password = ""
 			item.PrivateKey = ""
 			item.PassPhrase = ""
+		} else {
+			if len(host.Password) != 0 {
+				item.Password, err = encrypt.StringDecrypt(host.Password)
+				if err != nil {
+					return 0, nil, err
+				}
+			}
+			if len(host.PrivateKey) != 0 {
+				item.PrivateKey, err = encrypt.StringDecrypt(host.PrivateKey)
+				if err != nil {
+					return 0, nil, err
+				}
+			}
+			if len(host.PassPhrase) != 0 {
+				item.PassPhrase, err = encrypt.StringDecrypt(host.PassPhrase)
+				if err != nil {
+					return 0, nil, err
+				}
+			}
 		}
 		dtoHosts = append(dtoHosts, item)
 	}
@@ -164,6 +222,28 @@ func (u *HostService) SearchForTree(search dto.SearchForTree) ([]dto.HostTree, e
 }

 func (u *HostService) Create(req dto.HostOperate) (*dto.HostInfo, error) {
+	var err error
+	if len(req.Password) != 0 && req.AuthMode == "password" {
+		req.Password, err = u.EncryptHost(req.Password)
+		if err != nil {
+			return nil, err
+		}
+		req.PrivateKey = ""
+		req.PassPhrase = ""
+	}
+	if len(req.PrivateKey) != 0 && req.AuthMode == "key" {
+		req.PrivateKey, err = u.EncryptHost(req.PrivateKey)
+		if err != nil {
+			return nil, err
+		}
+		if len(req.PassPhrase) != 0 {
+			req.PassPhrase, err = encrypt.StringEncrypt(req.PassPhrase)
+			if err != nil {
+				return nil, err
+			}
+		}
+		req.Password = ""
+	}
 	var host model.Host
 	if err := copier.Copy(&host, &req); err != nil {
 		return nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
@@ -234,3 +314,12 @@ func (u *HostService) Delete(ids []uint) error {
 func (u *HostService) Update(id uint, upMap map[string]interface{}) error {
 	return hostRepo.Update(id, upMap)
 }
+
+func (u *HostService) EncryptHost(itemVal string) (string, error) {
+	privateKey, err := base64.StdEncoding.DecodeString(itemVal)
+	if err != nil {
+		return "", err
+	}
+	keyItem, err := encrypt.StringEncrypt(string(privateKey))
+	return keyItem, err
+}
--- a/backend/app/service/host_tool.go
+++ b/backend/app/service/host_tool.go
@@ -0,0 +1,556 @@
+package service
+
+import (
+	"bytes"
+	"fmt"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
+	"github.com/1Panel-dev/1Panel/backend/app/dto/response"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/global"
+	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
+	"github.com/1Panel-dev/1Panel/backend/utils/files"
+	"github.com/1Panel-dev/1Panel/backend/utils/ini_conf"
+	"github.com/1Panel-dev/1Panel/backend/utils/systemctl"
+	"github.com/pkg/errors"
+	"gopkg.in/ini.v1"
+	"os/exec"
+	"os/user"
+	"path"
+	"strconv"
+	"strings"
+)
+
+type HostToolService struct{}
+
+type IHostToolService interface {
+	GetToolStatus(req request.HostToolReq) (*response.HostToolRes, error)
+	CreateToolConfig(req request.HostToolCreate) error
+	OperateTool(req request.HostToolReq) error
+	OperateToolConfig(req request.HostToolConfig) (*response.HostToolConfig, error)
+	GetToolLog(req request.HostToolLogReq) (string, error)
+	OperateSupervisorProcess(req request.SupervisorProcessConfig) error
+	GetSupervisorProcessConfig() ([]response.SupervisorProcessConfig, error)
+	OperateSupervisorProcessFile(req request.SupervisorProcessFileReq) (string, error)
+}
+
+func NewIHostToolService() IHostToolService {
+	return &HostToolService{}
+}
+
+func (h *HostToolService) GetToolStatus(req request.HostToolReq) (*response.HostToolRes, error) {
+	res := &response.HostToolRes{}
+	res.Type = req.Type
+	switch req.Type {
+	case constant.Supervisord:
+		supervisorConfig := &response.Supervisor{}
+		if !cmd.Which(constant.Supervisord) {
+			supervisorConfig.IsExist = false
+			res.Config = supervisorConfig
+			return res, nil
+		}
+		supervisorConfig.IsExist = true
+		serviceExist, _ := systemctl.IsExist(constant.Supervisord)
+		if !serviceExist {
+			serviceExist, _ = systemctl.IsExist(constant.Supervisor)
+			if !serviceExist {
+				supervisorConfig.IsExist = false
+				res.Config = supervisorConfig
+				return res, nil
+			} else {
+				supervisorConfig.ServiceName = constant.Supervisor
+			}
+		} else {
+			supervisorConfig.ServiceName = constant.Supervisord
+		}
+
+		serviceNameSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorServiceName))
+		if serviceNameSet.ID != 0 || serviceNameSet.Value != "" {
+			supervisorConfig.ServiceName = serviceNameSet.Value
+		}
+
+		versionRes, _ := cmd.Exec("supervisord -v")
+		supervisorConfig.Version = strings.TrimSuffix(versionRes, "\n")
+		_, ctlRrr := exec.LookPath("supervisorctl")
+		supervisorConfig.CtlExist = ctlRrr == nil
+
+		active, _ := systemctl.IsActive(supervisorConfig.ServiceName)
+		if active {
+			supervisorConfig.Status = "running"
+		} else {
+			supervisorConfig.Status = "stopped"
+		}
+
+		pathSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorConfigPath))
+		if pathSet.ID != 0 || pathSet.Value != "" {
+			supervisorConfig.ConfigPath = pathSet.Value
+			res.Config = supervisorConfig
+			return res, nil
+		} else {
+			supervisorConfig.Init = true
+		}
+
+		servicePath := "/usr/lib/systemd/system/supervisor.service"
+		fileOp := files.NewFileOp()
+		if !fileOp.Stat(servicePath) {
+			servicePath = "/usr/lib/systemd/system/supervisord.service"
+		}
+		if fileOp.Stat(servicePath) {
+			startCmd, _ := ini_conf.GetIniValue(servicePath, "Service", "ExecStart")
+			if startCmd != "" {
+				args := strings.Fields(startCmd)
+				cIndex := -1
+				for i, arg := range args {
+					if arg == "-c" {
+						cIndex = i
+						break
+					}
+				}
+				if cIndex != -1 && cIndex+1 < len(args) {
+					supervisorConfig.ConfigPath = args[cIndex+1]
+				}
+			}
+		}
+		if supervisorConfig.ConfigPath == "" {
+			configPath := "/etc/supervisord.conf"
+			if !fileOp.Stat(configPath) {
+				configPath = "/etc/supervisor/supervisord.conf"
+				if fileOp.Stat(configPath) {
+					supervisorConfig.ConfigPath = configPath
+				}
+			}
+		}
+
+		res.Config = supervisorConfig
+	}
+	return res, nil
+}
+
+func (h *HostToolService) CreateToolConfig(req request.HostToolCreate) error {
+	switch req.Type {
+	case constant.Supervisord:
+		fileOp := files.NewFileOp()
+		if !fileOp.Stat(req.ConfigPath) {
+			return buserr.New("ErrConfigNotFound")
+		}
+		cfg, err := ini.Load(req.ConfigPath)
+		if err != nil {
+			return err
+		}
+		service, err := cfg.GetSection("include")
+		if err != nil {
+			return err
+		}
+		targetKey, err := service.GetKey("files")
+		if err != nil {
+			return err
+		}
+		if targetKey != nil {
+			_, err = service.NewKey(";files", targetKey.Value())
+			if err != nil {
+				return err
+			}
+		}
+		supervisorDir := path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord")
+		includeDir := path.Join(supervisorDir, "supervisor.d")
+		if !fileOp.Stat(includeDir) {
+			if err = fileOp.CreateDir(includeDir, 0755); err != nil {
+				return err
+			}
+		}
+		logDir := path.Join(supervisorDir, "log")
+		if !fileOp.Stat(logDir) {
+			if err = fileOp.CreateDir(logDir, 0755); err != nil {
+				return err
+			}
+		}
+		includePath := path.Join(includeDir, "*.ini")
+		targetKey.SetValue(includePath)
+		if err = cfg.SaveTo(req.ConfigPath); err != nil {
+			return err
+		}
+
+		serviceNameSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorServiceName))
+		if serviceNameSet.ID != 0 {
+			if err = settingRepo.Update(constant.SupervisorServiceName, req.ServiceName); err != nil {
+				return err
+			}
+		} else {
+			if err = settingRepo.Create(constant.SupervisorServiceName, req.ServiceName); err != nil {
+				return err
+			}
+		}
+
+		configPathSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorConfigPath))
+		if configPathSet.ID != 0 {
+			if err = settingRepo.Update(constant.SupervisorConfigPath, req.ConfigPath); err != nil {
+				return err
+			}
+		} else {
+			if err = settingRepo.Create(constant.SupervisorConfigPath, req.ConfigPath); err != nil {
+				return err
+			}
+		}
+		if err = systemctl.Restart(req.ServiceName); err != nil {
+			global.LOG.Errorf("[init] restart %s failed err %s", req.ServiceName, err.Error())
+			return err
+		}
+	}
+	return nil
+}
+
+func (h *HostToolService) OperateTool(req request.HostToolReq) error {
+	serviceName := req.Type
+	if req.Type == constant.Supervisord {
+		serviceNameSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorServiceName))
+		if serviceNameSet.ID != 0 || serviceNameSet.Value != "" {
+			serviceName = serviceNameSet.Value
+		}
+	}
+	return systemctl.Operate(req.Operate, serviceName)
+}
+
+func (h *HostToolService) OperateToolConfig(req request.HostToolConfig) (*response.HostToolConfig, error) {
+	fileOp := files.NewFileOp()
+	res := &response.HostToolConfig{}
+	configPath := ""
+	serviceName := "supervisord"
+	switch req.Type {
+	case constant.Supervisord:
+		pathSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorConfigPath))
+		if pathSet.ID != 0 || pathSet.Value != "" {
+			configPath = pathSet.Value
+		}
+		serviceNameSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorServiceName))
+		if serviceNameSet.ID != 0 || serviceNameSet.Value != "" {
+			serviceName = serviceNameSet.Value
+		}
+	}
+	switch req.Operate {
+	case "get":
+		content, err := fileOp.GetContent(configPath)
+		if err != nil {
+			return nil, err
+		}
+		res.Content = string(content)
+	case "set":
+		file, err := fileOp.OpenFile(configPath)
+		if err != nil {
+			return nil, err
+		}
+		oldContent, err := fileOp.GetContent(configPath)
+		if err != nil {
+			return nil, err
+		}
+		fileInfo, err := file.Stat()
+		if err != nil {
+			return nil, err
+		}
+		if err = fileOp.WriteFile(configPath, strings.NewReader(req.Content), fileInfo.Mode()); err != nil {
+			return nil, err
+		}
+		if err = systemctl.Restart(serviceName); err != nil {
+			_ = fileOp.WriteFile(configPath, bytes.NewReader(oldContent), fileInfo.Mode())
+			return nil, err
+		}
+	}
+
+	return res, nil
+}
+
+func (h *HostToolService) GetToolLog(req request.HostToolLogReq) (string, error) {
+	fileOp := files.NewFileOp()
+	logfilePath := ""
+	switch req.Type {
+	case constant.Supervisord:
+		configPath := "/etc/supervisord.conf"
+		pathSet, _ := settingRepo.Get(settingRepo.WithByKey(constant.SupervisorConfigPath))
+		if pathSet.ID != 0 || pathSet.Value != "" {
+			configPath = pathSet.Value
+		}
+		logfilePath, _ = ini_conf.GetIniValue(configPath, "supervisord", "logfile")
+	}
+	oldContent, err := fileOp.GetContent(logfilePath)
+	if err != nil {
+		return "", err
+	}
+	return string(oldContent), nil
+}
+
+func (h *HostToolService) OperateSupervisorProcess(req request.SupervisorProcessConfig) error {
+	var (
+		supervisordDir = path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord")
+		logDir         = path.Join(supervisordDir, "log")
+		includeDir     = path.Join(supervisordDir, "supervisor.d")
+		outLog         = path.Join(logDir, fmt.Sprintf("%s.out.log", req.Name))
+		errLog         = path.Join(logDir, fmt.Sprintf("%s.err.log", req.Name))
+		iniPath        = path.Join(includeDir, fmt.Sprintf("%s.ini", req.Name))
+		fileOp         = files.NewFileOp()
+	)
+	if req.Operate == "update" || req.Operate == "create" {
+		if !fileOp.Stat(req.Dir) {
+			return buserr.New("ErrConfigDirNotFound")
+		}
+		_, err := user.Lookup(req.User)
+		if err != nil {
+			return buserr.WithMap("ErrUserFindErr", map[string]interface{}{"name": req.User, "err": err.Error()}, err)
+		}
+	}
+
+	switch req.Operate {
+	case "create":
+		if fileOp.Stat(iniPath) {
+			return buserr.New("ErrConfigAlreadyExist")
+		}
+		configFile := ini.Empty()
+		section, err := configFile.NewSection(fmt.Sprintf("program:%s", req.Name))
+		if err != nil {
+			return err
+		}
+		_, _ = section.NewKey("command", req.Command)
+		_, _ = section.NewKey("directory", req.Dir)
+		_, _ = section.NewKey("autorestart", "true")
+		_, _ = section.NewKey("startsecs", "3")
+		_, _ = section.NewKey("stdout_logfile", outLog)
+		_, _ = section.NewKey("stderr_logfile", errLog)
+		_, _ = section.NewKey("stdout_logfile_maxbytes", "2MB")
+		_, _ = section.NewKey("stderr_logfile_maxbytes", "2MB")
+		_, _ = section.NewKey("user", req.User)
+		_, _ = section.NewKey("priority", "999")
+		_, _ = section.NewKey("numprocs", req.Numprocs)
+		_, _ = section.NewKey("process_name", "%(program_name)s_%(process_num)02d")
+
+		if err = configFile.SaveTo(iniPath); err != nil {
+			return err
+		}
+		return operateSupervisorCtl("reload", "", "")
+	case "update":
+		configFile, err := ini.Load(iniPath)
+		if err != nil {
+			return err
+		}
+		section, err := configFile.GetSection(fmt.Sprintf("program:%s", req.Name))
+		if err != nil {
+			return err
+		}
+
+		commandKey := section.Key("command")
+		commandKey.SetValue(req.Command)
+		directoryKey := section.Key("directory")
+		directoryKey.SetValue(req.Dir)
+		userKey := section.Key("user")
+		userKey.SetValue(req.User)
+		numprocsKey := section.Key("numprocs")
+		numprocsKey.SetValue(req.Numprocs)
+
+		if err = configFile.SaveTo(iniPath); err != nil {
+			return err
+		}
+		return operateSupervisorCtl("reload", "", "")
+	case "restart":
+		return operateSupervisorCtl("restart", req.Name, "")
+	case "start":
+		return operateSupervisorCtl("start", req.Name, "")
+	case "stop":
+		return operateSupervisorCtl("stop", req.Name, "")
+	case "delete":
+		_ = operateSupervisorCtl("remove", "", req.Name)
+		_ = files.NewFileOp().DeleteFile(iniPath)
+		_ = files.NewFileOp().DeleteFile(outLog)
+		_ = files.NewFileOp().DeleteFile(errLog)
+		_ = operateSupervisorCtl("reload", "", "")
+	}
+
+	return nil
+}
+
+func (h *HostToolService) GetSupervisorProcessConfig() ([]response.SupervisorProcessConfig, error) {
+	var (
+		result []response.SupervisorProcessConfig
+	)
+	configDir := path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord", "supervisor.d")
+	fileList, _ := NewIFileService().GetFileList(request.FileOption{FileOption: files.FileOption{Path: configDir, Expand: true, Page: 1, PageSize: 100}})
+	if len(fileList.Items) == 0 {
+		return result, nil
+	}
+	for _, configFile := range fileList.Items {
+		f, err := ini.Load(configFile.Path)
+		if err != nil {
+			global.LOG.Errorf("get %s file err %s", configFile.Name, err.Error())
+			continue
+		}
+		if strings.HasSuffix(configFile.Name, ".ini") {
+			config := response.SupervisorProcessConfig{}
+			name := strings.TrimSuffix(configFile.Name, ".ini")
+			config.Name = name
+			section, err := f.GetSection(fmt.Sprintf("program:%s", name))
+			if err != nil {
+				global.LOG.Errorf("get %s file section err %s", configFile.Name, err.Error())
+				continue
+			}
+			if command, _ := section.GetKey("command"); command != nil {
+				config.Command = command.Value()
+			}
+			if directory, _ := section.GetKey("directory"); directory != nil {
+				config.Dir = directory.Value()
+			}
+			if user, _ := section.GetKey("user"); user != nil {
+				config.User = user.Value()
+			}
+			if numprocs, _ := section.GetKey("numprocs"); numprocs != nil {
+				config.Numprocs = numprocs.Value()
+			}
+			_ = getProcessStatus(&config)
+			result = append(result, config)
+		}
+	}
+	return result, nil
+}
+
+func (h *HostToolService) OperateSupervisorProcessFile(req request.SupervisorProcessFileReq) (string, error) {
+	var (
+		fileOp     = files.NewFileOp()
+		group      = fmt.Sprintf("program:%s", req.Name)
+		configPath = path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord", "supervisor.d", fmt.Sprintf("%s.ini", req.Name))
+	)
+	switch req.File {
+	case "err.log":
+		logPath, err := ini_conf.GetIniValue(configPath, group, "stderr_logfile")
+		if err != nil {
+			return "", err
+		}
+		switch req.Operate {
+		case "get":
+			content, err := fileOp.GetContent(logPath)
+			if err != nil {
+				return "", err
+			}
+			return string(content), nil
+		case "clear":
+			if err = fileOp.WriteFile(logPath, strings.NewReader(""), 0755); err != nil {
+				return "", err
+			}
+		}
+
+	case "out.log":
+		logPath, err := ini_conf.GetIniValue(configPath, group, "stdout_logfile")
+		if err != nil {
+			return "", err
+		}
+		switch req.Operate {
+		case "get":
+			content, err := fileOp.GetContent(logPath)
+			if err != nil {
+				return "", err
+			}
+			return string(content), nil
+		case "clear":
+			if err = fileOp.WriteFile(logPath, strings.NewReader(""), 0755); err != nil {
+				return "", err
+			}
+		}
+
+	case "config":
+		switch req.Operate {
+		case "get":
+			content, err := fileOp.GetContent(configPath)
+			if err != nil {
+				return "", err
+			}
+			return string(content), nil
+		case "update":
+			if req.Content == "" {
+				return "", buserr.New("ErrConfigIsNull")
+			}
+			if err := fileOp.WriteFile(configPath, strings.NewReader(req.Content), 0755); err != nil {
+				return "", err
+			}
+			return "", operateSupervisorCtl("update", "", req.Name)
+		}
+
+	}
+	return "", nil
+}
+
+func operateSupervisorCtl(operate, name, group string) error {
+	processNames := []string{operate}
+	if name != "" {
+		includeDir := path.Join(global.CONF.System.BaseDir, "1panel", "tools", "supervisord", "supervisor.d")
+		f, err := ini.Load(path.Join(includeDir, fmt.Sprintf("%s.ini", name)))
+		if err != nil {
+			return err
+		}
+		section, err := f.GetSection(fmt.Sprintf("program:%s", name))
+		if err != nil {
+			return err
+		}
+		numprocsNum := ""
+		if numprocs, _ := section.GetKey("numprocs"); numprocs != nil {
+			numprocsNum = numprocs.Value()
+		}
+		if numprocsNum == "" {
+			return buserr.New("ErrConfigParse")
+		}
+		processNames = append(processNames, getProcessName(name, numprocsNum)...)
+	}
+	if group != "" {
+		processNames = append(processNames, group)
+	}
+
+	output, err := exec.Command("supervisorctl", processNames...).Output()
+	if err != nil {
+		if output != nil {
+			return errors.New(string(output))
+		}
+		return err
+	}
+	return nil
+}
+
+func getProcessName(name, numprocs string) []string {
+	var (
+		processNames []string
+	)
+	num, err := strconv.Atoi(numprocs)
+	if err != nil {
+		return processNames
+	}
+	if num == 1 {
+		processNames = append(processNames, fmt.Sprintf("%s:%s_00", name, name))
+	} else {
+		for i := 0; i < num; i++ {
+			processName := fmt.Sprintf("%s:%s_0%s", name, name, strconv.Itoa(i))
+			if i >= 10 {
+				processName = fmt.Sprintf("%s:%s_%s", name, name, strconv.Itoa(i))
+			}
+			processNames = append(processNames, processName)
+		}
+	}
+	return processNames
+}
+
+func getProcessStatus(config *response.SupervisorProcessConfig) error {
+	var (
+		processNames = []string{"status"}
+	)
+	processNames = append(processNames, getProcessName(config.Name, config.Numprocs)...)
+	output, _ := exec.Command("supervisorctl", processNames...).Output()
+	lines := strings.Split(string(output), "\n")
+	for _, line := range lines {
+		fields := strings.Fields(line)
+		if len(fields) >= 5 {
+			status := response.ProcessStatus{
+				Name:   fields[0],
+				Status: fields[1],
+			}
+			if fields[1] == "RUNNING" {
+				status.PID = strings.TrimSuffix(fields[3], ",")
+				status.Uptime = fields[5]
+			} else {
+				status.Msg = strings.Join(fields[2:], " ")
+			}
+			config.Status = append(config.Status, status)
+		}
+	}
+	return nil
+}
--- a/backend/app/service/image.go
+++ b/backend/app/service/image.go
@@ -123,6 +123,7 @@ func (u *ImageService) ImageBuild(req dto.ImageBuild) (string, error) {
 		return "", err
 	}
 	fileName := "Dockerfile"
+	dockerLogDir := path.Join(global.CONF.System.TmpDir, "docker_logs")
 	if req.From == "edit" {
 		dir := fmt.Sprintf("%s/docker/build/%s", constant.DataDir, strings.ReplaceAll(req.Name, ":", "_"))
 		if _, err := os.Stat(dir); err != nil && os.IsNotExist(err) {
@@ -156,10 +157,9 @@ func (u *ImageService) ImageBuild(req dto.ImageBuild) (string, error) {
 		Remove:     true,
 		Labels:     stringsToMap(req.Tags),
 	}
-	logName := fmt.Sprintf("%s/build.log", req.Dockerfile)

-	pathItem := logName
-	file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+	logItem := fmt.Sprintf("%s/image_build_%s_%s.log", dockerLogDir, strings.ReplaceAll(req.Name, ":", "_"), time.Now().Format("20060102150405"))
+	file, err := os.OpenFile(logItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
 		return "", err
 	}
@@ -192,7 +192,7 @@ func (u *ImageService) ImageBuild(req dto.ImageBuild) (string, error) {
 		_, _ = file.WriteString("image build successful!")
 	}()

-	return logName, nil
+	return path.Base(logItem), nil
 }

 func (u *ImageService) ImagePull(req dto.ImagePull) (string, error) {
@@ -200,15 +200,15 @@ func (u *ImageService) ImagePull(req dto.ImagePull) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	dockerLogDir := global.CONF.System.TmpDir + "/docker_logs"
+	dockerLogDir := path.Join(global.CONF.System.TmpDir, "docker_logs")
 	if _, err := os.Stat(dockerLogDir); err != nil && os.IsNotExist(err) {
 		if err = os.MkdirAll(dockerLogDir, os.ModePerm); err != nil {
 			return "", err
 		}
 	}
 	imageItemName := strings.ReplaceAll(path.Base(req.ImageName), ":", "_")
-	pathItem := fmt.Sprintf("%s/image_pull_%s_%s.log", dockerLogDir, imageItemName, time.Now().Format("20060102150405"))
-	file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+	logItem := fmt.Sprintf("%s/image_pull_%s_%s.log", dockerLogDir, imageItemName, time.Now().Format("20060102150405"))
+	file, err := os.OpenFile(logItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
 		return "", err
 	}
@@ -224,7 +224,7 @@ func (u *ImageService) ImagePull(req dto.ImagePull) (string, error) {
 			global.LOG.Infof("pull image %s successful!", req.ImageName)
 			_, _ = io.Copy(file, out)
 		}()
-		return pathItem, nil
+		return path.Base(logItem), nil
 	}
 	repo, err := imageRepoRepo.Get(commonRepo.WithByID(req.RepoID))
 	if err != nil {
@@ -257,7 +257,7 @@ func (u *ImageService) ImagePull(req dto.ImagePull) (string, error) {
 		_, _ = io.Copy(file, out)
 		_, _ = file.WriteString("image pull successful!")
 	}()
-	return pathItem, nil
+	return path.Base(logItem), nil
 }

 func (u *ImageService) ImageLoad(req dto.ImageLoad) error {
@@ -354,8 +354,8 @@ func (u *ImageService) ImagePush(req dto.ImagePush) (string, error) {
 		}
 	}
 	imageItemName := strings.ReplaceAll(path.Base(req.Name), ":", "_")
-	pathItem := fmt.Sprintf("%s/image_push_%s_%s.log", dockerLogDir, imageItemName, time.Now().Format("20060102150405"))
-	file, err := os.OpenFile(pathItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
+	logItem := fmt.Sprintf("%s/image_push_%s_%s.log", dockerLogDir, imageItemName, time.Now().Format("20060102150405"))
+	file, err := os.OpenFile(logItem, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666)
 	if err != nil {
 		return "", err
 	}
@@ -373,7 +373,7 @@ func (u *ImageService) ImagePush(req dto.ImagePush) (string, error) {
 		_, _ = file.WriteString("image push successful!")
 	}()

-	return pathItem, nil
+	return path.Base(logItem), nil
 }

 func (u *ImageService) ImageRemove(req dto.BatchDelete) error {
--- a/backend/app/service/image_repo.go
+++ b/backend/app/service/image_repo.go
@@ -3,12 +3,14 @@ package service
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"path"
 	"strings"
 	"time"

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
@@ -76,6 +78,9 @@ func (u *ImageRepoService) List() ([]dto.ImageRepoOption, error) {
 }

 func (u *ImageRepoService) Create(req dto.ImageRepoCreate) error {
+	if cmd.CheckIllegal(req.Username, req.Password, req.DownloadUrl) {
+		return buserr.New(constant.ErrCmdIllegal)
+	}
 	imageRepo, _ := imageRepoRepo.Get(commonRepo.WithByName(req.Name))
 	if imageRepo.ID != 0 {
 		return constant.ErrRecordExist
@@ -142,6 +147,9 @@ func (u *ImageRepoService) Update(req dto.ImageRepoUpdate) error {
 	if req.ID == 1 {
 		return errors.New("The default value cannot be deleted !")
 	}
+	if cmd.CheckIllegal(req.Username, req.Password, req.DownloadUrl) {
+		return buserr.New(constant.ErrCmdIllegal)
+	}
 	repo, err := imageRepoRepo.Get(commonRepo.WithByID(req.ID))
 	if err != nil {
 		return err
@@ -149,7 +157,7 @@ func (u *ImageRepoService) Update(req dto.ImageRepoUpdate) error {
 	if repo.DownloadUrl != req.DownloadUrl || (!repo.Auth && req.Auth) {
 		_ = u.handleRegistries(req.DownloadUrl, repo.DownloadUrl, "update")
 		if repo.Auth {
-			_, _ = cmd.Execf("docker logout %s", repo.DownloadUrl)
+			_, _ = cmd.ExecWithCheck("docker", "logout", repo.DownloadUrl)
 		}
 		stdout, err := cmd.Exec("systemctl restart docker")
 		if err != nil {
@@ -176,9 +184,9 @@ func (u *ImageRepoService) Update(req dto.ImageRepoUpdate) error {
 }

 func (u *ImageRepoService) CheckConn(host, user, password string) error {
-	stdout, err := cmd.Execf("docker login -u %s -p %s %s", user, password, host)
+	stdout, err := cmd.ExecWithCheck("docker", "login", "-u", user, "-p", password, host)
 	if err != nil {
-		return errors.New(string(stdout))
+		return fmt.Errorf("stdout: %s, stderr: %v", stdout, err)
 	}
 	if strings.Contains(string(stdout), "Login Succeeded") {
 		return nil
--- a/backend/app/service/logs.go
+++ b/backend/app/service/logs.go
@@ -1,9 +1,14 @@
 package service

 import (
+	"os"
+	"path"
+
 	"github.com/1Panel-dev/1Panel/backend/app/dto"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/jinzhu/copier"
 	"github.com/pkg/errors"
@@ -20,6 +25,8 @@ type ILogService interface {
 	CreateOperationLog(operation model.OperationLog) error
 	PageOperationLog(search dto.SearchOpLogWithPage) (int64, interface{}, error)

+	LoadSystemLog() (string, error)
+
 	CleanLogs(logtype string) error
 }

@@ -74,6 +81,18 @@ func (u *LogService) PageOperationLog(req dto.SearchOpLogWithPage) (int64, inter
 	return total, dtoOps, err
 }

+func (u *LogService) LoadSystemLog() (string, error) {
+	filePath := path.Join(global.CONF.System.DataDir, "log/1Panel.log")
+	if _, err := os.Stat(filePath); err != nil {
+		return "", buserr.New("ErrHttpReqNotFound")
+	}
+	content, err := os.ReadFile(filePath)
+	if err != nil {
+		return "", err
+	}
+	return string(content), nil
+}
+
 func (u *LogService) CleanLogs(logtype string) error {
 	if logtype == "operation" {
 		return logRepo.CleanOperation()
--- a/backend/app/service/monitor.go
+++ b/backend/app/service/monitor.go
@@ -76,17 +76,31 @@ func loadDiskIO() {
 			if io2.Name == io1.Name {
 				var itemIO model.MonitorIO
 				itemIO.Name = io1.Name
-				itemIO.Read = uint64(float64(io2.ReadBytes-io1.ReadBytes) / 60)
-				itemIO.Write = uint64(float64(io2.WriteBytes-io1.WriteBytes) / 60)
+				if io2.ReadBytes != 0 && io1.ReadBytes != 0 && io2.ReadBytes > io1.ReadBytes {
+					itemIO.Read = uint64(float64(io2.ReadBytes-io1.ReadBytes) / 60)
+				}
+				if io2.WriteBytes != 0 && io1.WriteBytes != 0 && io2.WriteBytes > io1.WriteBytes {
+					itemIO.Write = uint64(float64(io2.WriteBytes-io1.WriteBytes) / 60)
+				}

-				itemIO.Count = uint64(float64(io2.ReadCount-io1.ReadCount) / 60)
-				writeCount := uint64(float64(io2.WriteCount-io1.WriteCount) / 60)
+				if io2.ReadCount != 0 && io1.ReadCount != 0 && io2.ReadCount > io1.ReadCount {
+					itemIO.Count = uint64(float64(io2.ReadCount-io1.ReadCount) / 60)
+				}
+				writeCount := uint64(0)
+				if io2.WriteCount != 0 && io1.WriteCount != 0 && io2.WriteCount > io1.WriteCount {
+					writeCount = uint64(float64(io2.WriteCount-io1.WriteCount) / 60)
+				}
 				if writeCount > itemIO.Count {
 					itemIO.Count = writeCount
 				}

-				itemIO.Time = uint64(float64(io2.ReadTime-io1.ReadTime) / 60)
-				writeTime := uint64(float64(io2.WriteTime-io1.WriteTime) / 60)
+				if io2.ReadTime != 0 && io1.ReadTime != 0 && io2.ReadTime > io1.ReadTime {
+					itemIO.Time = uint64(float64(io2.ReadTime-io1.ReadTime) / 60)
+				}
+				writeTime := uint64(0)
+				if io2.WriteTime != 0 && io1.WriteTime != 0 && io2.WriteTime > io1.WriteTime {
+					writeTime = uint64(float64(io2.WriteTime-io1.WriteTime) / 60)
+				}
 				if writeTime > itemIO.Time {
 					itemIO.Time = writeTime
 				}
@@ -113,8 +127,13 @@ func loadNetIO() {
 			if net2.Name == net1.Name {
 				var itemNet model.MonitorNetwork
 				itemNet.Name = net1.Name
-				itemNet.Up = float64(net2.BytesSent-net1.BytesSent) / 1024 / 60
-				itemNet.Down = float64(net2.BytesRecv-net1.BytesRecv) / 1024 / 60
+
+				if net2.BytesSent != 0 && net1.BytesSent != 0 && net2.BytesSent > net1.BytesSent {
+					itemNet.Up = float64(net2.BytesSent-net1.BytesSent) / 1024 / 60
+				}
+				if net2.BytesRecv != 0 && net1.BytesRecv != 0 && net2.BytesRecv > net1.BytesRecv {
+					itemNet.Down = float64(net2.BytesRecv-net1.BytesRecv) / 1024 / 60
+				}
 				netList = append(netList, itemNet)
 				break
 			}
@@ -123,14 +142,16 @@ func loadNetIO() {
 	netStatAll2, _ := net.IOCounters(false)
 	for _, net2 := range netStatAll2 {
 		for _, net1 := range netStatAll {
-			if net1.BytesSent == 0 || net1.BytesRecv == 0 {
-				continue
-			}
 			if net2.Name == net1.Name {
 				var itemNet model.MonitorNetwork
 				itemNet.Name = net1.Name
-				itemNet.Up = float64(net2.BytesSent-net1.BytesSent) / 1024 / 60
-				itemNet.Down = float64(net2.BytesRecv-net1.BytesRecv) / 1024 / 60
+				if net2.BytesSent != 0 && net1.BytesSent != 0 && net2.BytesSent > net1.BytesSent {
+					itemNet.Up = float64(net2.BytesSent-net1.BytesSent) / 1024 / 60
+				}
+
+				if net2.BytesRecv != 0 && net1.BytesRecv != 0 && net2.BytesRecv > net1.BytesRecv {
+					itemNet.Down = float64(net2.BytesRecv-net1.BytesRecv) / 1024 / 60
+				}
 				netList = append(netList, itemNet)
 				break
 			}
@@ -146,10 +167,12 @@ func StartMonitor(removeBefore bool, interval string) error {
 	if removeBefore {
 		global.Cron.Remove(cron.EntryID(global.MonitorCronID))
 	}
-	monitorID, err := global.Cron.AddJob(fmt.Sprintf("@every %sm", interval), NewIMonitorService())
+	imservice := NewIMonitorService()
+	monitorID, err := global.Cron.AddJob(fmt.Sprintf("@every %sm", interval), imservice)
 	if err != nil {
 		return err
 	}
+	imservice.Run()
 	global.MonitorCronID = int(monitorID)
 	return nil
 }
--- a/backend/app/service/nginx.go
+++ b/backend/app/service/nginx.go
@@ -20,7 +20,7 @@ type NginxService struct {
 }

 type INginxService interface {
-	GetNginxConfig() (response.FileInfo, error)
+	GetNginxConfig() (*response.NginxFile, error)
 	GetConfigByScope(req request.NginxScopeReq) ([]response.NginxParam, error)
 	UpdateConfigByScope(req request.NginxConfigUpdate) error
 	GetStatus() (response.NginxStatus, error)
@@ -31,20 +31,17 @@ func NewINginxService() INginxService {
 	return &NginxService{}
 }

-func (n NginxService) GetNginxConfig() (response.FileInfo, error) {
+func (n NginxService) GetNginxConfig() (*response.NginxFile, error) {
 	nginxInstall, err := getAppInstallByKey(constant.AppOpenresty)
 	if err != nil {
-		return response.FileInfo{}, err
+		return nil, err
 	}
 	configPath := path.Join(constant.AppInstallDir, constant.AppOpenresty, nginxInstall.Name, "conf", "nginx.conf")
-	info, err := files.NewFileInfo(files.FileOption{
-		Path:   configPath,
-		Expand: true,
-	})
+	byteContent, err := files.NewFileOp().GetContent(configPath)
 	if err != nil {
-		return response.FileInfo{}, err
+		return nil, err
 	}
-	return response.FileInfo{FileInfo: *info}, nil
+	return &response.NginxFile{Content: string(byteContent)}, nil
 }

 func (n NginxService) GetConfigByScope(req request.NginxScopeReq) ([]response.NginxParam, error) {
@@ -86,31 +83,32 @@ func (n NginxService) GetStatus() (response.NginxStatus, error) {

 func (n NginxService) UpdateConfigFile(req request.NginxConfigFileUpdate) error {
 	fileOp := files.NewFileOp()
+	nginxInstall, err := getAppInstallByKey(constant.AppOpenresty)
+	filePath := path.Join(constant.AppInstallDir, constant.AppOpenresty, nginxInstall.Name, "conf", "nginx.conf")
+	if err != nil {
+		return err
+	}
 	if req.Backup {
-		backupPath := path.Join(path.Dir(req.FilePath), "bak")
+		backupPath := path.Join(path.Dir(filePath), "bak")
 		if !fileOp.Stat(backupPath) {
 			if err := fileOp.CreateDir(backupPath, 0755); err != nil {
 				return err
 			}
 		}
 		newFile := path.Join(backupPath, "nginx.bak"+"-"+time.Now().Format("2006-01-02-15-04-05"))
-		if err := fileOp.Copy(req.FilePath, backupPath); err != nil {
+		if err := fileOp.Copy(filePath, backupPath); err != nil {
 			return err
 		}
 		if err := fileOp.Rename(path.Join(backupPath, "nginx.conf"), newFile); err != nil {
 			return err
 		}
 	}
-	oldContent, err := os.ReadFile(req.FilePath)
+	oldContent, err := os.ReadFile(filePath)
 	if err != nil {
 		return err
 	}
-	if err := fileOp.WriteFile(req.FilePath, strings.NewReader(req.Content), 0644); err != nil {
+	if err = fileOp.WriteFile(filePath, strings.NewReader(req.Content), 0644); err != nil {
 		return err
 	}
-	nginxInstall, err := getAppInstallByKey(constant.AppOpenresty)
-	if err != nil {
-		return err
-	}
-	return nginxCheckAndReload(string(oldContent), req.FilePath, nginxInstall.ContainerName)
+	return nginxCheckAndReload(string(oldContent), filePath, nginxInstall.ContainerName)
 }
--- a/backend/app/service/process.go
+++ b/backend/app/service/process.go
@@ -0,0 +1,27 @@
+package service
+
+import (
+	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
+	"github.com/shirou/gopsutil/v3/process"
+)
+
+type ProcessService struct{}
+
+type IProcessService interface {
+	StopProcess(req request.ProcessReq) error
+}
+
+func NewIProcessService() IProcessService {
+	return &ProcessService{}
+}
+
+func (p *ProcessService) StopProcess(req request.ProcessReq) error {
+	proc, err := process.NewProcess(req.PID)
+	if err != nil {
+		return err
+	}
+	if err := proc.Kill(); err != nil {
+		return err
+	}
+	return nil
+}
--- a/backend/app/service/remote_db.go
+++ b/backend/app/service/remote_db.go
@@ -0,0 +1,146 @@
+package service
+
+import (
+	"context"
+
+	"github.com/1Panel-dev/1Panel/backend/app/dto"
+	"github.com/1Panel-dev/1Panel/backend/constant"
+	"github.com/1Panel-dev/1Panel/backend/utils/mysql"
+	"github.com/1Panel-dev/1Panel/backend/utils/mysql/client"
+	"github.com/jinzhu/copier"
+	"github.com/pkg/errors"
+)
+
+type RemoteDBService struct{}
+
+type IRemoteDBService interface {
+	Get(name string) (dto.RemoteDBInfo, error)
+	SearchWithPage(search dto.RemoteDBSearch) (int64, interface{}, error)
+	CheckeRemoteDB(req dto.RemoteDBCreate) bool
+	Create(req dto.RemoteDBCreate) error
+	Update(req dto.RemoteDBUpdate) error
+	Delete(id uint) error
+	List(dbType string) ([]dto.RemoteDBOption, error)
+}
+
+func NewIRemoteDBService() IRemoteDBService {
+	return &RemoteDBService{}
+}
+
+func (u *RemoteDBService) SearchWithPage(search dto.RemoteDBSearch) (int64, interface{}, error) {
+	total, dbs, err := remoteDBRepo.Page(search.Page, search.PageSize,
+		commonRepo.WithByType(search.Type),
+		commonRepo.WithLikeName(search.Info),
+		remoteDBRepo.WithoutByFrom("local"),
+	)
+	var datas []dto.RemoteDBInfo
+	for _, db := range dbs {
+		var item dto.RemoteDBInfo
+		if err := copier.Copy(&item, &db); err != nil {
+			return 0, nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
+		}
+		datas = append(datas, item)
+	}
+	return total, datas, err
+}
+
+func (u *RemoteDBService) Get(name string) (dto.RemoteDBInfo, error) {
+	var data dto.RemoteDBInfo
+	remote, err := remoteDBRepo.Get(commonRepo.WithByName(name))
+	if err != nil {
+		return data, err
+	}
+	if err := copier.Copy(&data, &remote); err != nil {
+		return data, errors.WithMessage(constant.ErrStructTransform, err.Error())
+	}
+	return data, nil
+}
+
+func (u *RemoteDBService) List(dbType string) ([]dto.RemoteDBOption, error) {
+	dbs, err := remoteDBRepo.GetList(commonRepo.WithByType(dbType))
+	var datas []dto.RemoteDBOption
+	for _, db := range dbs {
+		var item dto.RemoteDBOption
+		if err := copier.Copy(&item, &db); err != nil {
+			return nil, errors.WithMessage(constant.ErrStructTransform, err.Error())
+		}
+		datas = append(datas, item)
+	}
+	return datas, err
+}
+
+func (u *RemoteDBService) CheckeRemoteDB(req dto.RemoteDBCreate) bool {
+	if _, err := mysql.NewMysqlClient(client.DBInfo{
+		From:     "remote",
+		Address:  req.Address,
+		Port:     req.Port,
+		Username: req.Username,
+		Password: req.Password,
+		Timeout:  6,
+	}); err != nil {
+		return false
+	}
+	return true
+}
+
+func (u *RemoteDBService) Create(req dto.RemoteDBCreate) error {
+	db, _ := remoteDBRepo.Get(commonRepo.WithByName(req.Name))
+	if db.ID != 0 {
+		return constant.ErrRecordExist
+	}
+	if _, err := mysql.NewMysqlClient(client.DBInfo{
+		From:     "remote",
+		Address:  req.Address,
+		Port:     req.Port,
+		Username: req.Username,
+		Password: req.Password,
+		Timeout:  6,
+	}); err != nil {
+		return err
+	}
+	if err := copier.Copy(&db, &req); err != nil {
+		return errors.WithMessage(constant.ErrStructTransform, err.Error())
+	}
+	if err := remoteDBRepo.Create(&db); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (u *RemoteDBService) Delete(id uint) error {
+	db, _ := remoteDBRepo.Get(commonRepo.WithByID(id))
+	if db.ID == 0 {
+		return constant.ErrRecordNotFound
+	}
+	if err := remoteDBRepo.Delete(commonRepo.WithByID(id)); err != nil {
+		return err
+	}
+	if db.From != "local" {
+		if err := mysqlRepo.Delete(context.Background(), remoteDBRepo.WithByFrom(db.Name)); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (u *RemoteDBService) Update(req dto.RemoteDBUpdate) error {
+	if _, err := mysql.NewMysqlClient(client.DBInfo{
+		From:     "remote",
+		Address:  req.Address,
+		Port:     req.Port,
+		Username: req.Username,
+		Password: req.Password,
+		Timeout:  300,
+	}); err != nil {
+		return err
+	}
+
+	upMap := make(map[string]interface{})
+	upMap["version"] = req.Version
+	upMap["address"] = req.Address
+	upMap["port"] = req.Port
+	upMap["username"] = req.Username
+	upMap["password"] = req.Password
+	upMap["description"] = req.Description
+	return remoteDBRepo.Update(req.ID, upMap)
+}
--- a/backend/app/service/runtime.go
+++ b/backend/app/service/runtime.go
@@ -65,7 +65,7 @@ func (r *RuntimeService) Create(create request.RuntimeCreate) (err error) {
 	}
 	fileOp := files.NewFileOp()
 	appVersionDir := path.Join(constant.AppResourceDir, app.Resource, app.Key, appDetail.Version)
-	if !fileOp.Stat(appVersionDir) {
+	if !fileOp.Stat(appVersionDir) || appDetail.Update {
 		if err := downloadApp(app, appDetail, nil); err != nil {
 			return err
 		}
@@ -98,10 +98,6 @@ func (r *RuntimeService) Create(create request.RuntimeCreate) (err error) {
 	if err != nil {
 		return
 	}
-	composeService, err := getComposeService(create.Name, newNameDir, composeContent, envContent, false)
-	if err != nil {
-		return
-	}
 	runtime := &model.Runtime{
 		Name:          create.Name,
 		DockerCompose: string(composeContent),
@@ -117,7 +113,7 @@ func (r *RuntimeService) Create(create request.RuntimeCreate) (err error) {
 	if err = runtimeRepo.Create(context.Background(), runtime); err != nil {
 		return
 	}
-	go buildRuntime(runtime, composeService, "")
+	go buildRuntime(runtime, "")
 	return
 }

@@ -260,7 +256,6 @@ func (r *RuntimeService) Update(req request.RuntimeUpdate) error {
 	if err != nil {
 		return err
 	}
-	composeService, err := getComposeService(runtime.Name, runtimeDir, composeContent, envContent, false)
 	if err != nil {
 		return err
 	}
@@ -277,6 +272,6 @@ func (r *RuntimeService) Update(req request.RuntimeUpdate) error {
 	if err != nil {
 		return err
 	}
-	go buildRuntime(runtime, composeService, imageID)
+	go buildRuntime(runtime, imageID)
 	return nil
 }
--- a/backend/app/service/runtime_utils.go
+++ b/backend/app/service/runtime_utils.go
@@ -1,6 +1,7 @@
 package service

 import (
+	"bytes"
 	"fmt"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
 	"github.com/1Panel-dev/1Panel/backend/buserr"
@@ -8,20 +9,42 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/docker"
 	"github.com/1Panel-dev/1Panel/backend/utils/files"
-	"github.com/docker/cli/cli/command"
 	"github.com/subosito/gotenv"
+	"io"
 	"os"
+	"os/exec"
 	"path"
 	"strings"
 )

-func buildRuntime(runtime *model.Runtime, service *docker.ComposeService, oldImageID string) {
-	err := service.ComposeBuild()
+func buildRuntime(runtime *model.Runtime, oldImageID string) {
+	runtimePath := path.Join(constant.RuntimeDir, runtime.Type, runtime.Name)
+	composePath := path.Join(runtimePath, "docker-compose.yml")
+	logPath := path.Join(runtimePath, "build.log")
+
+	logFile, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+	if err != nil {
+		fmt.Println("Failed to open log file:", err)
+		return
+	}
+	defer func() {
+		_ = logFile.Close()
+	}()
+
+	cmd := exec.Command("docker-compose", "-f", composePath, "build")
+	multiWriterStdout := io.MultiWriter(os.Stdout, logFile)
+	cmd.Stdout = multiWriterStdout
+	var stderrBuf bytes.Buffer
+	multiWriterStderr := io.MultiWriter(&stderrBuf, logFile, os.Stderr)
+	cmd.Stderr = multiWriterStderr
+
+	err = cmd.Run()
 	if err != nil {
 		runtime.Status = constant.RuntimeError
-		runtime.Message = buserr.New(constant.ErrImageBuildErr).Error() + ":" + err.Error()
+		runtime.Message = buserr.New(constant.ErrImageBuildErr).Error() + ":" + stderrBuf.String()
 	} else {
 		runtime.Status = constant.RuntimeNormal
+		runtime.Message = ""
 		if oldImageID != "" {
 			client, err := docker.NewClient()
 			if err == nil {
@@ -62,7 +85,7 @@ func handleParams(image, runtimeType, runtimeDir string, params map[string]inter
 			if extendsArray, ok := extends.([]interface{}); ok {
 				strArray := make([]string, len(extendsArray))
 				for i, v := range extendsArray {
-					strArray[i] = fmt.Sprintf("%v", v)
+					strArray[i] = strings.ToLower(fmt.Sprintf("%v", v))
 				}
 				params["PHP_EXTENSIONS"] = strings.Join(strArray, ",")
 			}
@@ -83,25 +106,3 @@ func handleParams(image, runtimeType, runtimeDir string, params map[string]inter
 	envContent = []byte(envStr)
 	return
 }
-
-func getComposeService(name, runtimeDir string, composeFile, env []byte, skipNormalization bool) (*docker.ComposeService, error) {
-	project, err := docker.GetComposeProject(name, runtimeDir, composeFile, env, skipNormalization)
-	if err != nil {
-		return nil, err
-	}
-	logPath := path.Join(runtimeDir, "build.log")
-	fileOp := files.NewFileOp()
-	if fileOp.Stat(logPath) {
-		_ = fileOp.DeleteFile(logPath)
-	}
-	file, err := os.Create(logPath)
-	if err != nil {
-		return nil, err
-	}
-	composeService, err := docker.NewComposeService(command.WithOutputStream(file))
-	if err != nil {
-		return nil, err
-	}
-	composeService.SetProject(project)
-	return composeService, nil
-}
--- a/backend/app/service/setting.go
+++ b/backend/app/service/setting.go
@@ -7,6 +7,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"os"
+	"path"
 	"strconv"
 	"strings"
 	"time"
@@ -172,7 +173,7 @@ func (u *SettingService) UpdatePort(port uint) error {
 }

 func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
-	secretDir := global.CONF.System.BaseDir + "/1panel/secret/"
+	secretDir := path.Join(global.CONF.System.BaseDir, "1panel/secret")
 	if req.SSL == "disable" {
 		if err := settingRepo.Update("SSL", "disable"); err != nil {
 			return err
@@ -180,8 +181,8 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
 		if err := settingRepo.Update("SSLType", "self"); err != nil {
 			return err
 		}
-		_ = os.Remove(secretDir + "server.crt")
-		_ = os.Remove(secretDir + "server.key")
+		_ = os.Remove(path.Join(secretDir, "server.crt"))
+		_ = os.Remove(path.Join(secretDir, "server.key"))
 		go func() {
 			_, err := cmd.Exec("systemctl restart 1panel.service")
 			if err != nil {
@@ -220,7 +221,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
 		}
 	}
 	if req.SSLType == "import" {
-		cert, err := os.OpenFile(secretDir+"server.crt.tmp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+		cert, err := os.OpenFile(path.Join(secretDir, "server.crt.tmp"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 		if err != nil {
 			return err
 		}
@@ -228,7 +229,7 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
 		if _, err := cert.WriteString(req.Cert); err != nil {
 			return err
 		}
-		key, err := os.OpenFile(secretDir+"server.key.tmp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
+		key, err := os.OpenFile(path.Join(secretDir, "server.key.tmp"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 		if err != nil {
 			return err
 		}
@@ -242,10 +243,10 @@ func (u *SettingService) UpdateSSL(c *gin.Context, req dto.SSLUpdate) error {
 	}

 	fileOp := files.NewFileOp()
-	if err := fileOp.Rename(secretDir+"server.crt.tmp", secretDir+"server.crt"); err != nil {
+	if err := fileOp.Rename(path.Join(secretDir, "server.crt.tmp"), path.Join(secretDir, "server.crt")); err != nil {
 		return err
 	}
-	if err := fileOp.Rename(secretDir+"server.key.tmp", secretDir+"server.key"); err != nil {
+	if err := fileOp.Rename(path.Join(secretDir, "server.key.tmp"), path.Join(secretDir, "server.key")); err != nil {
 		return err
 	}
 	if err := settingRepo.Update("SSL", req.SSL); err != nil {
@@ -278,16 +279,16 @@ func (u *SettingService) LoadFromCert() (*dto.SSLInfo, error) {
 	}
 	switch sslType.Value {
 	case "import":
-		if _, err := os.Stat(global.CONF.System.BaseDir + "/1panel/secret/server.crt"); err != nil {
+		if _, err := os.Stat(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt")); err != nil {
 			return nil, fmt.Errorf("load server.crt file failed, err: %v", err)
 		}
-		certFile, _ := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.crt")
+		certFile, _ := os.ReadFile(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt"))
 		data.Cert = string(certFile)

-		if _, err := os.Stat(global.CONF.System.BaseDir + "/1panel/secret/server.key"); err != nil {
+		if _, err := os.Stat(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.key")); err != nil {
 			return nil, fmt.Errorf("load server.key file failed, err: %v", err)
 		}
-		keyFile, _ := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.key")
+		keyFile, _ := os.ReadFile(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.key"))
 		data.Key = string(keyFile)
 	case "select":
 		sslID, err := settingRepo.Get(settingRepo.WithByKey("SSLID"))
@@ -341,7 +342,7 @@ func (u *SettingService) UpdatePassword(c *gin.Context, old, new string) error {

 func loadInfoFromCert() (*dto.SSLInfo, error) {
 	var info dto.SSLInfo
-	certFile := global.CONF.System.BaseDir + "/1panel/secret/server.crt"
+	certFile := path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt")
 	if _, err := os.Stat(certFile); err != nil {
 		return &info, err
 	}
@@ -369,16 +370,16 @@ func loadInfoFromCert() (*dto.SSLInfo, error) {
 	return &dto.SSLInfo{
 		Domain:   strings.Join(domains, ","),
 		Timeout:  certObj.NotAfter.Format("2006-01-02 15:04:05"),
-		RootPath: global.CONF.System.BaseDir + "/1panel/secret/server.crt",
+		RootPath: path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt"),
 	}, nil
 }

 func checkCertValid(domain string) error {
-	certificate, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.crt.tmp")
+	certificate, err := os.ReadFile(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.crt.tmp"))
 	if err != nil {
 		return err
 	}
-	key, err := os.ReadFile(global.CONF.System.BaseDir + "/1panel/secret/server.key.tmp")
+	key, err := os.ReadFile(path.Join(global.CONF.System.BaseDir, "1panel/secret/server.key.tmp"))
 	if err != nil {
 		return err
 	}
--- a/backend/app/service/snapshot.go
+++ b/backend/app/service/snapshot.go
@@ -5,6 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"path"
+	"regexp"
+	"strconv"
 	"strings"
 	"time"

@@ -56,6 +59,12 @@ func (u *SnapshotService) SnapshotImport(req dto.SnapshotImport) error {
 	if len(req.Names) == 0 {
 		return fmt.Errorf("incorrect snapshot request body: %v", req.Names)
 	}
+	for _, snapName := range req.Names {
+		snap, _ := snapshotRepo.Get(commonRepo.WithByName(strings.ReplaceAll(snapName, ".tar.gz", "")))
+		if snap.ID != 0 {
+			return constant.ErrRecordExist
+		}
+	}
 	for _, snap := range req.Names {
 		nameItems := strings.Split(snap, "_")
 		if !strings.HasPrefix(snap, "1panel_v") || !strings.HasSuffix(snap, ".tar.gz") || len(nameItems) != 3 {
@@ -120,7 +129,7 @@ func (u *SnapshotService) SnapshotCreate(req dto.SnapshotCreate) error {

 	timeNow := time.Now().Format("20060102150405")
 	versionItem, _ := settingRepo.Get(settingRepo.WithByKey("SystemVersion"))
-	rootDir := fmt.Sprintf("%s/system/1panel_%s_%s", localDir, versionItem.Value, timeNow)
+	rootDir := path.Join(localDir, fmt.Sprintf("system/1panel_%s_%s", versionItem.Value, timeNow))
 	backupPanelDir := fmt.Sprintf("%s/1panel", rootDir)
 	_ = os.MkdirAll(backupPanelDir, os.ModePerm)
 	backupDockerDir := fmt.Sprintf("%s/docker", rootDir)
@@ -136,18 +145,19 @@ func (u *SnapshotService) SnapshotCreate(req dto.SnapshotCreate) error {
 	}
 	_ = snapshotRepo.Create(&snap)
 	go func() {
+		_ = global.Cron.Stop()
 		defer func() {
+			global.Cron.Start()
 			_ = os.RemoveAll(rootDir)
 		}()
 		fileOp := files.NewFileOp()

-		dockerDataDir, liveRestoreStatus, err := u.loadDockerDataDir()
-		if err != nil {
-			updateSnapshotStatus(snap.ID, constant.StatusFailed, err.Error())
-			return
+		snapJson := SnapshotJson{
+			BaseDir:       global.CONF.System.BaseDir,
+			BackupDataDir: localDir,
 		}
-		_, _ = cmd.Exec("systemctl stop docker")
-		if err := u.handleDockerDatas(fileOp, "snapshot", dockerDataDir, backupDockerDir); err != nil {
+
+		if err := u.handleDockerDatasWithSave(fileOp, "snapshot", "", backupDockerDir); err != nil {
 			updateSnapshotStatus(snap.ID, constant.StatusFailed, err.Error())
 			return
 		}
@@ -174,25 +184,20 @@ func (u *SnapshotService) SnapshotCreate(req dto.SnapshotCreate) error {
 			return
 		}

-		if err := u.handlePanelDatas(snap.ID, fileOp, "snapshot", global.CONF.System.BaseDir+"/1panel", backupPanelDir, localDir, dockerDataDir); err != nil {
+		dataDir := path.Join(global.CONF.System.BaseDir, "1panel")
+		if err := u.handlePanelDatas(snap.ID, fileOp, "snapshot", dataDir, backupPanelDir, localDir, snapJson.DockerDataDir); err != nil {
 			updateSnapshotStatus(snap.ID, constant.StatusFailed, err.Error())
 			return
 		}
 		_, _ = cmd.Exec("systemctl restart docker")
+		snapJson.PanelDataDir = dataDir

-		snapJson := SnapshotJson{
-			BaseDir:            global.CONF.System.BaseDir,
-			DockerDataDir:      dockerDataDir,
-			BackupDataDir:      localDir,
-			PanelDataDir:       global.CONF.System.BaseDir + "/1panel",
-			LiveRestoreEnabled: liveRestoreStatus,
-		}
 		if err := u.saveJson(snapJson, rootDir); err != nil {
 			updateSnapshotStatus(snap.ID, constant.StatusFailed, fmt.Sprintf("save snapshot json failed, err: %v", err))
 			return
 		}

-		if err := handleTar(rootDir, fmt.Sprintf("%s/system", localDir), fmt.Sprintf("1panel_%s_%s.tar.gz", versionItem.Value, timeNow), ""); err != nil {
+		if err := handleTar(rootDir, path.Join(localDir, "system"), fmt.Sprintf("1panel_%s_%s.tar.gz", versionItem.Value, timeNow), ""); err != nil {
 			updateSnapshotStatus(snap.ID, constant.StatusFailed, err.Error())
 			return
 		}
@@ -201,14 +206,16 @@ func (u *SnapshotService) SnapshotCreate(req dto.SnapshotCreate) error {

 		global.LOG.Infof("start to upload snapshot to %s, please wait", backup.Type)
 		_ = snapshotRepo.Update(snap.ID, map[string]interface{}{"status": constant.StatusUploading})
-		localPath := fmt.Sprintf("%s/system/1panel_%s_%s.tar.gz", localDir, versionItem.Value, timeNow)
-		if ok, err := backupAccount.Upload(localPath, fmt.Sprintf("system_snapshot/1panel_%s_%s.tar.gz", versionItem.Value, timeNow)); err != nil || !ok {
+		localPath := path.Join(localDir, fmt.Sprintf("system/1panel_%s_%s.tar.gz", versionItem.Value, timeNow))
+		itemBackupPath := strings.TrimPrefix(backup.BackupPath, "/")
+		itemBackupPath = strings.TrimSuffix(itemBackupPath, "/")
+		if ok, err := backupAccount.Upload(localPath, fmt.Sprintf("%s/system_snapshot/1panel_%s_%s.tar.gz", itemBackupPath, versionItem.Value, timeNow)); err != nil || !ok {
 			_ = snapshotRepo.Update(snap.ID, map[string]interface{}{"status": constant.StatusFailed, "message": err.Error()})
 			global.LOG.Errorf("upload snapshot to %s failed, err: %v", backup.Type, err)
 			return
 		}
 		_ = snapshotRepo.Update(snap.ID, map[string]interface{}{"status": constant.StatusSuccess})
-		_ = os.RemoveAll(fmt.Sprintf("%s/system/1panel_%s_%s.tar.gz", localDir, versionItem.Value, timeNow))
+		_ = os.RemoveAll(path.Join(localDir, fmt.Sprintf("system/1panel_%s_%s.tar.gz", versionItem.Value, timeNow)))

 		global.LOG.Infof("upload snapshot to %s success", backup.Type)
 	}()
@@ -224,6 +231,7 @@ func (u *SnapshotService) SnapshotRecover(req dto.SnapshotRecover) error {
 	if !req.IsNew && len(snap.InterruptStep) != 0 && len(snap.RollbackStatus) != 0 {
 		return fmt.Errorf("the snapshot has been rolled back and cannot be restored again")
 	}
+	isNewSnapshot := isNewSnapVersion(snap.Version)
 	isReTry := false
 	if len(snap.InterruptStep) != 0 && !req.IsNew {
 		isReTry = true
@@ -240,7 +248,7 @@ func (u *SnapshotService) SnapshotRecover(req dto.SnapshotRecover) error {
 	if err != nil {
 		return err
 	}
-	baseDir := fmt.Sprintf("%s/system/%s", localDir, snap.Name)
+	baseDir := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("system/%s", snap.Name))
 	if _, err := os.Stat(baseDir); err != nil && os.IsNotExist(err) {
 		_ = os.MkdirAll(baseDir, os.ModePerm)
 	}
@@ -248,12 +256,18 @@ func (u *SnapshotService) SnapshotRecover(req dto.SnapshotRecover) error {
 	_ = snapshotRepo.Update(snap.ID, map[string]interface{}{"recover_status": constant.StatusWaiting})
 	_ = settingRepo.Update("SystemStatus", "Recovering")
 	go func() {
+		_ = global.Cron.Stop()
+		defer func() {
+			global.Cron.Start()
+		}()
 		operation := "recover"
 		if isReTry {
 			operation = "re-recover"
 		}
 		if !isReTry || snap.InterruptStep == "Download" || (isReTry && req.ReDownload) {
-			ok, err := client.Download(fmt.Sprintf("system_snapshot/%s.tar.gz", snap.Name), fmt.Sprintf("%s/%s.tar.gz", baseDir, snap.Name))
+			itemBackupPath := strings.TrimPrefix(backup.BackupPath, "/")
+			itemBackupPath = strings.TrimSuffix(itemBackupPath, "/")
+			ok, err := client.Download(fmt.Sprintf("%s/system_snapshot/%s.tar.gz", itemBackupPath, snap.Name), fmt.Sprintf("%s/%s.tar.gz", baseDir, snap.Name))
 			if err != nil || !ok {
 				if req.ReDownload {
 					updateRecoverStatus(snap.ID, snap.InterruptStep, constant.StatusFailed, fmt.Sprintf("download file %s from %s failed, err: %v", snap.Name, backup.Type, err))
@@ -286,39 +300,51 @@ func (u *SnapshotService) SnapshotRecover(req dto.SnapshotRecover) error {
 		if snap.InterruptStep == "Readjson" {
 			isReTry = false
 		}
-		u.OriginalPath = fmt.Sprintf("%s/original_%s", snapJson.BaseDir, snap.Name)
+		u.OriginalPath = fmt.Sprintf("%s/1panel_original/original_%s", snapJson.BaseDir, snap.Name)
 		_ = os.MkdirAll(u.OriginalPath, os.ModePerm)

 		snapJson.OldBaseDir = global.CONF.System.BaseDir
-		snapJson.OldPanelDataDir = global.CONF.System.BaseDir + "/1panel"
+		snapJson.OldPanelDataDir = path.Join(global.CONF.System.BaseDir, "1panel")
 		snapJson.OldBackupDataDir = localDir
 		recoverPanelDir := fmt.Sprintf("%s/%s/1panel", baseDir, snap.Name)
 		liveRestore := false
-		if !isReTry || snap.InterruptStep == "LoadDockerJson" {
-			snapJson.OldDockerDataDir, liveRestore, err = u.loadDockerDataDir()
-			if err != nil {
-				updateRecoverStatus(snap.ID, "LoadDockerJson", constant.StatusFailed, fmt.Sprintf("load docker data dir failed, err: %v", err))
-				return
-			}
-			isReTry = false
-		}
-		if liveRestore {
-			if err := u.updateLiveRestore(false); err != nil {
-				updateRecoverStatus(snap.ID, "UpdateLiveRestore", constant.StatusFailed, fmt.Sprintf("update docker daemon.json live-restore conf failed, err: %v", err))
-				return
-			}
-			isReTry = false
-		}
-		_ = u.saveJson(snapJson, rootDir)

-		_, _ = cmd.Exec("systemctl stop docker")
-		if !isReTry || snap.InterruptStep == "DockerDir" {
-			if err := u.handleDockerDatas(fileOp, operation, rootDir, snapJson.DockerDataDir); err != nil {
-				updateRecoverStatus(snap.ID, "DockerDir", constant.StatusFailed, err.Error())
-				return
+		if !isNewSnapshot {
+			if !isReTry || snap.InterruptStep == "LoadDockerJson" {
+				snapJson.OldDockerDataDir, liveRestore, err = u.loadDockerDataDir()
+				if err != nil {
+					updateRecoverStatus(snap.ID, "LoadDockerJson", constant.StatusFailed, fmt.Sprintf("load docker data dir failed, err: %v", err))
+					return
+				}
+				isReTry = false
+			}
+			if liveRestore {
+				if err := u.updateLiveRestore(false); err != nil {
+					updateRecoverStatus(snap.ID, "UpdateLiveRestore", constant.StatusFailed, fmt.Sprintf("update docker daemon.json live-restore conf failed, err: %v", err))
+					return
+				}
+				isReTry = false
+			}
+			_ = u.saveJson(snapJson, rootDir)
+
+			_, _ = cmd.Exec("systemctl stop docker")
+			if !isReTry || snap.InterruptStep == "DockerDir" {
+				if err := u.handleDockerDatas(fileOp, operation, rootDir, snapJson.DockerDataDir); err != nil {
+					updateRecoverStatus(snap.ID, "DockerDir", constant.StatusFailed, err.Error())
+					return
+				}
+				isReTry = false
+			}
+		} else {
+			if !isReTry || snap.InterruptStep == "DockerDir" {
+				if err := u.handleDockerDatasWithSave(fileOp, operation, rootDir, ""); err != nil {
+					updateRecoverStatus(snap.ID, "DockerDir", constant.StatusFailed, err.Error())
+					return
+				}
+				isReTry = false
 			}
-			isReTry = false
 		}
+
 		if !isReTry || snap.InterruptStep == "DaemonJson" {
 			if err := u.handleDaemonJson(fileOp, operation, rootDir+"/docker/daemon.json", u.OriginalPath); err != nil {
 				updateRecoverStatus(snap.ID, "DaemonJson", constant.StatusFailed, err.Error())
@@ -365,6 +391,11 @@ func (u *SnapshotService) SnapshotRecover(req dto.SnapshotRecover) error {
 			}
 			isReTry = false
 		}
+
+		if isNewSnapshot {
+			_ = rebuildAllAppInstall()
+		}
+
 		_ = os.RemoveAll(rootDir)
 		global.LOG.Info("recover successful")
 		_, _ = cmd.Exec("systemctl daemon-reload && systemctl restart 1panel.service")
@@ -386,30 +417,59 @@ func (u *SnapshotService) SnapshotRollback(req dto.SnapshotRecover) error {
 		return err
 	}
 	fileOp := files.NewFileOp()
+	isNewSnapshot := isNewSnapVersion(snap.Version)

-	rootDir := fmt.Sprintf("%s/system/%s/%s", localDir, snap.Name, snap.Name)
+	rootDir := path.Join(localDir, fmt.Sprintf("system/%s/%s", snap.Name, snap.Name))

 	_ = settingRepo.Update("SystemStatus", "Rollbacking")
 	_ = snapshotRepo.Update(snap.ID, map[string]interface{}{"rollback_status": constant.StatusWaiting})
 	go func() {
+		_ = global.Cron.Stop()
+		defer func() {
+			global.Cron.Start()
+		}()
 		snapJson, err := u.readFromJson(fmt.Sprintf("%s/snapshot.json", rootDir))
 		if err != nil {
 			updateRollbackStatus(snap.ID, constant.StatusFailed, fmt.Sprintf("decompress file failed, err: %v", err))
 			return
 		}
-		u.OriginalPath = fmt.Sprintf("%s/original_%s", snapJson.OldBaseDir, snap.Name)
+		u.OriginalPath = fmt.Sprintf("%s/1panel_original/original_%s", snapJson.OldBaseDir, snap.Name)
 		if _, err := os.Stat(u.OriginalPath); err != nil && os.IsNotExist(err) {
 			return
 		}

-		_, _ = cmd.Exec("systemctl stop docker")
-		if err := u.handleDockerDatas(fileOp, "rollback", u.OriginalPath, snapJson.OldDockerDataDir); err != nil {
-			updateRollbackStatus(snap.ID, constant.StatusFailed, err.Error())
-			return
-		}
-		if snap.InterruptStep == "DockerDir" {
-			_, _ = cmd.Exec("systemctl restart docker")
-			return
+		if !isNewSnapshot {
+			_, _ = cmd.Exec("systemctl stop docker")
+			if err := u.handleDockerDatas(fileOp, "rollback", u.OriginalPath, snapJson.OldDockerDataDir); err != nil {
+				updateRollbackStatus(snap.ID, constant.StatusFailed, err.Error())
+				return
+			}
+			defer func() {
+				_, _ = cmd.Exec("systemctl restart docker")
+			}()
+			if snap.InterruptStep == "DockerDir" {
+				return
+			}
+			if snapJson.LiveRestoreEnabled {
+				if err := u.updateLiveRestore(true); err != nil {
+					updateRollbackStatus(snap.ID, constant.StatusFailed, err.Error())
+					return
+				}
+			}
+			if snap.InterruptStep == "UpdateLiveRestore" {
+				return
+			}
+		} else {
+			if err := u.handleDockerDatasWithSave(fileOp, "rollback", u.OriginalPath, ""); err != nil {
+				updateRollbackStatus(snap.ID, constant.StatusFailed, err.Error())
+				return
+			}
+			defer func() {
+				_ = rebuildAllAppInstall()
+			}()
+			if snap.InterruptStep == "DockerDir" {
+				return
+			}
 		}

 		if err := u.handleDaemonJson(fileOp, "rollback", u.OriginalPath+"/daemon.json", ""); err != nil {
@@ -417,17 +477,6 @@ func (u *SnapshotService) SnapshotRollback(req dto.SnapshotRecover) error {
 			return
 		}
 		if snap.InterruptStep == "DaemonJson" {
-			_, _ = cmd.Exec("systemctl restart docker")
-			return
-		}
-		if snapJson.LiveRestoreEnabled {
-			if err := u.updateLiveRestore(true); err != nil {
-				updateRollbackStatus(snap.ID, constant.StatusFailed, err.Error())
-				return
-			}
-		}
-		if snap.InterruptStep == "UpdateLiveRestore" {
-			_, _ = cmd.Exec("systemctl restart dockere")
 			return
 		}

@@ -530,12 +579,62 @@ func (u *SnapshotService) handleDockerDatas(fileOp files.FileOp, operation strin
 	return nil
 }

+func (u *SnapshotService) handleDockerDatasWithSave(fileOp files.FileOp, operation, source, target string) error {
+	switch operation {
+	case "snapshot":
+		appInstalls, err := appInstallRepo.ListBy()
+		if err != nil {
+			return err
+		}
+		imageRegex := regexp.MustCompile(`image:\s*(.*)`)
+		var imageSaveList []string
+		existStr, _ := cmd.Exec("docker images | awk '{print $1\":\"$2}' | grep -v REPOSITORY:TAG")
+		existImages := strings.Split(existStr, "\n")
+		duplicateMap := make(map[string]bool)
+		for _, app := range appInstalls {
+			matches := imageRegex.FindAllStringSubmatch(app.DockerCompose, -1)
+			for _, match := range matches {
+				for _, existImage := range existImages {
+					if match[1] == existImage && !duplicateMap[match[1]] {
+						imageSaveList = append(imageSaveList, match[1])
+						duplicateMap[match[1]] = true
+					}
+				}
+			}
+		}
+		std, err := cmd.Execf("docker save %s | gzip -c > %s", strings.Join(imageSaveList, " "), path.Join(target, "docker_image.tar"))
+		if err != nil {
+			return errors.New(std)
+		}
+	case "recover":
+		if err := u.handleDockerDatasWithSave(fileOp, "snapshot", "", u.OriginalPath); err != nil {
+			return fmt.Errorf("backup docker data failed, err: %v", err)
+		}
+		std, err := cmd.Execf("docker load < %s", path.Join(source, "docker/docker_image.tar"))
+		if err != nil {
+			return errors.New(std)
+		}
+	case "re-recover":
+		std, err := cmd.Execf("docker load < %s", path.Join(source, "docker/docker_image.tar"))
+		if err != nil {
+			return errors.New(std)
+		}
+	case "rollback":
+		std, err := cmd.Execf("docker load < %s", path.Join(source, "docker_image.tar"))
+		if err != nil {
+			return errors.New(std)
+		}
+	}
+	global.LOG.Info("handle docker data successful!")
+	return nil
+}
+
 func (u *SnapshotService) handleDaemonJson(fileOp files.FileOp, operation string, source, target string) error {
 	daemonJsonPath := "/etc/docker/daemon.json"
 	if operation == "snapshot" || operation == "recover" {
 		_, err := os.Stat(daemonJsonPath)
 		if os.IsNotExist(err) {
-			global.LOG.Info("no daemon.josn in snapshot and system now, nothing happened")
+			global.LOG.Info("no daemon.json in snapshot and system now, nothing happened")
 		}
 		if err == nil {
 			if err := fileOp.CopyFile(daemonJsonPath, target); err != nil {
@@ -581,6 +680,7 @@ func (u *SnapshotService) handlePanelBinary(fileOp files.FileOp, operation strin
 	global.LOG.Info("handle binary panel successful!")
 	return nil
 }
+
 func (u *SnapshotService) handlePanelctlBinary(fileOp files.FileOp, operation string, source, target string) error {
 	panelctlPath := "/usr/local/bin/1pctl"
 	if operation == "snapshot" || operation == "recover" {
@@ -658,7 +758,7 @@ func (u *SnapshotService) handleBackupDatas(fileOp files.FileOp, operation strin
 func (u *SnapshotService) handlePanelDatas(snapID uint, fileOp files.FileOp, operation string, source, target, backupDir, dockerDir string) error {
 	switch operation {
 	case "snapshot":
-		exclusionRules := "./tmp;./cache;"
+		exclusionRules := "./tmp;./log;./cache;./db/1Panel.db-*;"
 		if strings.Contains(backupDir, source) {
 			exclusionRules += ("." + strings.ReplaceAll(backupDir, source, "") + ";")
 		}
@@ -670,7 +770,7 @@ func (u *SnapshotService) handlePanelDatas(snapID uint, fileOp files.FileOp, ope
 			return fmt.Errorf("backup panel data failed, err: %v", err)
 		}
 	case "recover":
-		exclusionRules := "./tmp/;./cache;"
+		exclusionRules := "./tmp;./log;./cache;./db/1Panel.db-*;"
 		if strings.Contains(backupDir, target) {
 			exclusionRules += ("." + strings.ReplaceAll(backupDir, target, "") + ";")
 		}
@@ -684,14 +784,17 @@ func (u *SnapshotService) handlePanelDatas(snapID uint, fileOp files.FileOp, ope
 		}
 		_ = snapshotRepo.Update(snapID, map[string]interface{}{"recover_status": constant.StatusWaiting})

+		_ = fileOp.Fs.RemoveAll(path.Join(target, "apps"))
 		if err := u.handleUnTar(source+"/1panel/1panel_data.tar.gz", target); err != nil {
 			return fmt.Errorf("recover panel data failed, err: %v", err)
 		}
 	case "re-recover":
+		_ = fileOp.Fs.RemoveAll(path.Join(target, "apps"))
 		if err := u.handleUnTar(source+"/1panel/1panel_data.tar.gz", target); err != nil {
 			return fmt.Errorf("retry recover panel data failed, err: %v", err)
 		}
 	case "rollback":
+		_ = fileOp.Fs.RemoveAll(path.Join(target, "apps"))
 		if err := u.handleUnTar(source+"/1panel_data.tar.gz", target); err != nil {
 			return fmt.Errorf("rollback panel data failed, err: %v", err)
 		}
@@ -718,8 +821,9 @@ func (u *SnapshotService) Delete(req dto.BatchDeleteReq) error {
 		return err
 	}
 	for _, snap := range backups {
-		if _, err := os.Stat(fmt.Sprintf("%s/system/%s/%s.tar.gz", localDir, snap.Name, snap.Name)); err == nil {
-			_ = os.Remove(fmt.Sprintf("%s/system/%s/%s.tar.gz", localDir, snap.Name, snap.Name))
+		itemFile := path.Join(localDir, fmt.Sprintf("system/%s/%s.tar.gz", snap.Name, snap.Name))
+		if _, err := os.Stat(itemFile); err == nil {
+			_ = os.Remove(itemFile)
 		}
 	}
 	if err := snapshotRepo.Delete(commonRepo.WithIdsIn(req.Ids)); err != nil {
@@ -856,8 +960,10 @@ func (u *SnapshotService) handleTar(sourceDir, targetDir, name, exclusionRules s
 	global.LOG.Debug(commands)
 	stdout, err := cmd.ExecWithTimeOut(commands, 30*time.Minute)
 	if err != nil {
-		global.LOG.Errorf("do handle tar failed, stdout: %s, err: %v", stdout, err)
-		return errors.New(stdout)
+		if len(stdout) != 0 {
+			global.LOG.Errorf("do handle tar failed, stdout: %s, err: %v", stdout, err)
+			return fmt.Errorf("do handle tar failed, stdout: %s, err: %v", stdout, err)
+		}
 	}
 	return nil
 }
@@ -873,8 +979,59 @@ func (u *SnapshotService) handleUnTar(sourceDir, targetDir string) error {
 	global.LOG.Debug(commands)
 	stdout, err := cmd.ExecWithTimeOut(commands, 30*time.Minute)
 	if err != nil {
-		global.LOG.Errorf("do handle untar failed, stdout: %s, err: %v", stdout, err)
-		return errors.New(stdout)
+		if len(stdout) != 0 {
+			global.LOG.Errorf("do handle untar failed, stdout: %s, err: %v", stdout, err)
+			return fmt.Errorf("do handle untar failed, stdout: %s, err: %v", stdout, err)
+		}
 	}
 	return nil
 }
+
+func rebuildAllAppInstall() error {
+	appInstalls, err := appInstallRepo.ListBy()
+	if err != nil {
+		global.LOG.Errorf("get all app installed for rebuild failed, err: %v", err)
+		return err
+	}
+	for _, install := range appInstalls {
+		_ = rebuildApp(install)
+	}
+	return nil
+}
+
+func isNewSnapVersion(version string) bool {
+	versionItem := "v1.5.0"
+	if version == versionItem {
+		return true
+	}
+	version1s := strings.Split(version, ".")
+	version2s := strings.Split(versionItem, ".")
+
+	n := min(len(version1s), len(version2s))
+	re := regexp.MustCompile("[0-9]+")
+	for i := 0; i < n; i++ {
+		sVersion1s := re.FindAllString(version1s[i], -1)
+		sVersion2s := re.FindAllString(version2s[i], -1)
+		if len(sVersion1s) == 0 {
+			return false
+		}
+		if len(sVersion2s) == 0 {
+			return false
+		}
+		v1num, _ := strconv.Atoi(sVersion1s[0])
+		v2num, _ := strconv.Atoi(sVersion2s[0])
+		if v1num == v2num {
+			continue
+		} else {
+			return v1num > v2num
+		}
+	}
+	return true
+}
+
+func min(a, b int) int {
+	if a < b {
+		return a
+	}
+	return b
+}
--- a/backend/app/service/ssh.go
+++ b/backend/app/service/ssh.go
@@ -11,6 +11,7 @@ import (
 	"time"

 	"github.com/1Panel-dev/1Panel/backend/app/dto"
+	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
@@ -31,6 +32,8 @@ type ISSHService interface {
 	GenerateSSH(req dto.GenerateSSH) error
 	LoadSSHSecret(mode string) (string, error)
 	LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error)
+
+	LoadSSHConf() (string, error)
 }

 func NewISSHService() ISSHService {
@@ -146,6 +149,9 @@ func (u *SSHService) UpdateByFile(value string) error {
 }

 func (u *SSHService) GenerateSSH(req dto.GenerateSSH) error {
+	if cmd.CheckIllegal(req.EncryptionMode, req.Password) {
+		return buserr.New(constant.ErrCmdIllegal)
+	}
 	currentUser, err := user.Current()
 	if err != nil {
 		return fmt.Errorf("load current user failed, err: %v", err)
@@ -202,8 +208,13 @@ func (u *SSHService) LoadSSHSecret(mode string) (string, error) {
 	return string(file), err
 }

+type sshFileItem struct {
+	Name string
+	Year int
+}
+
 func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
-	var fileList []string
+	var fileList []sshFileItem
 	var data dto.SSHLog
 	baseDir := "/var/log"
 	if err := filepath.Walk(baseDir, func(pathItem string, info os.FileInfo, err error) error {
@@ -211,12 +222,15 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
 			return err
 		}
 		if !info.IsDir() && strings.HasPrefix(info.Name(), "secure") || strings.HasPrefix(info.Name(), "auth") {
-			if strings.HasSuffix(info.Name(), ".gz") {
+			if !strings.HasSuffix(info.Name(), ".gz") {
+				fileList = append(fileList, sshFileItem{Name: pathItem, Year: info.ModTime().Year()})
+				return nil
+			}
+			itemFileName := strings.TrimSuffix(pathItem, ".gz")
+			if _, err := os.Stat(itemFileName); err != nil && os.IsNotExist(err) {
 				if err := handleGunzip(pathItem); err == nil {
-					fileList = append(fileList, strings.ReplaceAll(pathItem, ".gz", ""))
+					fileList = append(fileList, sshFileItem{Name: itemFileName, Year: info.ModTime().Year()})
 				}
-			} else {
-				fileList = append(fileList, pathItem)
 			}
 		}
 		return nil
@@ -229,82 +243,74 @@ func (u *SSHService) LoadLog(req dto.SearchSSHLog) (*dto.SSHLog, error) {
 	if len(req.Info) != 0 {
 		command = fmt.Sprintf(" | grep '%s'", req.Info)
 	}
-	for i := 0; i < len(fileList); i++ {
-		if strings.HasPrefix(path.Base(fileList[i]), "secure") {
-			commandItem := fmt.Sprintf("cat %s | grep -a 'Failed password for' | grep -v 'invalid' %s", fileList[i], command)
-			dataItem := loadFailedSecureDatas(commandItem)
-			data.FailedCount += len(dataItem)
-			data.TotalCount += len(dataItem)
-			if req.Status != constant.StatusSuccess {
-				data.Logs = append(data.Logs, dataItem...)
-			}
-		}
-		if strings.HasPrefix(path.Base(fileList[i]), "auth.log") {
-			commandItem := fmt.Sprintf("cat %s | grep -a 'Connection closed by authenticating user' | grep -a 'preauth' %s", fileList[i], command)
-			dataItem := loadFailedAuthDatas(commandItem)
-			data.FailedCount += len(dataItem)
-			data.TotalCount += len(dataItem)
-			if req.Status != constant.StatusSuccess {
-				data.Logs = append(data.Logs, dataItem...)
-			}
-		}
-		commandItem := fmt.Sprintf("cat %s | grep -a Accepted %s", fileList[i], command)
-		dataItem := loadSuccessDatas(commandItem)
-		data.TotalCount += len(dataItem)
-		if req.Status != constant.StatusFailed {
-			data.Logs = append(data.Logs, dataItem...)
-		}
-	}
-	data.SuccessfulCount = data.TotalCount - data.FailedCount
-	if len(data.Logs) < 1 {
-		return nil, nil
-	}

-	var itemDatas []dto.SSHHistory
-	total, start, end := len(data.Logs), (req.Page-1)*req.PageSize, req.Page*req.PageSize
-	if start > total {
-		itemDatas = make([]dto.SSHHistory, 0)
-	} else {
-		if end >= total {
-			end = total
-		}
-		itemDatas = data.Logs[start:end]
-	}
-	data.Logs = itemDatas
-
-	timeNow := time.Now()
+	showCountFrom := (req.Page - 1) * req.PageSize
+	showCountTo := req.Page * req.PageSize
 	nyc, _ := time.LoadLocation(common.LoadTimeZone())
 	qqWry, err := qqwry.NewQQwry()
 	if err != nil {
 		global.LOG.Errorf("load qqwry datas failed: %s", err)
 	}
-	var itemLogs []dto.SSHHistory
-	for i := len(data.Logs) - 1; i >= 0; i-- {
-		data.Logs[i].Area = qqWry.Find(data.Logs[i].Address).Area
-		data.Logs[i].Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", timeNow.Year(), data.Logs[i].DateStr), nyc)
-		itemLogs = append(itemLogs, data.Logs[i])
+	for _, file := range fileList {
+		commandItem := ""
+		if strings.HasPrefix(path.Base(file.Name), "secure") {
+			switch req.Status {
+			case constant.StatusSuccess:
+				commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
+			case constant.StatusFailed:
+				commandItem = fmt.Sprintf("cat %s | grep -a 'Failed password for' | grep -v 'invalid' %s", file.Name, command)
+			default:
+				commandItem = fmt.Sprintf("cat %s | grep -aE '(Failed password for|Accepted)' | grep -v 'invalid' %s", file.Name, command)
+			}
+		}
+		if strings.HasPrefix(path.Base(file.Name), "auth.log") {
+			switch req.Status {
+			case constant.StatusSuccess:
+				commandItem = fmt.Sprintf("cat %s | grep -a Accepted %s", file.Name, command)
+			case constant.StatusFailed:
+				commandItem = fmt.Sprintf("cat %s | grep -a 'Connection closed by authenticating user' | grep -a 'preauth' %s", file.Name, command)
+			default:
+				commandItem = fmt.Sprintf("cat %s | grep -aE \"(Connection closed by authenticating user|Accepted)\" | grep -v 'invalid' %s", file.Name, command)
+			}
+		}
+		dataItem, successCount, failedCount := loadSSHData(commandItem, showCountFrom, showCountTo, file.Year, qqWry, nyc)
+		data.FailedCount += failedCount
+		data.TotalCount += successCount + failedCount
+		showCountFrom = showCountFrom - (successCount + failedCount)
+		showCountTo = showCountTo - (successCount + failedCount)
+		data.Logs = append(data.Logs, dataItem...)
 	}
-	data.Logs = itemLogs

+	data.SuccessfulCount = data.TotalCount - data.FailedCount
 	return &data, nil
 }

-func sortFileList(fileNames []string) []string {
+func (u *SSHService) LoadSSHConf() (string, error) {
+	if _, err := os.Stat("/etc/ssh/sshd_config"); err != nil {
+		return "", buserr.New("ErrHttpReqNotFound")
+	}
+	content, err := os.ReadFile("/etc/ssh/sshd_config")
+	if err != nil {
+		return "", err
+	}
+	return string(content), nil
+}
+
+func sortFileList(fileNames []sshFileItem) []sshFileItem {
 	if len(fileNames) < 2 {
 		return fileNames
 	}
-	var itemFile []string
-	if strings.Contains(fileNames[0], "secure") {
+	if strings.HasPrefix(path.Base(fileNames[0].Name), "secure") {
+		var itemFile []sshFileItem
 		sort.Slice(fileNames, func(i, j int) bool {
-			return fileNames[i] < fileNames[j]
+			return fileNames[i].Name > fileNames[j].Name
 		})
-		itemFile = append(itemFile, fileNames[1:]...)
-		itemFile = append(itemFile, fileNames[0])
+		itemFile = append(itemFile, fileNames[len(fileNames)-1])
+		itemFile = append(itemFile, fileNames[:len(fileNames)-2]...)
 		return itemFile
 	}
-
 	sort.Slice(fileNames, func(i, j int) bool {
-		return fileNames[i] > fileNames[j]
+		return fileNames[i].Name < fileNames[j].Name
 	})
 	return fileNames
 }
@@ -339,82 +345,111 @@ func updateSSHConf(oldFiles []string, param string, value interface{}) []string
 	return newFiles
 }

-func loadSuccessDatas(command string) []dto.SSHHistory {
-	var datas []dto.SSHHistory
+func loadSSHData(command string, showCountFrom, showCountTo, currentYear int, qqWry *qqwry.QQwry, nyc *time.Location) ([]dto.SSHHistory, int, int) {
+	var (
+		datas        []dto.SSHHistory
+		successCount int
+		failedCount  int
+	)
 	stdout2, err := cmd.Exec(command)
-	if err == nil {
-		lines := strings.Split(string(stdout2), "\n")
-		for _, line := range lines {
-			parts := strings.Fields(line)
-			if len(parts) < 14 {
-				continue
+	if err != nil {
+		return datas, 0, 0
+	}
+	lines := strings.Split(string(stdout2), "\n")
+	for i := len(lines) - 1; i >= 0; i-- {
+		var itemData dto.SSHHistory
+		switch {
+		case strings.Contains(lines[i], "Failed password for"):
+			itemData = loadFailedSecureDatas(lines[i])
+			if len(itemData.Address) != 0 {
+				if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
+					itemData.Area = qqWry.Find(itemData.Address).Area
+					itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
+					datas = append(datas, itemData)
+				}
+				failedCount++
 			}
-			historyItem := dto.SSHHistory{
-				DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-				AuthMode: parts[6],
-				User:     parts[8],
-				Address:  parts[10],
-				Port:     parts[12],
-				Status:   constant.StatusSuccess,
+		case strings.Contains(lines[i], "Connection closed by authenticating user"):
+			itemData = loadFailedAuthDatas(lines[i])
+			if len(itemData.Address) != 0 {
+				if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
+					itemData.Area = qqWry.Find(itemData.Address).Area
+					itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
+					datas = append(datas, itemData)
+				}
+				failedCount++
+			}
+		case strings.Contains(lines[i], "Accepted "):
+			itemData = loadSuccessDatas(lines[i])
+			if len(itemData.Address) != 0 {
+				if successCount+failedCount >= showCountFrom && successCount+failedCount < showCountTo {
+					itemData.Area = qqWry.Find(itemData.Address).Area
+					itemData.Date, _ = time.ParseInLocation("2006 Jan 2 15:04:05", fmt.Sprintf("%d %s", currentYear, itemData.DateStr), nyc)
+					datas = append(datas, itemData)
+				}
+				successCount++
 			}
-			datas = append(datas, historyItem)
 		}
 	}
-	return datas
+	return datas, successCount, failedCount
 }

-func loadFailedAuthDatas(command string) []dto.SSHHistory {
-	var datas []dto.SSHHistory
-	stdout2, err := cmd.Exec(command)
-	if err == nil {
-		lines := strings.Split(string(stdout2), "\n")
-		for _, line := range lines {
-			parts := strings.Fields(line)
-			if len(parts) < 14 {
-				continue
-			}
-			historyItem := dto.SSHHistory{
-				DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-				AuthMode: parts[8],
-				User:     parts[10],
-				Address:  parts[11],
-				Port:     parts[13],
-				Status:   constant.StatusFailed,
-			}
-			if strings.Contains(line, ": ") {
-				historyItem.Message = strings.Split(line, ": ")[1]
-			}
-			datas = append(datas, historyItem)
-		}
+func loadSuccessDatas(line string) dto.SSHHistory {
+	var data dto.SSHHistory
+	parts := strings.Fields(line)
+	if len(parts) < 14 {
+		return data
 	}
-	return datas
+	data = dto.SSHHistory{
+		DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
+		AuthMode: parts[6],
+		User:     parts[8],
+		Address:  parts[10],
+		Port:     parts[12],
+		Status:   constant.StatusSuccess,
+	}
+	return data
 }

-func loadFailedSecureDatas(command string) []dto.SSHHistory {
-	var datas []dto.SSHHistory
-	stdout2, err := cmd.Exec(command)
-	if err == nil {
-		lines := strings.Split(string(stdout2), "\n")
-		for _, line := range lines {
-			parts := strings.Fields(line)
-			if len(parts) < 14 {
-				continue
-			}
-			historyItem := dto.SSHHistory{
-				DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
-				AuthMode: parts[6],
-				User:     parts[8],
-				Address:  parts[10],
-				Port:     parts[12],
-				Status:   constant.StatusFailed,
-			}
-			if strings.Contains(line, ": ") {
-				historyItem.Message = strings.Split(line, ": ")[1]
-			}
-			datas = append(datas, historyItem)
-		}
+func loadFailedAuthDatas(line string) dto.SSHHistory {
+	var data dto.SSHHistory
+	parts := strings.Fields(line)
+	if len(parts) < 14 {
+		return data
 	}
-	return datas
+	data = dto.SSHHistory{
+		DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
+		AuthMode: parts[8],
+		User:     parts[10],
+		Address:  parts[11],
+		Port:     parts[13],
+		Status:   constant.StatusFailed,
+	}
+	if strings.Contains(line, ": ") {
+		data.Message = strings.Split(line, ": ")[1]
+	}
+	return data
+}
+
+func loadFailedSecureDatas(line string) dto.SSHHistory {
+	var data dto.SSHHistory
+	parts := strings.Fields(line)
+	if len(parts) < 14 {
+		return data
+	}
+	data = dto.SSHHistory{
+		DateStr:  fmt.Sprintf("%s %s %s", parts[0], parts[1], parts[2]),
+		AuthMode: parts[6],
+		User:     parts[8],
+		Address:  parts[10],
+		Port:     parts[12],
+		Status:   constant.StatusFailed,
+	}
+	if strings.Contains(line, ": ") {
+		data.Message = strings.Split(line, ": ")[1]
+	}
+
+	return data
 }

 func handleGunzip(path string) error {
--- a/backend/app/service/upgrade.go
+++ b/backend/app/service/upgrade.go
@@ -6,6 +6,7 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"path"
 	"runtime"
 	"strings"
 	"time"
@@ -86,8 +87,8 @@ func (u *UpgradeService) Upgrade(req dto.Upgrade) error {
 	global.LOG.Info("start to upgrade now...")
 	fileOp := files.NewFileOp()
 	timeStr := time.Now().Format("20060102150405")
-	rootDir := fmt.Sprintf("%s/upgrade_%s/downloads", global.CONF.System.TmpDir, timeStr)
-	originalDir := fmt.Sprintf("%s/upgrade_%s/original", global.CONF.System.TmpDir, timeStr)
+	rootDir := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("upgrade/upgrade_%s/downloads", timeStr))
+	originalDir := path.Join(global.CONF.System.TmpDir, fmt.Sprintf("upgrade/upgrade_%s/original", timeStr))
 	if err := os.MkdirAll(rootDir, os.ModePerm); err != nil {
 		return err
 	}
--- a/backend/app/service/website.go
+++ b/backend/app/service/website.go
@@ -5,9 +5,21 @@ import (
 	"bytes"
 	"context"
 	"crypto/x509"
+	"encoding/json"
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"os"
+	"path"
+	"reflect"
+	"regexp"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/1Panel-dev/1Panel/backend/utils/compose"
+	"github.com/1Panel-dev/1Panel/backend/utils/env"
+
 	"github.com/1Panel-dev/1Panel/backend/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/backend/utils/cmd"
 	"github.com/1Panel-dev/1Panel/backend/utils/common"
@@ -18,13 +30,6 @@ import (
 	"golang.org/x/crypto/bcrypt"
 	"gopkg.in/ini.v1"
 	"gorm.io/gorm"
-	"os"
-	"path"
-	"reflect"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"

 	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
 	"github.com/1Panel-dev/1Panel/backend/app/dto/response"
@@ -53,20 +58,26 @@ type IWebsiteService interface {
 	CreateWebsiteDomain(create request.WebsiteDomainCreate) (model.WebsiteDomain, error)
 	GetWebsiteDomain(websiteId uint) ([]model.WebsiteDomain, error)
 	DeleteWebsiteDomain(domainId uint) error
+
 	GetNginxConfigByScope(req request.NginxScopeReq) (*response.WebsiteNginxConfig, error)
 	UpdateNginxConfigByScope(req request.NginxConfigUpdate) error
 	GetWebsiteNginxConfig(websiteId uint, configType string) (response.FileInfo, error)
-	GetWebsiteHTTPS(websiteId uint) (response.WebsiteHTTPS, error)
-	OpWebsiteHTTPS(ctx context.Context, req request.WebsiteHTTPSOp) (response.WebsiteHTTPS, error)
-	PreInstallCheck(req request.WebsiteInstallCheckReq) ([]response.WebsitePreInstallCheck, error)
-	GetWafConfig(req request.WebsiteWafReq) (response.WebsiteWafConfig, error)
-	UpdateWafConfig(req request.WebsiteWafUpdate) error
 	UpdateNginxConfigFile(req request.WebsiteNginxUpdate) error
+	GetWebsiteHTTPS(websiteId uint) (response.WebsiteHTTPS, error)
+	OpWebsiteHTTPS(ctx context.Context, req request.WebsiteHTTPSOp) (*response.WebsiteHTTPS, error)
 	OpWebsiteLog(req request.WebsiteLogReq) (*response.WebsiteLog, error)
 	ChangeDefaultServer(id uint) error
+	PreInstallCheck(req request.WebsiteInstallCheckReq) ([]response.WebsitePreInstallCheck, error)
+
+	GetWafConfig(req request.WebsiteWafReq) (response.WebsiteWafConfig, error)
+	UpdateWafConfig(req request.WebsiteWafUpdate) error
+	UpdateWafFile(req request.WebsiteWafFileUpdate) (err error)
+
 	GetPHPConfig(id uint) (*response.PHPConfig, error)
 	UpdatePHPConfig(req request.WebsitePHPConfigUpdate) error
 	UpdatePHPConfigFile(req request.WebsitePHPFileUpdate) error
+	ChangePHPVersion(req request.WebsitePHPVersionReq) error
+
 	GetRewriteConfig(req request.NginxRewriteReq) (*response.NginxRewriteRes, error)
 	UpdateRewriteConfig(req request.NginxRewriteUpdate) error
 	UpdateSiteDir(req request.WebsiteUpdateDir) error
@@ -78,6 +89,9 @@ type IWebsiteService interface {
 	UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	GetAntiLeech(id uint) (*response.NginxAntiLeechRes, error)
 	UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err error)
+	OperateRedirect(req request.NginxRedirectReq) (err error)
+	GetRedirect(id uint) (res []response.NginxRedirectConfig, err error)
+	UpdateRedirectFile(req request.NginxRedirectUpdate) (err error)
 }

 func NewIWebsiteService() IWebsiteService {
@@ -96,7 +110,7 @@ func (w WebsiteService) PageWebsite(req request.WebsiteSearch) (int64, []respons
 		}
 		return 0, nil, err
 	}
-	opts = append(opts, commonRepo.WithOrderBy("created_at desc"))
+	opts = append(opts, commonRepo.WithOrderRuleBy(req.OrderBy, req.Order))
 	if req.Name != "" {
 		opts = append(opts, websiteRepo.WithDomainLike(req.Name))
 	}
@@ -338,6 +352,11 @@ func (w WebsiteService) UpdateWebsite(req request.WebsiteUpdate) error {
 	if err != nil {
 		return err
 	}
+	if website.IPV6 != req.IPV6 {
+		if err := changeIPV6(website, req.IPV6); err != nil {
+			return err
+		}
+	}
 	website.PrimaryDomain = req.PrimaryDomain
 	website.WebsiteGroupID = req.WebsiteGroupID
 	website.Remark = req.Remark
@@ -407,13 +426,13 @@ func (w WebsiteService) DeleteWebsite(req request.WebsiteDelete) error {

 	if req.DeleteBackup {
 		localDir, _ := loadLocalDir()
-		backupDir := fmt.Sprintf("%s/website/%s", localDir, website.Alias)
+		backupDir := path.Join(localDir, fmt.Sprintf("website/%s", website.Alias))
 		if _, err := os.Stat(backupDir); err == nil {
 			_ = os.RemoveAll(backupDir)
 		}
 		global.LOG.Infof("delete website %s backups successful", website.Alias)
 	}
-	uploadDir := fmt.Sprintf("%s/1panel/uploads/website/%s", global.CONF.System.BaseDir, website.Alias)
+	uploadDir := path.Join(global.CONF.System.BaseDir, fmt.Sprintf("1panel/uploads/website/%s", website.Alias))
 	if _, err := os.Stat(uploadDir); err == nil {
 		_ = os.RemoveAll(uploadDir)
 	}
@@ -618,10 +637,10 @@ func (w WebsiteService) GetWebsiteHTTPS(websiteId uint) (response.WebsiteHTTPS,
 	return res, nil
 }

-func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteHTTPSOp) (response.WebsiteHTTPS, error) {
+func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteHTTPSOp) (*response.WebsiteHTTPS, error) {
 	website, err := websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
 	if err != nil {
-		return response.WebsiteHTTPS{}, err
+		return nil, err
 	}
 	var (
 		res        response.WebsiteHTTPS
@@ -634,7 +653,7 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
 		website.Protocol = constant.ProtocolHTTP
 		website.WebsiteSSLID = 0
 		if err := deleteListenAndServerName(website, []string{"443", "[::]:443"}, []string{}); err != nil {
-			return response.WebsiteHTTPS{}, err
+			return nil, err
 		}
 		nginxParams := getNginxParamsFromStaticFile(dto.SSL, nil)
 		nginxParams = append(nginxParams,
@@ -655,28 +674,64 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
 				Name: "ssl_ciphers",
 			},
 		)
-		if err := deleteNginxConfig(constant.NginxScopeServer, nginxParams, &website); err != nil {
-			return response.WebsiteHTTPS{}, err
+		if err = deleteNginxConfig(constant.NginxScopeServer, nginxParams, &website); err != nil {
+			return nil, err
 		}
-		if err := websiteRepo.Save(ctx, &website); err != nil {
-			return response.WebsiteHTTPS{}, err
+		if err = websiteRepo.Save(ctx, &website); err != nil {
+			return nil, err
 		}
-		return res, nil
+		return nil, nil
 	}

 	if req.Type == constant.SSLExisted {
 		websiteSSL, err = websiteSSLRepo.GetFirst(commonRepo.WithByID(req.WebsiteSSLID))
 		if err != nil {
-			return response.WebsiteHTTPS{}, err
+			return nil, err
 		}
 		website.WebsiteSSLID = websiteSSL.ID
 		res.SSL = websiteSSL
 	}
 	if req.Type == constant.SSLManual {
-		certBlock, _ := pem.Decode([]byte(req.Certificate))
+		var (
+			certificate string
+			privateKey  string
+		)
+		switch req.ImportType {
+		case "paste":
+			certificate = req.Certificate
+			privateKey = req.PrivateKey
+		case "local":
+			fileOp := files.NewFileOp()
+			if !fileOp.Stat(req.PrivateKeyPath) {
+				return nil, buserr.New("ErrSSLKeyNotFound")
+			}
+			if !fileOp.Stat(req.CertificatePath) {
+				return nil, buserr.New("ErrSSLCertificateNotFound")
+			}
+			if content, err := fileOp.GetContent(req.PrivateKeyPath); err != nil {
+				return nil, err
+			} else {
+				privateKey = string(content)
+			}
+			if content, err := fileOp.GetContent(req.CertificatePath); err != nil {
+				return nil, err
+			} else {
+				certificate = string(content)
+			}
+		}
+
+		privateKeyCertBlock, _ := pem.Decode([]byte(privateKey))
+		if privateKeyCertBlock == nil {
+			return nil, buserr.New("ErrSSLKeyFormat")
+		}
+
+		certBlock, _ := pem.Decode([]byte(certificate))
+		if certBlock == nil {
+			return nil, buserr.New("ErrSSLCertificateFormat")
+		}
 		cert, err := x509.ParseCertificate(certBlock.Bytes)
 		if err != nil {
-			return response.WebsiteHTTPS{}, err
+			return nil, err
 		}
 		websiteSSL.ExpireDate = cert.NotAfter
 		websiteSSL.StartDate = cert.NotBefore
@@ -690,28 +745,28 @@ func (w WebsiteService) OpWebsiteHTTPS(ctx context.Context, req request.WebsiteH
 			websiteSSL.PrimaryDomain = cert.DNSNames[0]
 			websiteSSL.Domains = strings.Join(cert.DNSNames, ",")
 		}
-
 		websiteSSL.Provider = constant.Manual
-		websiteSSL.PrivateKey = req.PrivateKey
-		websiteSSL.Pem = req.Certificate
+		websiteSSL.PrivateKey = privateKey
+		websiteSSL.Pem = certificate
+
 		res.SSL = websiteSSL
 	}
 	website.Protocol = constant.ProtocolHTTPS
 	if err := applySSL(website, websiteSSL, req); err != nil {
-		return response.WebsiteHTTPS{}, err
+		return nil, err
 	}
 	website.HttpConfig = req.HttpConfig

 	if websiteSSL.ID == 0 {
 		if err := websiteSSLRepo.Create(ctx, &websiteSSL); err != nil {
-			return response.WebsiteHTTPS{}, err
+			return nil, err
 		}
 		website.WebsiteSSLID = websiteSSL.ID
 	}
 	if err := websiteRepo.Save(ctx, &website); err != nil {
-		return response.WebsiteHTTPS{}, err
+		return nil, err
 	}
-	return res, nil
+	return &res, nil
 }

 func (w WebsiteService) PreInstallCheck(req request.WebsiteInstallCheckReq) ([]response.WebsitePreInstallCheck, error) {
@@ -794,7 +849,6 @@ func (w WebsiteService) GetWafConfig(req request.WebsiteWafReq) (response.Websit
 	if err != nil {
 		return res, nil
 	}
-	res.FilePath = filePath
 	res.Content = string(content)

 	return res, nil
@@ -991,7 +1045,7 @@ func (w WebsiteService) GetPHPConfig(id uint) (*response.PHPConfig, error) {
 	phpConfigPath := path.Join(appInstall.GetPath(), "conf", "php.ini")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(phpConfigPath) {
-		return nil, buserr.WithDetail(constant.ErrFileCanNotRead, "php.ini", nil)
+		return nil, buserr.WithMap("ErrFileNotFound", map[string]interface{}{"name": "php.ini"}, nil)
 	}
 	params := make(map[string]string)
 	configFile, err := fileOp.OpenFile(phpConfigPath)
@@ -1045,7 +1099,7 @@ func (w WebsiteService) UpdatePHPConfig(req request.WebsitePHPConfigUpdate) (err
 	phpConfigPath := path.Join(appInstall.GetPath(), "conf", "php.ini")
 	fileOp := files.NewFileOp()
 	if !fileOp.Stat(phpConfigPath) {
-		return buserr.WithDetail(constant.ErrFileCanNotRead, "php.ini", nil)
+		return buserr.WithMap("ErrFileNotFound", map[string]interface{}{"name": "php.ini"}, nil)
 	}
 	configFile, err := fileOp.OpenFile(phpConfigPath)
 	if err != nil {
@@ -1058,50 +1112,41 @@ func (w WebsiteService) UpdatePHPConfig(req request.WebsitePHPConfigUpdate) (err
 		return err
 	}

-	if req.Scope == "params" {
-		content := string(contentBytes)
-		lines := strings.Split(content, "\n")
-		for i, line := range lines {
-			if strings.HasPrefix(line, ";") {
-				continue
-			}
+	content := string(contentBytes)
+	lines := strings.Split(content, "\n")
+	for i, line := range lines {
+		if strings.HasPrefix(line, ";") {
+			continue
+		}
+		switch req.Scope {
+		case "params":
 			for key, value := range req.Params {
 				pattern := "^" + regexp.QuoteMeta(key) + "\\s*=\\s*.*$"
 				if matched, _ := regexp.MatchString(pattern, line); matched {
 					lines[i] = key + " = " + value
 				}
 			}
-		}
-		updatedContent := strings.Join(lines, "\n")
-		if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), 0755); err != nil {
-			return err
+		case "disable_functions":
+			pattern := "^" + regexp.QuoteMeta("disable_functions") + "\\s*=\\s*.*$"
+			if matched, _ := regexp.MatchString(pattern, line); matched {
+				lines[i] = "disable_functions" + " = " + strings.Join(req.DisableFunctions, ",")
+				break
+			}
+		case "upload_max_filesize":
+			pattern := "^" + regexp.QuoteMeta("post_max_size") + "\\s*=\\s*.*$"
+			if matched, _ := regexp.MatchString(pattern, line); matched {
+				lines[i] = "post_max_size" + " = " + req.UploadMaxSize
+			}
+			patternUpload := "^" + regexp.QuoteMeta("upload_max_filesize") + "\\s*=\\s*.*$"
+			if matched, _ := regexp.MatchString(patternUpload, line); matched {
+				lines[i] = "upload_max_filesize" + " = " + req.UploadMaxSize
+			}
 		}
 	}
-
-	cfg, err := ini.Load(phpConfigPath)
-	if err != nil {
+	updatedContent := strings.Join(lines, "\n")
+	if err := fileOp.WriteFile(phpConfigPath, strings.NewReader(updatedContent), 0755); err != nil {
 		return err
 	}
-	phpConfig, err := cfg.GetSection("PHP")
-	if err != nil {
-		return err
-	}
-	if req.Scope == "disable_functions" {
-		disable := phpConfig.Key("disable_functions")
-		disable.SetValue(strings.Join(req.DisableFunctions, ","))
-		if err = cfg.SaveTo(phpConfigPath); err != nil {
-			return err
-		}
-	}
-	if req.Scope == "upload_max_filesize" {
-		postMaxSize := phpConfig.Key("post_max_size")
-		postMaxSize.SetValue(req.UploadMaxSize)
-		uploadMaxFileSize := phpConfig.Key("upload_max_filesize")
-		uploadMaxFileSize.SetValue(req.UploadMaxSize)
-		if err = cfg.SaveTo(phpConfigPath); err != nil {
-			return err
-		}
-	}

 	appInstallReq := request.AppInstalledOperate{
 		InstallId: appInstall.ID,
@@ -1146,6 +1191,108 @@ func (w WebsiteService) UpdatePHPConfigFile(req request.WebsitePHPFileUpdate) er
 	return nil
 }

+func (w WebsiteService) ChangePHPVersion(req request.WebsitePHPVersionReq) error {
+	website, err := websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
+	if err != nil {
+		return err
+	}
+	runtime, err := runtimeRepo.GetFirst(commonRepo.WithByID(req.RuntimeID))
+	if err != nil {
+		return err
+	}
+	oldRuntime, err := runtimeRepo.GetFirst(commonRepo.WithByID(req.RuntimeID))
+	if err != nil {
+		return err
+	}
+	if runtime.Resource == constant.ResourceLocal || oldRuntime.Resource == constant.ResourceLocal {
+		return buserr.New("ErrPHPResource")
+	}
+	appInstall, err := appInstallRepo.GetFirst(commonRepo.WithByID(website.AppInstallID))
+	if err != nil {
+		return err
+	}
+	appDetail, err := appDetailRepo.GetFirst(commonRepo.WithByID(runtime.AppDetailID))
+	if err != nil {
+		return err
+	}
+
+	envs := make(map[string]interface{})
+	if err = json.Unmarshal([]byte(appInstall.Env), &envs); err != nil {
+		return err
+	}
+	if out, err := compose.Down(appInstall.GetComposePath()); err != nil {
+		if out != "" {
+			return errors.New(out)
+		}
+		return err
+	}
+
+	var (
+		busErr          error
+		fileOp          = files.NewFileOp()
+		envPath         = appInstall.GetEnvPath()
+		composePath     = appInstall.GetComposePath()
+		confDir         = path.Join(appInstall.GetPath(), "conf")
+		backupConfDir   = path.Join(appInstall.GetPath(), "conf_bak")
+		fpmConfDir      = path.Join(confDir, "php-fpm.conf")
+		phpDir          = path.Join(constant.RuntimeDir, runtime.Type, runtime.Name, "php")
+		oldFmContent, _ = fileOp.GetContent(fpmConfDir)
+	)
+	envParams := make(map[string]string, len(envs))
+	handleMap(envs, envParams)
+	envParams["IMAGE_NAME"] = runtime.Image
+	defer func() {
+		if busErr != nil {
+			envParams["IMAGE_NAME"] = oldRuntime.Image
+			_ = env.Write(envParams, envPath)
+			_ = fileOp.WriteFile(composePath, strings.NewReader(appInstall.DockerCompose), 0775)
+			if fileOp.Stat(backupConfDir) {
+				_ = fileOp.DeleteDir(confDir)
+				_ = fileOp.Rename(backupConfDir, confDir)
+			}
+		}
+	}()
+
+	if busErr = env.Write(envParams, envPath); busErr != nil {
+		return busErr
+	}
+	if busErr = fileOp.WriteFile(composePath, strings.NewReader(appDetail.DockerCompose), 0775); busErr != nil {
+		return busErr
+	}
+	if !req.RetainConfig {
+		if busErr = fileOp.Rename(confDir, backupConfDir); busErr != nil {
+			return busErr
+		}
+		_ = fileOp.CreateDir(confDir, 0755)
+		if busErr = fileOp.CopyFile(path.Join(phpDir, "php-fpm.conf"), confDir); busErr != nil {
+			return busErr
+		}
+		if busErr = fileOp.CopyFile(path.Join(phpDir, "php.ini"), confDir); busErr != nil {
+			_ = fileOp.WriteFile(fpmConfDir, bytes.NewReader(oldFmContent), 0775)
+			return busErr
+		}
+	}
+	if out, err := compose.Up(appInstall.GetComposePath()); err != nil {
+		if out != "" {
+			busErr = errors.New(out)
+			return busErr
+		}
+		busErr = err
+		return busErr
+	}
+
+	_ = fileOp.DeleteDir(backupConfDir)
+
+	appInstall.AppDetailId = runtime.AppDetailID
+	appInstall.AppId = appDetail.AppId
+	appInstall.Version = appDetail.Version
+	appInstall.DockerCompose = appDetail.DockerCompose
+
+	_ = appInstallRepo.Save(context.Background(), &appInstall)
+	website.RuntimeID = req.RuntimeID
+	return websiteRepo.Save(context.Background(), &website)
+}
+
 func (w WebsiteService) UpdateRewriteConfig(req request.NginxRewriteUpdate) error {
 	website, err := websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
 	if err != nil {
@@ -1504,14 +1651,6 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	if !fileOp.Stat(absoluteAuthPath) {
 		_ = fileOp.CreateFile(absoluteAuthPath)
 	}
-	defer func() {
-		if err != nil {
-			switch req.Operate {
-			case "create":
-
-			}
-		}
-	}()

 	params = append(params, dto.NginxParam{Name: "auth_basic", Params: []string{`"Authentication"`}})
 	params = append(params, dto.NginxParam{Name: "auth_basic_user_file", Params: []string{authPath}})
@@ -1519,7 +1658,9 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	if err != nil {
 		return
 	}
-	authArray = strings.Split(string(authContent), "\n")
+	if len(authContent) > 0 {
+		authArray = strings.Split(string(authContent), "\n")
+	}
 	switch req.Operate {
 	case "disable":
 		return deleteNginxConfig(constant.NginxScopeServer, params, &website)
@@ -1590,6 +1731,9 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	defer passFile.Close()
 	writer := bufio.NewWriter(passFile)
 	for _, line := range authArray {
+		if line == "" {
+			continue
+		}
 		_, err = writer.WriteString(line + "\n")
 		if err != nil {
 			return
@@ -1599,6 +1743,15 @@ func (w WebsiteService) UpdateAuthBasic(req request.NginxAuthUpdate) (err error)
 	if err != nil {
 		return
 	}
+	authContent, err = fileOp.GetContent(absoluteAuthPath)
+	if err != nil {
+		return
+	}
+	if len(authContent) == 0 {
+		if err = deleteNginxConfig(constant.NginxScopeServer, params, &website); err != nil {
+			return
+		}
+	}
 	return
 }

@@ -1656,7 +1809,7 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 		return
 	}
 	fileOp := files.NewFileOp()
-	backpContent, err := fileOp.GetContent(nginxFull.SiteConfig.Config.FilePath)
+	backupContent, err := fileOp.GetContent(nginxFull.SiteConfig.Config.FilePath)
 	if err != nil {
 		return
 	}
@@ -1727,7 +1880,7 @@ func (w WebsiteService) UpdateAntiLeech(req request.NginxAntiLeechUpdate) (err e
 		return
 	}
 	if err = updateNginxConfig(constant.NginxScopeServer, nil, &website); err != nil {
-		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backpContent), 0755)
+		_ = fileOp.WriteFile(nginxFull.SiteConfig.Config.FilePath, bytes.NewReader(backupContent), 0755)
 		return
 	}
 	return
@@ -1810,3 +1963,341 @@ func (w WebsiteService) GetAntiLeech(id uint) (*response.NginxAntiLeechRes, erro
 	}
 	return res, nil
 }
+
+func (w WebsiteService) OperateRedirect(req request.NginxRedirectReq) (err error) {
+	var (
+		website      model.Website
+		nginxInstall model.AppInstall
+		oldContent   []byte
+	)
+
+	website, err = websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
+	if err != nil {
+		return err
+	}
+	nginxInstall, err = getAppInstallByKey(constant.AppOpenresty)
+	if err != nil {
+		return
+	}
+	includeDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "redirect")
+	fileOp := files.NewFileOp()
+	if !fileOp.Stat(includeDir) {
+		_ = fileOp.CreateDir(includeDir, 0755)
+	}
+	fileName := fmt.Sprintf("%s.conf", req.Name)
+	includePath := path.Join(includeDir, fileName)
+	backName := fmt.Sprintf("%s.bak", req.Name)
+	backPath := path.Join(includeDir, backName)
+
+	if req.Operate == "create" && (fileOp.Stat(includePath) || fileOp.Stat(backPath)) {
+		err = buserr.New(constant.ErrNameIsExist)
+		return
+	}
+
+	defer func() {
+		if err != nil {
+			switch req.Operate {
+			case "create":
+				_ = fileOp.DeleteFile(includePath)
+			case "edit":
+				_ = fileOp.WriteFile(includePath, bytes.NewReader(oldContent), 0755)
+			}
+		}
+	}()
+
+	var (
+		config *components.Config
+		oldPar *parser.Parser
+	)
+
+	switch req.Operate {
+	case "create":
+		config = &components.Config{}
+	case "edit":
+		oldPar, err = parser.NewParser(includePath)
+		if err != nil {
+			return
+		}
+		config = oldPar.Parse()
+		oldContent, err = fileOp.GetContent(includePath)
+		if err != nil {
+			return
+		}
+	case "delete":
+		_ = fileOp.DeleteFile(includePath)
+		_ = fileOp.DeleteFile(backPath)
+		return updateNginxConfig(constant.NginxScopeServer, nil, &website)
+	case "disable":
+		_ = fileOp.Rename(includePath, backPath)
+		return updateNginxConfig(constant.NginxScopeServer, nil, &website)
+	case "enable":
+		_ = fileOp.Rename(backPath, includePath)
+		return updateNginxConfig(constant.NginxScopeServer, nil, &website)
+	}
+
+	target := req.Target
+	block := &components.Block{}
+
+	switch req.Type {
+	case "path":
+		if req.KeepPath {
+			target = req.Target + "$1"
+		} else {
+			target = req.Target + "?"
+		}
+		redirectKey := "permanent"
+		if req.Redirect == "302" {
+			redirectKey = "redirect"
+		}
+		block = &components.Block{
+			Directives: []components.IDirective{
+				&components.Directive{
+					Name:       "rewrite",
+					Parameters: []string{fmt.Sprintf("^%s(.*)", req.Path), target, redirectKey},
+				},
+			},
+		}
+	case "domain":
+		if req.KeepPath {
+			target = req.Target + "$request_uri"
+		}
+		returnBlock := &components.Block{
+			Directives: []components.IDirective{
+				&components.Directive{
+					Name:       "return",
+					Parameters: []string{req.Redirect, target},
+				},
+			},
+		}
+		for _, domain := range req.Domains {
+			block.Directives = append(block.Directives, &components.Directive{
+				Name:       "if",
+				Parameters: []string{"($host", "~", fmt.Sprintf("'^%s')", domain)},
+				Block:      returnBlock,
+			})
+		}
+	case "404":
+		if req.KeepPath && !req.RedirectRoot {
+			target = req.Target + "$request_uri"
+		}
+		if req.RedirectRoot {
+			target = "/"
+		} else {
+			if req.KeepPath {
+				target = req.Target + "$request_uri"
+			}
+		}
+		block = &components.Block{
+			Directives: []components.IDirective{
+				&components.Directive{
+					Name:       "error_page",
+					Parameters: []string{"404", "=", "@notfound"},
+				},
+				&components.Directive{
+					Name:       "location",
+					Parameters: []string{"@notfound"},
+					Block: &components.Block{
+						Directives: []components.IDirective{
+							&components.Directive{
+								Name:       "return",
+								Parameters: []string{"301", target},
+							},
+						},
+					},
+				},
+			},
+		}
+	}
+	config.FilePath = includePath
+	config.Block = block
+
+	if err = nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
+		return buserr.WithErr(constant.ErrUpdateBuWebsite, err)
+	}
+
+	nginxInclude := fmt.Sprintf("/www/sites/%s/redirect/*.conf", website.Alias)
+	if err = updateNginxConfig(constant.NginxScopeServer, []dto.NginxParam{{Name: "include", Params: []string{nginxInclude}}}, &website); err != nil {
+		return
+	}
+	return
+}
+
+func (w WebsiteService) GetRedirect(id uint) (res []response.NginxRedirectConfig, err error) {
+	var (
+		website      model.Website
+		nginxInstall model.AppInstall
+		fileList     response.FileInfo
+	)
+	website, err = websiteRepo.GetFirst(commonRepo.WithByID(id))
+	if err != nil {
+		return
+	}
+	nginxInstall, err = getAppInstallByKey(constant.AppOpenresty)
+	if err != nil {
+		return
+	}
+	includeDir := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "redirect")
+	fileOp := files.NewFileOp()
+	if !fileOp.Stat(includeDir) {
+		return
+	}
+	fileList, err = NewIFileService().GetFileList(request.FileOption{FileOption: files.FileOption{Path: includeDir, Expand: true, Page: 1, PageSize: 100}})
+	if len(fileList.Items) == 0 {
+		return
+	}
+	var (
+		content []byte
+		config  *components.Config
+	)
+	for _, configFile := range fileList.Items {
+		redirectConfig := response.NginxRedirectConfig{
+			WebsiteID: website.ID,
+		}
+		parts := strings.Split(configFile.Name, ".")
+		redirectConfig.Name = parts[0]
+		if parts[1] == "conf" {
+			redirectConfig.Enable = true
+		} else {
+			redirectConfig.Enable = false
+		}
+		redirectConfig.FilePath = configFile.Path
+		content, err = fileOp.GetContent(configFile.Path)
+		if err != nil {
+			return
+		}
+		redirectConfig.Content = string(content)
+		config = parser.NewStringParser(string(content)).Parse()
+
+		dirs := config.GetDirectives()
+		if len(dirs) > 0 {
+			firstName := dirs[0].GetName()
+			switch firstName {
+			case "if":
+				for _, ifDir := range dirs {
+					params := ifDir.GetParameters()
+					if len(params) > 2 && params[0] == "($host" {
+						domain := strings.Trim(strings.Trim(params[2], "'"), "^")
+						redirectConfig.Domains = append(redirectConfig.Domains, domain)
+						if len(redirectConfig.Domains) > 1 {
+							continue
+						}
+						redirectConfig.Type = "domain"
+					}
+					childDirs := ifDir.GetBlock().GetDirectives()
+					for _, dir := range childDirs {
+						if dir.GetName() == "return" {
+							dirParams := dir.GetParameters()
+							if len(dirParams) > 1 {
+								redirectConfig.Redirect = dirParams[0]
+								if strings.HasSuffix(dirParams[1], "$request_uri") {
+									redirectConfig.KeepPath = true
+									redirectConfig.Target = strings.TrimSuffix(dirParams[1], "$request_uri")
+								} else {
+									redirectConfig.KeepPath = false
+									redirectConfig.Target = dirParams[1]
+								}
+							}
+						}
+					}
+				}
+			case "rewrite":
+				redirectConfig.Type = "path"
+				for _, pathDir := range dirs {
+					if pathDir.GetName() == "rewrite" {
+						params := pathDir.GetParameters()
+						if len(params) > 2 {
+							redirectConfig.Path = strings.Trim(strings.Trim(params[0], "^"), "(.*)")
+							if strings.HasSuffix(params[1], "$1") {
+								redirectConfig.KeepPath = true
+								redirectConfig.Target = strings.TrimSuffix(params[1], "$1")
+							} else {
+								redirectConfig.KeepPath = false
+								redirectConfig.Target = strings.TrimSuffix(params[1], "?")
+							}
+							if params[2] == "permanent" {
+								redirectConfig.Redirect = "301"
+							} else {
+								redirectConfig.Redirect = "302"
+							}
+						}
+					}
+				}
+			case "error_page":
+				redirectConfig.Type = "404"
+				for _, errDir := range dirs {
+					if errDir.GetName() == "location" {
+						childDirs := errDir.GetBlock().GetDirectives()
+						for _, dir := range childDirs {
+							if dir.GetName() == "return" {
+								dirParams := dir.GetParameters()
+								if len(dirParams) > 1 {
+									redirectConfig.Redirect = dirParams[0]
+									if strings.HasSuffix(dirParams[1], "$request_uri") {
+										redirectConfig.KeepPath = true
+										redirectConfig.Target = strings.TrimSuffix(dirParams[1], "$request_uri")
+										redirectConfig.RedirectRoot = false
+									} else {
+										redirectConfig.KeepPath = false
+										redirectConfig.Target = dirParams[1]
+										redirectConfig.RedirectRoot = redirectConfig.Target == "/"
+									}
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+		res = append(res, redirectConfig)
+	}
+	return
+}
+
+func (w WebsiteService) UpdateRedirectFile(req request.NginxRedirectUpdate) (err error) {
+	var (
+		website           model.Website
+		nginxFull         dto.NginxFull
+		oldRewriteContent []byte
+	)
+	website, err = websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
+	if err != nil {
+		return err
+	}
+	nginxFull, err = getNginxFull(&website)
+	if err != nil {
+		return err
+	}
+	includePath := fmt.Sprintf("/www/sites/%s/redirect/%s.conf", website.Alias, req.Name)
+	absolutePath := path.Join(nginxFull.Install.GetPath(), includePath)
+	fileOp := files.NewFileOp()
+	oldRewriteContent, err = fileOp.GetContent(absolutePath)
+	if err != nil {
+		return err
+	}
+	if err = fileOp.WriteFile(absolutePath, strings.NewReader(req.Content), 0755); err != nil {
+		return err
+	}
+	defer func() {
+		if err != nil {
+			_ = fileOp.WriteFile(absolutePath, bytes.NewReader(oldRewriteContent), 0755)
+		}
+	}()
+	return updateNginxConfig(constant.NginxScopeServer, nil, &website)
+}
+
+func (w WebsiteService) UpdateWafFile(req request.WebsiteWafFileUpdate) (err error) {
+	var (
+		website      model.Website
+		nginxInstall model.AppInstall
+	)
+	website, err = websiteRepo.GetFirst(commonRepo.WithByID(req.WebsiteID))
+	if err != nil {
+		return err
+	}
+	nginxInstall, err = getAppInstallByKey(constant.AppOpenresty)
+	if err != nil {
+		return
+	}
+	rulePath := path.Join(nginxInstall.GetPath(), "www", "sites", website.Alias, "waf", "rules", fmt.Sprintf("%s.json", req.Type))
+	return files.NewFileOp().WriteFile(rulePath, strings.NewReader(req.Content), 0755)
+}
--- a/backend/app/service/website_ssl.go
+++ b/backend/app/service/website_ssl.go
@@ -7,11 +7,13 @@ import (
 	"github.com/1Panel-dev/1Panel/backend/app/dto/request"
 	"github.com/1Panel-dev/1Panel/backend/app/dto/response"
 	"github.com/1Panel-dev/1Panel/backend/app/model"
+	"github.com/1Panel-dev/1Panel/backend/app/repo"
 	"github.com/1Panel-dev/1Panel/backend/buserr"
 	"github.com/1Panel-dev/1Panel/backend/constant"
 	"github.com/1Panel-dev/1Panel/backend/global"
 	"github.com/1Panel-dev/1Panel/backend/utils/ssl"
 	"path"
+	"strconv"
 	"strings"
 )

@@ -21,7 +23,7 @@ type WebsiteSSLService struct {
 type IWebsiteSSLService interface {
 	Page(search request.WebsiteSSLSearch) (int64, []response.WebsiteSSLDTO, error)
 	GetSSL(id uint) (*response.WebsiteSSLDTO, error)
-	Search() ([]response.WebsiteSSLDTO, error)
+	Search(req request.WebsiteSSLSearch) ([]response.WebsiteSSLDTO, error)
 	Create(create request.WebsiteSSLCreate) (request.WebsiteSSLCreate, error)
 	Renew(sslId uint) error
 	GetDNSResolve(req request.WebsiteDNSReq) ([]response.WebsiteDNSRes, error)
@@ -35,17 +37,19 @@ func NewIWebsiteSSLService() IWebsiteSSLService {
 }

 func (w WebsiteSSLService) Page(search request.WebsiteSSLSearch) (int64, []response.WebsiteSSLDTO, error) {
+	var (
+		result []response.WebsiteSSLDTO
+	)
 	total, sslList, err := websiteSSLRepo.Page(search.Page, search.PageSize, commonRepo.WithOrderBy("created_at desc"))
 	if err != nil {
 		return 0, nil, err
 	}
-	var sslDTOs []response.WebsiteSSLDTO
-	for _, ssl := range sslList {
-		sslDTOs = append(sslDTOs, response.WebsiteSSLDTO{
-			WebsiteSSL: ssl,
+	for _, sslModel := range sslList {
+		result = append(result, response.WebsiteSSLDTO{
+			WebsiteSSL: sslModel,
 		})
 	}
-	return total, sslDTOs, err
+	return total, result, err
 }

 func (w WebsiteSSLService) GetSSL(id uint) (*response.WebsiteSSLDTO, error) {
@@ -58,18 +62,29 @@ func (w WebsiteSSLService) GetSSL(id uint) (*response.WebsiteSSLDTO, error) {
 	return &res, nil
 }

-func (w WebsiteSSLService) Search() ([]response.WebsiteSSLDTO, error) {
-	sslList, err := websiteSSLRepo.List()
+func (w WebsiteSSLService) Search(search request.WebsiteSSLSearch) ([]response.WebsiteSSLDTO, error) {
+	var (
+		opts   []repo.DBOption
+		result []response.WebsiteSSLDTO
+	)
+	opts = append(opts, commonRepo.WithOrderBy("created_at desc"))
+	if search.AcmeAccountID != "" {
+		acmeAccountID, err := strconv.ParseUint(search.AcmeAccountID, 10, 64)
+		if err != nil {
+			return nil, err
+		}
+		opts = append(opts, websiteSSLRepo.WithByAcmeAccountId(uint(acmeAccountID)))
+	}
+	sslList, err := websiteSSLRepo.List(opts...)
 	if err != nil {
 		return nil, err
 	}
-	var sslDTOs []response.WebsiteSSLDTO
-	for _, ssl := range sslList {
-		sslDTOs = append(sslDTOs, response.WebsiteSSLDTO{
-			WebsiteSSL: ssl,
+	for _, sslModel := range sslList {
+		result = append(result, response.WebsiteSSLDTO{
+			WebsiteSSL: sslModel,
 		})
 	}
-	return sslDTOs, err
+	return result, err
 }

 func (w WebsiteSSLService) Create(create request.WebsiteSSLCreate) (request.WebsiteSSLCreate, error) {
--- a/backend/app/service/website_utils.go
+++ b/backend/app/service/website_utils.go
@@ -378,9 +378,9 @@ func applySSL(website model.Website, websiteSSL model.WebsiteSSL, req request.We
 	}
 	config := nginxFull.SiteConfig.Config
 	server := config.FindServers()[0]
-	server.UpdateListen("443", website.DefaultServer, "ssl")
+	server.UpdateListen("443", website.DefaultServer, "ssl", "http2")
 	if website.IPV6 {
-		server.UpdateListen("[::]:443", website.DefaultServer, "ssl")
+		server.UpdateListen("[::]:443", website.DefaultServer, "ssl", "http2")
 	}

 	switch req.HttpConfig {
@@ -536,6 +536,10 @@ func opWebsite(website *model.Website, operate string) error {
 		if files.NewFileOp().Stat(absoluteRewritePath) {
 			server.UpdateDirective("include", []string{rewriteInclude})
 		}
+		rootIndex := path.Join("/www/sites", website.Alias, "index")
+		if website.SiteDir != "/" {
+			rootIndex = path.Join(rootIndex, website.SiteDir)
+		}
 		switch website.Type {
 		case constant.Deployment:
 			server.RemoveDirective("root", nil)
@@ -546,12 +550,11 @@ func opWebsite(website *model.Website, operate string) error {
 			proxy := fmt.Sprintf("http://127.0.0.1:%d", appInstall.HttpPort)
 			server.UpdateRootProxy([]string{proxy})
 		case constant.Static:
-			server.UpdateRoot(path.Join("/www/sites", website.Alias, "index"))
+			server.UpdateRoot(rootIndex)
 			server.UpdateRootLocation()
 		case constant.Proxy:
 			server.RemoveDirective("root", nil)
 		case constant.Runtime:
-			rootIndex := path.Join("/www/sites", website.Alias, "index")
 			server.UpdateRoot(rootIndex)
 			localPath := ""
 			if website.ProxyType == constant.RuntimeProxyUnix {
@@ -573,6 +576,44 @@ func opWebsite(website *model.Website, operate string) error {
 	return nginxCheckAndReload(nginxInstall.SiteConfig.OldContent, config.FilePath, nginxInstall.Install.ContainerName)
 }

+func changeIPV6(website model.Website, enable bool) error {
+	nginxFull, err := getNginxFull(&website)
+	if err != nil {
+		return nil
+	}
+	config := nginxFull.SiteConfig.Config
+	server := config.FindServers()[0]
+	listens := server.Listens
+	if enable {
+		for _, listen := range listens {
+			if strings.HasPrefix(listen.Bind, "[::]:") {
+				continue
+			}
+			exist := false
+			ipv6Bind := fmt.Sprintf("[::]:%s", listen.Bind)
+			for _, li := range listens {
+				if li.Bind == ipv6Bind {
+					exist = true
+					break
+				}
+			}
+			if !exist {
+				server.UpdateListen(ipv6Bind, false, listen.GetParameters()[1:]...)
+			}
+		}
+	} else {
+		for _, listen := range listens {
+			if strings.HasPrefix(listen.Bind, "[::]:") {
+				server.RemoveListenByBind(listen.Bind)
+			}
+		}
+	}
+	if err := nginx.WriteConfig(config, nginx.IndentedStyle); err != nil {
+		return err
+	}
+	return nginxCheckAndReload(nginxFull.SiteConfig.OldContent, config.FilePath, nginxFull.Install.ContainerName)
+}
+
 func checkIsLinkApp(website model.Website) bool {
 	if website.Type == constant.Deployment {
 		return true
--- a/Show More
+++ b/Show More