From 32f6399ccdd35339fcc919b2782fc56c3062a98e Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 14:18:55 -0400
Subject: [PATCH 1/9] new generic template; replace some bad gateways and not
 founds (#1012)

---
 endpoints/proxy/frontend.go     |  21 +-
 endpoints/proxyUi/embed.go      |   2 +-
 endpoints/proxyUi/notFound.go   |  22 --
 endpoints/proxyUi/notFound.html | 400 --------------------------------
 endpoints/proxyUi/template.go   |  82 +++++++
 endpoints/proxyUi/template.html |  90 +++++++
 endpoints/publicProxy/config.go |   1 +
 endpoints/publicProxy/http.go   |  15 +-
 8 files changed, 199 insertions(+), 434 deletions(-)
 delete mode 100644 endpoints/proxyUi/notFound.go
 delete mode 100644 endpoints/proxyUi/notFound.html
 create mode 100644 endpoints/proxyUi/template.go
 create mode 100644 endpoints/proxyUi/template.html

diff --git a/endpoints/proxy/frontend.go b/endpoints/proxy/frontend.go
index 557d38cf..15283f33 100644
--- a/endpoints/proxy/frontend.go
+++ b/endpoints/proxy/frontend.go
@@ -25,6 +25,7 @@ type FrontendConfig struct {
 	ShrToken        string
 	Address         string
 	ResponseHeaders []string
+	TemplatePath    string
 	Tls             *endpoints.TlsConfig
 	RequestsChan    chan *endpoints.Request
 	SuperNetwork    bool
@@ -131,7 +132,13 @@ func newServiceProxy(cfg *FrontendConfig, ctx ziti.Context) (*httputil.ReversePr
 	}
 	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
 		logrus.Errorf("error proxying: %v", err)
-		proxyUi.WriteNotFound(w)
+		proxyUi.WriteBadGateway(
+			w, proxyUi.TemplateData(
+				"bad gateway!",
+				fmt.Sprintf("bad gateway for share <code>%v</code>!", cfg.ShrToken),
+			),
+			cfg.TemplatePath,
+		)
 	}
 	return proxy, nil
 }
@@ -172,8 +179,8 @@ func serviceTargetProxy(cfg *FrontendConfig, ctx ziti.Context) *httputil.Reverse
 func authHandler(shrToken string, handler http.Handler, realm string, cfg *FrontendConfig, ctx ziti.Context) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if svc, found := endpoints.GetRefreshedService(shrToken, ctx); found {
-			if cfg, found := svc.Config[sdk.ZrokProxyConfig]; found {
-				if scheme, found := cfg["auth_scheme"]; found {
+			if proxyCfg, found := svc.Config[sdk.ZrokProxyConfig]; found {
+				if scheme, found := proxyCfg["auth_scheme"]; found {
 					switch scheme {
 					case string(sdk.None):
 						logrus.Debugf("auth scheme none '%v'", shrToken)
@@ -188,7 +195,7 @@ func authHandler(shrToken string, handler http.Handler, realm string, cfg *Front
 							return
 						}
 						authed := false
-						if v, found := cfg["basic_auth"]; found {
+						if v, found := proxyCfg["basic_auth"]; found {
 							if basicAuth, ok := v.(map[string]interface{}); ok {
 								if v, found := basicAuth["users"]; found {
 									if arr, ok := v.([]interface{}); ok {
@@ -231,15 +238,15 @@ func authHandler(shrToken string, handler http.Handler, realm string, cfg *Front
 					}
 				} else {
 					logrus.Warnf("%v -> no auth scheme for '%v'", r.RemoteAddr, shrToken)
-					proxyUi.WriteNotFound(w)
+					proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 				}
 			} else {
 				logrus.Warnf("%v -> no proxy config for '%v'", r.RemoteAddr, shrToken)
-				proxyUi.WriteNotFound(w)
+				proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 			}
 		} else {
 			logrus.Warnf("%v -> service '%v' not found", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 		}
 	}
 }
diff --git a/endpoints/proxyUi/embed.go b/endpoints/proxyUi/embed.go
index 92d18c7a..f31b4cc1 100644
--- a/endpoints/proxyUi/embed.go
+++ b/endpoints/proxyUi/embed.go
@@ -2,5 +2,5 @@ package proxyUi
 
 import "embed"
 
-//go:embed health.html intersititial.html notFound.html unauthorized.html
+//go:embed health.html intersititial.html unauthorized.html template.html
 var FS embed.FS
diff --git a/endpoints/proxyUi/notFound.go b/endpoints/proxyUi/notFound.go
deleted file mode 100644
index 44cd3365..00000000
--- a/endpoints/proxyUi/notFound.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package proxyUi
-
-import (
-	"net/http"
-
-	"github.com/sirupsen/logrus"
-)
-
-func WriteNotFound(w http.ResponseWriter) {
-	if data, err := FS.ReadFile("notFound.html"); err == nil {
-		w.WriteHeader(http.StatusNotFound)
-		n, err := w.Write(data)
-		if n != len(data) {
-			logrus.Errorf("short write")
-			return
-		}
-		if err != nil {
-			logrus.Error(err)
-			return
-		}
-	}
-}
diff --git a/endpoints/proxyUi/notFound.html b/endpoints/proxyUi/notFound.html
deleted file mode 100644
index b13dceab..00000000
--- a/endpoints/proxyUi/notFound.html
+++ /dev/null
@@ -1,400 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8"/>
-    <meta name="viewport" content="width=device-width, initial-scale=1"/>
-    <meta name="theme-color" content="#000000"/>
-    <meta name="description" content="zrok ui"/>
-    <link rel="preconnect" href="https://fonts.googleapis.com">
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Russo+One&display=swap" rel="stylesheet">
-    <title>zrok</title>
-    <style>
-        body {
-            margin: 0;
-            padding: 25;
-            font-family: 'JetBrains Mono', Consolas, 'Courier New', monospace;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-        }
-        h1, h2, h3, h4, h5, h6 {
-            font-family: 'Russo One', sans-serif;
-        }
-        table {
-            table-layout: fixed;
-            width: 100%;
-        }
-        td {
-            vertical-align: top;
-        }
-        td:last-child {
-            width: 80%;
-            overflow: clip;
-        }
-        td:first-child {
-            width: 20%;
-            overflow: auto;
-        }
-        #banner {
-            background-color: #3b2693;
-            text-align: center;
-            padding: 25px;
-            color: white;
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            height: 600px;
-            justify-content: center;
-        }
-        #banner h1 {
-            font-size: 64pt;
-        }
-        #container {
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        #info {
-            width: 920px;
-            text-align: center;
-        }
-        #info h1 {
-            font-size: 96pt;
-        }
-    </style>
-</head>
-<body>
-<div id="root">
-    <div id="banner">
-        <svg id="ziggy" viewBox="0 0 21.9 37.6" style="width: 200px; height: 343.38px;">
-            <style type="text/css">
-                .st0 {
-                    fill: #FFFFFF;
-                }
-
-                .st1 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FFFFFF;
-                }
-
-                .st2 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #A3A3A3;
-                }
-
-                .st3 {
-                    fill: #00001F;
-                }
-
-                .st4 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #B3B3B3;
-                }
-
-                .st5 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #E6E6E6;
-                }
-
-                .st6 {
-                    fill: #FFFFFF;
-                    stroke: #000000;
-                    stroke-width: 0.3;
-                    stroke-miterlimit: 10;
-                }
-
-                .st7 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FF0000;
-                }
-
-                .st8 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #00FF00;
-                }
-
-                .st9 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #06B806;
-                }
-
-                .st10 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                }
-
-                .st11 {
-                    fill: #B3B3B3;
-                }
-
-                .st12 {
-                    opacity: 0.25;
-                }
-
-                .st13 {
-                    fill: #FEFCF9;
-                }
-
-                .st14 {
-                    fill: none;
-                    stroke: #FFFFFF;
-                    stroke-width: 0.4;
-                    stroke-linecap: round;
-                    stroke-linejoin: round;
-                    stroke-miterlimit: 10;
-                }
-            </style>
-            <rect x="5.5" y="14.9" class="st0" width="10.7" height="5.7"/>
-            <polygon class="st0" points="16.9,35.4 17.3,35 17.2,34.5 17.1,34.2 16.2,26.5 6.1,26.6 5.1,34.2 4.9,34.8 5.4,35.2 7.3,35.1
-                        8.4,35.3 9,35.2 9.3,34.8 9.1,34.3 10.8,28.6 11.5,28.6 11.5,29.1 13,34.3 12.9,34.8 13.2,35.2 14,35.6 "/>
-            <g>
-                <g>
-                    <path class="st1" d="M16.4,16.1c0.3,0.1,2.8,0.8,3.4,1.7c0.5,0.9,2,4.8,2,5.8c0,0.1,0,2.6-0.2,3.3c-0.1,0.3-1.7,0.2-2.2,0.1,c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4c-0.2,0.6-2.1,1.6-2.1,1.6"/>
-                    <path class="st2" d="M21.7,26.4c0,0.2,0,0.3-0.1,0.4c-0.1,0.3-1.7,0.2-2.2,0.1c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4
-                                c-0.2,0.6-1.6,2.1-1.6,2.1l-0.3,0.1c-0.1-0.1,0.1-0.8,0.1-0.9c-0.4-0.8,1.5-2.6,1.7-2.9c0.3-0.3,0.5,0.1,0.5,0.7
-                                c0,0.5,0,0.6,0,0.6c0.9,3.7,0.5,4.5,0.5,4.5s0.2,0.1,0.9,0c0.7,0,0.9-0.2,0.9-0.2L21.7,26.4z"/>
-                    <path class="st3" d="M16.4,24.8c-1.6-2.7,2-0.6,2.2-1.8c0,0,0,0,0,0c0-0.5,0.1-1.1,0.2-1.5c0-0.2,0.1-0.4,0.1-0.4
-                                c0-0.1,0.1-0.1,0.1-0.1s0.1,0.1,0.1,0.1c0,0,0,0.2-0.1,0.4c0,0.2-0.1,0.4-0.1,0.6c0.1,0.1,0.2,0.3,0.2,0.4
-                                c0.1,0.3,0.3,0.9,0.4,1.7c0,0.2,0,0.3,0,0.5c0,0.4,0,0.9,0,1.3c0,0.4,0,0.8,0,0.8c0.3,0.1,0.8,0.1,1.4,0.1c0.3,0,0.6,0,0.6-0.1
-                                c0.2-0.6,0.2-2.7,0.2-3.1c0,0,0-0.1,0-0.1c0-0.4-0.3-1.4-0.6-2.4c-0.5-1.4-1.1-2.8-1.3-3.3c-0.2-0.3-0.6-0.6-1.1-0.8
-                                c-0.9-0.5-2-0.8-2.2-0.8 M16.5,16c0.2,0,1.3,0.4,2.3,0.8c0.5,0.3,1,0.6,1.2,0.9c0.3,0.5,0.9,2,1.4,3.4c0.4,1.1,0.6,2.1,0.6,2.5
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6-0.2,3.2c-0.1,0.2-0.4,0.3-0.8,0.3c-0.5,0-1.2,0-1.5-0.1c-0.2,0-0.2-0.5-0.1-1.1c0-0.4,0.1-0.9,0-1.3
-                                c-0.1-1-0.2-1.7-0.4-2.1c0,0.1-0.8,0-0.8,0.1 M17.4,23.3l0.8-0.3c-0.1,1.2-1.5,2-1.5,2.2"/>
-                    <path class="st1"
-                          d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.4,0.3,0.8,0.8,0.8h0.6c0.4,0,0.8-0.3,0.8-0.8V27z"/>
-                    <path class="st2" d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.2,0.3,0.4,0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H20
-                                c0.4,0.1,1,0.1,1.6,0V27z"/>
-                    <path class="st3" d="M21.7,26.8V27v1.3c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3h-0.6c-0.2,0-0.5-0.1-0.6-0.3
-                                c-0.2-0.2-0.3-0.4-0.3-0.6V27v-0.2h0.2h0.1h0l0,0c0.3,0,0.7,0.1,1.1,0.1c0.3,0,0.6,0,0.8-0.1l0,0h0h0H21.7z M20.6,27.2
-                                c-0.4,0-0.8,0-1-0.1v1.1c0,0.2,0.1,0.3,0.2,0.4c0.1,0.1,0.3,0.2,0.4,0.2h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C21.2,27.2,20.9,27.2,20.6,27.2L20.6,27.2z"/>
-                </g>
-                <g>
-                    <path class="st1" d="M5.5,16.2c-0.3,0.1-2.8,0.8-3.4,1.7c-0.5,0.9-2,4.8-2,5.8c0,0.1,0,2.6,0.2,3.3C0.4,27.2,2,27.2,2.5,27
-                                c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4C3.3,23,5.2,24,5.2,24"/>
-                    <path class="st2" d="M0.3,26.5c0,0.2,0,0.3,0.1,0.4C0.4,27.2,2,27.2,2.5,27c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4
-                                c0.2,0.6,1.6,2.1,1.6,2.1L5,24.7c0.1-0.1-0.1-0.8-0.1-0.9c0.4-0.8-1.5-2.6-1.7-2.9c-0.3-0.3-0.5,0.1-0.5,0.7c0,0.5,0,0.6,0,0.6
-                                c-0.9,3.7-0.5,4.5-0.5,4.5s-0.2,0.1-0.9,0c-0.7,0-0.9-0.2-0.9-0.2L0.3,26.5z"/>
-                    <path class="st3" d="M5.5,16.3c-0.2,0-1.3,0.3-2.2,0.8c-0.5,0.2-0.9,0.5-1.1,0.8c-0.3,0.5-0.9,2-1.3,3.3c-0.4,1-0.6,2-0.6,2.4
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6,0.2,3.1c0,0.1,0.3,0.1,0.6,0.1c0.5,0,1.1,0,1.4-0.1c0,0,0-0.4,0-0.8c0-0.4-0.1-0.9,0-1.3
-                                c0-0.2,0-0.3,0-0.5c0.1-0.8,0.2-1.4,0.4-1.7c0-0.1,0.1-0.3,0.2-0.4c0-0.2-0.1-0.4-0.1-0.6c0-0.2-0.1-0.4-0.1-0.4
-                                C2.8,21.1,2.9,21,3,21c0.1,0,0.1,0.1,0.1,0.1c0,0,0,0.2,0.1,0.4c0.1,0.4,0.1,1,0.2,1.5c0,0,0,0,0,0c0.2,1.3,3.8-0.8,2.2,1.8
-                                 M3.8,22.8c0-0.1-0.8,0-0.8-0.1c-0.1,0.4-0.3,1.1-0.4,2.1c0,0.4,0,0.9,0,1.3c0,0.6,0.1,1-0.1,1.1c-0.3,0.1-1,0.1-1.5,0.1
-                                c-0.4,0-0.8-0.1-0.8-0.3C0,26.4,0,24.2,0,23.8c0,0,0-0.1,0-0.1c0-0.4,0.3-1.4,0.6-2.5c0.5-1.4,1.1-2.9,1.4-3.4
-                                c0.2-0.3,0.6-0.7,1.2-0.9c0.9-0.5,2.1-0.8,2.3-0.8 M5.2,25.3c0-0.2-1.3-1-1.5-2.2l0.8,0.3"/>
-                    <path class="st1" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.4-0.3,0.8-0.8,0.8H1.2c-0.4,0-0.8-0.3-0.8-0.8V27.1z"/>
-                    <path class="st2" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.2-0.3,0.4-0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H2
-                                c-0.4,0.1-1,0.1-1.6,0V27.1z"/>
-                    <path class="st3" d="M0.4,26.9L0.4,26.9L0.4,26.9L0.4,26.9C0.6,27,1,27,1.3,27c0.4,0,0.8,0,1.1-0.1l0,0h0h0.1h0.2v0.2v1.3
-                                c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3H1.2c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.3v-0.2H0.4z M1.3,27.3
-                                c-0.3,0-0.5,0-0.7,0v1.1c0,0.2,0.1,0.3,0.2,0.4C0.8,28.9,1,29,1.2,29h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C2,27.3,1.7,27.3,1.3,27.3L1.3,27.3z"/>
-                </g>
-                <g>
-                    <path class="st2" d="M5.1,34.2h4.1l1.6-5.6c0.1,0,0.4,0,0.5,0l1.7,5.6h4.1l0-0.3c-0.1,0-0.1,0-0.2,0c-0.4,0.1-3.2,0-3.4,0
-                                c-0.2,0-1.6-4.9-1.6-5.1c0-0.2,0.3-0.1,0.6-0.6c0.3-0.5-0.4-0.5-0.4-0.5c-1,0.4-2,0-2,0c-0.9,0.6,0.2,1,0.2,1.1
-                                c0.1,0.1-1.3,5-1.5,5.1c-0.2,0.1-3.4,0-3.4,0s-0.1,0-0.2,0L5.1,34.2z"/>
-                    <path class="st3" d="M16.4,27.9 M6.1,27.3L6.1,27.3L6.1,27.3l-0.9,6.9h3.8l1.5-5.6c-0.4-0.1-0.5-0.3-0.5-0.3
-                                c-0.1-0.1-0.1-0.1,0-0.2c0.1-0.1,0.1-0.1,0.2,0c0,0,0.3,0.3,0.8,0.2c0.6,0,0.8-0.3,0.8-0.3c0.1-0.1,0.1,0,0.2,0
-                                c0.1,0.1,0.1,0.1,0,0.2c0,0-0.2,0.2-0.6,0.3l1.6,5.6h3.8l-0.7-7 M16.4,27.3l0.8,7.1l0,0.2h-0.2H13h-0.1l0-0.1l-1.6-5.7
-                                c-0.1,0-0.1,0-0.2,0c-0.1,0-0.1,0-0.2,0l-1.6,5.7l0,0.1H9.2H5.1H4.9l0-0.2l0.9-7.1"/>
-                    <path class="st4" d="M5.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4H5.4c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C4.9,35,5.1,35.2,5.4,35.2L5.4,35.2z"/>
-                    <path class="st3" d="M5.4,35.1h3.5C9,35.1,9,35,9.1,35c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2C9,34.5,9,34.4,8.9,34.4H5.4
-                                c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C5.2,35,5.3,35.1,5.4,35.1L5.4,35.1z M8.9,35.3H5.4
-                                c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C9.2,35.3,9,35.3,8.9,35.3L8.9,35.3z"/>
-                    <path class="st1" d="M4.8,37.5h4.4v-1.3C9.2,35.5,8.7,35,8,35H6.1c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st3" d="M5,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3H6.1c-0.3,0-0.6,0.1-0.8,0.3
-                                C5.1,35.6,5,35.9,5,36.2V37.4z M9.2,37.6H4.8H4.7v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4H8c0.4,0,0.7,0.2,1,0.4
-                                c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H9.2z"/>
-                    <path class="st4" d="M13.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4h-3.5c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C12.9,35,13.1,35.2,13.4,35.2L13.4,35.2z"/>
-                    <path class="st3" d="M13.4,35.1h3.5c0.1,0,0.2,0,0.2-0.1c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2c-0.1-0.1-0.1-0.1-0.2-0.1
-                                h-3.5c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C13.2,35,13.3,35.1,13.4,35.1L13.4,35.1z M16.9,35.3
-                                h-3.5c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C17.2,35.3,17,35.3,16.9,35.3L16.9,35.3z"/>
-                    <path class="st1" d="M13,37.5h4.4v-1.3c0-0.7-0.6-1.3-1.3-1.3h-1.8c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st4" d="M17.4,37.5H13v-1.3c0-0.3,0.1-0.7,0.4-0.9c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.3h3.8V37.5z"/>
-                    <path class="st3" d="M13.1,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3h-1.8c-0.3,0-0.6,0.1-0.8,0.3
-                                c-0.2,0.2-0.3,0.5-0.3,0.8V37.4z M17.4,37.6H13h-0.1v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4h1.8
-                                c0.4,0,0.7,0.2,1,0.4c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H17.4z"/>
-                    <path class="st4" d="M9.1,37.4H5v-1.2c0-0.3,0.1-0.6,0.4-0.8c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.2h3.6V37.4z"/>
-                </g>
-                <path class="st5" d="M2.5,15.4C2.3,15.1,2,15,2.1,13.6c0.1-0.9-0.1-2.4,1-2.1l0,5.5l-1.6,2.1c0,0-0.2-2.7,0-3.2
-                            C1.8,15.4,2.3,15.4,2.5,15.4L2.5,15.4z"/>
-                <path class="st4" d="M3.1,16.7l0,0.4l-1.6,2c0,0-0.1-1-0.1-1.9c0.3-0.3,0.7-0.5,1.1-0.7c0-0.1,0-0.2,0-0.4v-4.7
-                            c0.1-0.1,0.3-0.1,0.5,0L3.1,16.7L3.1,16.7z"/>
-                <path class="st3" d="M2.7,15.3c0-0.1-0.1-0.1-0.1-0.1c-0.2-0.2-0.3-0.4-0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8,0.1-1.1
-                            c0.1-0.2,0.2-0.4,0.5-0.4l0,5.3l-1.2,1.6c0-0.8-0.1-2.2,0-2.6c0.1-0.2,0.2-0.3,0.3-0.3c0.1,0,0.3,0,0.4,0l0.4,0L2.7,15.3z
-                            M1.9,13.6c0,1,0.1,1.4,0.2,1.6c-0.1,0-0.1,0-0.2,0c-0.2,0.1-0.4,0.2-0.6,0.6c-0.2,0.5,0,3.3,0,3.3l0,0.5l0.3-0.4l1.6-2.1l0-0.1V17
-                            l0-5.5l0-0.1l-0.1,0c-0.7-0.2-1,0.1-1.1,0.6c-0.1,0.3-0.1,0.8-0.1,1.2C1.9,13.3,1.9,13.4,1.9,13.6L1.9,13.6z"/>
-                <path class="st5" d="M6.1,10.5h-2c-0.6,0-1,0.5-1,1v5.3c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-5.3C7.2,11,6.7,10.5,6.1,10.5L6.1,10.5
-                            z"/>
-                <path class="st4" d="M3.1,16.5v0.7c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-0.2c0,0,0,0,0.1,0v-5.2c0-0.6-0.5-1-1-1h-2
-                            c-0.6,0-1,0.5-1,1v1.8c0.5,0.8,1.1,1.4,1.8,2C4.4,15.9,3.7,16.2,3.1,16.5L3.1,16.5z"/>
-                <path class="st3" d="M6.2,10.3h-2c-0.3,0-0.7,0.1-0.9,0.4C3.1,10.9,3,11.2,3,11.5v5.3c0,0.3,0.1,0.6,0.4,0.9
-                            C3.5,17.9,3.9,18,4.2,18h2c0.3,0,0.7-0.1,0.9-0.4c0.2-0.2,0.4-0.5,0.4-0.9v-5.3c0-0.3-0.1-0.6-0.4-0.9C6.8,10.5,6.5,10.3,6.2,10.3
-                            L6.2,10.3z M4.2,10.7h2c0.2,0,0.4,0.1,0.6,0.2C6.9,11.1,7,11.3,7,11.5v5.3c0,0.2-0.1,0.4-0.2,0.6c-0.2,0.1-0.4,0.2-0.6,0.2h-2
-                            c-0.2,0-0.4-0.1-0.6-0.2c-0.2-0.1-0.2-0.4-0.2-0.6v-5.3c0-0.2,0.1-0.4,0.2-0.6C3.7,10.8,4,10.7,4.2,10.7L4.2,10.7z"/>
-                <path class="st5" d="M19.4,15.4c0.2-0.3,0.5-0.4,0.4-1.8c-0.1-0.9,0.1-2.4-1-2.1l0,5.5l1.6,2.1c0,0,0.2-2.7,0-3.2
-                            C20.2,15.4,19.7,15.4,19.4,15.4L19.4,15.4z"/>
-                <path class="st4" d="M18.8,16.9l0,0.4l1.6,2c0,0,0.1-1,0.1-1.9c-0.3-0.3-0.7-0.5-1.1-0.7c0-0.1,0-0.2,0-0.4v-4.8
-                            c-0.1-0.1-0.3-0.1-0.5,0L18.8,16.9L18.8,16.9z"/>
-                <path class="st3" d="M19.3,15.3c0-0.1,0.1-0.1,0.1-0.1c0.2-0.2,0.3-0.4,0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8-0.1-1.1
-                            c-0.1-0.2-0.2-0.4-0.5-0.4l0,5.3l1.2,1.6c0-0.8,0.1-2.2,0-2.6c-0.1-0.2-0.2-0.3-0.3-0.3c-0.1,0-0.3,0-0.4,0l-0.4,0L19.3,15.3z
-                            M20,13.6c0,1-0.1,1.4-0.2,1.6c0.1,0,0.1,0,0.2,0c0.2,0.1,0.4,0.2,0.6,0.6c0.2,0.5,0,3.3,0,3.3l0,0.5l-0.3-0.4l-1.6-2.1l0-0.1
-                            l0-0.1l0-5.5l0-0.1l0.1,0c0.7-0.2,1,0.1,1.1,0.6c0.1,0.3,0.1,0.8,0.1,1.2C20,13.3,20,13.4,20,13.6L20,13.6z"/>
-                <path class="st5" d="M15.8,10.5h2c0.6,0,1,0.5,1,1v5.3c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-5.3C14.8,11,15.2,10.5,15.8,10.5
-                            L15.8,10.5z"/>
-                <path class="st4" d="M18.8,16.5v0.7c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-2c0.6,0,1,0,1,0C15.9,15.3,17.4,15.8,18.8,16.5
-                            L18.8,16.5z"/>
-                <path class="st3" d="M15.8,10.3h2c0.3,0,0.7,0.1,0.9,0.4c0.2,0.2,0.4,0.5,0.4,0.9v5.3c0,0.3-0.1,0.6-0.4,0.9
-                            c-0.2,0.2-0.5,0.4-0.9,0.4h-2c-0.3,0-0.7-0.1-0.9-0.4c-0.2-0.2-0.4-0.5-0.4-0.9v-5.3c0-0.3,0.1-0.6,0.4-0.9
-                            C15.1,10.5,15.4,10.3,15.8,10.3L15.8,10.3z M17.7,10.7h-2c-0.2,0-0.4,0.1-0.6,0.2c-0.2,0.1-0.2,0.4-0.2,0.6v5.3
-                            c0,0.2,0.1,0.4,0.2,0.6c0.2,0.1,0.4,0.2,0.6,0.2h2c0.2,0,0.4-0.1,0.6-0.2c0.2-0.1,0.2-0.4,0.2-0.6v-5.3c0-0.2-0.1-0.4-0.2-0.6
-                            C18.2,10.8,18,10.7,17.7,10.7L17.7,10.7z"/>
-                <g>
-                    <ellipse transform="matrix(0.9999 -1.050124e-02 1.050124e-02 0.9999 -0.2761 0.1189)" class="st6" cx="11.2"
-                             cy="26.4" rx="6.3" ry="2.7"/>
-                </g>
-                <path class="st2" d="M14.4,16.6c-0.3-0.1-0.6-0.2-0.6-0.2c-0.2,0-5.4,0-5.7,0c-0.1,0-0.5,0.1-1.1,0.3C9.2,18,12.2,18,14.4,16.6
-                            L14.4,16.6z"/>
-                <path class="st6" d="M3.2,18.6l0.1,6.1c0,1.8,3.6,3.3,7.9,3.2s7.7-1.6,7.8-3.4c0-0.2,0-2.9,0-6.4l-0.1-1.3c0,1.8-3.3,0.9-7.6,0.9
-                            s-8.1,0.9-8.1-0.9L3.2,18.6z"/>
-                <g>
-                    <g>
-                        <path class="st2" d="M15.7,16c-0.7-0.3-1.2-0.5-1.3-0.5c-0.9,1.3-0.7,7.7-0.8,7.9c-0.2,0.2-0.2,0.7-0.1,1.3
-                                    c0.1,0.6,1.5,1.1,1.8,0c0.4-1.1-0.4-1.4-0.4-1.4C14.6,20.8,15.3,16.8,15.7,16L15.7,16z"/>
-                        <path class="st2" d="M7.5,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.5,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.4,8.5,16.8,7.5,15.6L7.5,15.6z"/>
-                        <path class="st2" d="M7.6,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.6,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.3,8.5,16.8,7.6,15.6L7.6,15.6z"/>
-                        <path class="st2" d="M9.4,23.6h3.2c0.5,0,0.8,0.4,0.8,0.9v1.4c0,0.5-0.4,0.9-0.8,0.9H9.4c-0.5,0-0.8-0.4-0.8-0.9v-1.4
-                                    C8.5,24,8.9,23.6,9.4,23.6L9.4,23.6z"/>
-                        <path class="st1" d="M9.6,23.9h2.7c0.4,0,0.7,0.3,0.7,0.7v1.1c0,0.4-0.3,0.7-0.7,0.7H9.6c-0.4,0-0.7-0.3-0.7-0.7v-1.1
-                                    C8.9,24.3,9.2,23.9,9.6,23.9L9.6,23.9z"/>
-                        <path class="st2" d="M11.5,23.9h0.3c0.5,0.1,0.9,0.5,0.9,1c0,0.6-0.5,1-1,1c-0.6,0-1-0.5-1-1C10.6,24.4,11,24,11.5,23.9
-                                    L11.5,23.9z"/>
-                        <path class="st2" d="M10,24.2c0.4,0,0.8,0.3,0.8,0.8c0,0.4-0.3,0.8-0.8,0.8c-0.4,0-0.8-0.3-0.8-0.8C9.2,24.6,9.5,24.2,10,24.2
-                                    L10,24.2z"/>
-                        <path class="st7" d="M11.6,24.3c0.4,0,0.7,0.3,0.7,0.7c0,0.4-0.3,0.7-0.7,0.7c-0.4,0-0.7-0.3-0.7-0.7
-                                    C10.9,24.6,11.2,24.3,11.6,24.3L11.6,24.3z"/>
-                        <path class="st3" d="M11.6,24.1c0.2,0,0.4,0.1,0.6,0.2c0.1,0.1,0.2,0.4,0.2,0.6c0,0.2-0.1,0.4-0.2,0.6c-0.1,0.1-0.4,0.2-0.6,0.2
-                                    c-0.2,0-0.4-0.1-0.6-0.2c-0.1-0.1-0.2-0.4-0.2-0.6c0-0.2,0.1-0.4,0.2-0.6C11.1,24.2,11.3,24.1,11.6,24.1L11.6,24.1z M11.9,24.6
-                                    c-0.1-0.1-0.2-0.2-0.4-0.2c-0.1,0-0.3,0.1-0.4,0.2c-0.1,0.1-0.2,0.2-0.2,0.4c0,0.1,0.1,0.3,0.2,0.4c0.1,0.1,0.2,0.2,0.4,0.2
-                                    c0.1,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4C12.1,24.8,12,24.7,11.9,24.6L11.9,24.6z"/>
-                        <path class="st8" d="M10,24.6c0.2,0,0.4,0.2,0.4,0.4c0,0.2-0.2,0.4-0.4,0.4c-0.2,0-0.4-0.2-0.4-0.4C9.5,24.7,9.7,24.6,10,24.6
-                                    L10,24.6z"/>
-                        <path class="st9" d="M10.3,24.7c0.1,0.1,0.1,0.2,0.1,0.3c0,0.2-0.2,0.4-0.4,0.4c-0.2-0.1-0.3-0.2-0.2-0.2
-                                    C10,25.2,10.2,25,10.3,24.7C10.2,24.8,10.2,24.7,10.3,24.7L10.3,24.7z"/>
-                        <path class="st3" d="M10,24.4c0.2,0,0.3,0.1,0.4,0.2c0.1,0.1,0.2,0.2,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4c-0.1,0.1-0.2,0.2-0.4,0.2
-                                    c-0.2,0-0.3-0.1-0.4-0.2S9.4,25.1,9.4,25c0-0.2,0.1-0.3,0.2-0.4C9.7,24.5,9.8,24.4,10,24.4L10,24.4z M10.2,24.8
-                                    c0,0-0.1-0.1-0.2-0.1c-0.1,0-0.1,0-0.2,0.1c0,0-0.1,0.1-0.1,0.2c0,0.1,0,0.1,0.1,0.2c0,0,0.1,0.1,0.2,0.1c0.1,0,0.1,0,0.2-0.1
-                                    c0,0,0.1-0.1,0.1-0.2C10.2,24.9,10.2,24.8,10.2,24.8L10.2,24.8z"/>
-                        <path class="st3" d="M9.6,23.8h2.7c0.2,0,0.5,0.1,0.6,0.3c0.2,0.2,0.3,0.4,0.3,0.6v1.1c0,0.2-0.1,0.5-0.3,0.6
-                                    c-0.2,0.2-0.4,0.3-0.6,0.3H9.6c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.1c0-0.2,0.1-0.5,0.3-0.6
-                                    C9.1,23.9,9.4,23.8,9.6,23.8L9.6,23.8z M12.3,24.1H9.6c-0.2,0-0.3,0.1-0.4,0.2C9.1,24.4,9,24.5,9,24.7v1.1c0,0.2,0.1,0.3,0.2,0.4
-                                    c0.1,0.1,0.2,0.2,0.4,0.2h2.7c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4v-1.1c0-0.2-0.1-0.3-0.2-0.4
-                                    C12.7,24.2,12.5,24.1,12.3,24.1L12.3,24.1z"/>
-                        <path class="st3" d="M7.5,23.6h0.1C8,20.3,7.3,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.5,23.6L7.5,23.6z
-                                    M7.9,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.3
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6L6.4,16l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.4,15.8,8.3,19.8,7.9,23.7L7.9,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24.1,7.9,24,7.8,23.9C7.8,24,7.8,24,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M7.6,23.6h0.1C8,20.2,7.4,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.6,23.6L7.6,23.6z
-                                    M8,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.4
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6l-0.1-0.1l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.5,15.8,8.4,19.8,8,23.7L8,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24,7.9,24,7.8,23.9C7.9,23.9,7.8,23.9,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M14.4,23.5h-0.1c-0.3-3.4,0.3-6.8,0.5-7.6L15,16c-0.6,1.5-0.8,4.3-0.8,6C14.3,22.4,14.3,23,14.4,23.5
-                                    L14.4,23.5z M13.9,23.5c0,0-0.1,0-0.1,0.1c-0.1,0.1-0.1,0.2-0.1,0.3v0.4c0,0.1,0.1,0.2,0.1,0.3c0.1,0.1,0.2,0.1,0.3,0.1h0.4
-                                    c0.1,0,0.2-0.1,0.3-0.1c0.1-0.1,0.1-0.2,0.1-0.3v-0.4c0-0.1-0.1-0.2-0.1-0.3c-0.1-0.1-0.1-0.1-0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8,0.1-4.6,0.8-6l0.1-0.1l-0.2-0.1l-0.6-0.2l-0.2-0.1l0,0.2C14.5,15.6,13.5,19.7,13.9,23.5L13.9,23.5z
-                                    M14.1,23.8L14.1,23.8l0.4,0c0,0,0.1,0,0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0-0.1,0-0.1,0h-0.4c0,0-0.1,0-0.1,0
-                                    c0,0,0-0.1,0-0.1v-0.4C14,23.9,14,23.8,14.1,23.8C14.1,23.8,14.1,23.8,14.1,23.8L14.1,23.8z"/>
-                    </g>
-                </g>
-                <path class="st4" d="M15.5,10.6h2c0.6,0,1,0.5,1,1v1.8c-0.6,0.9-1.3,1.7-2.2,2.4c-0.6,0.4,0,0-0.6,0.2l-0.3-4.3
-                            C15.4,11.2,15,10.6,15.5,10.6L15.5,10.6z"/>
-                <path class="st10" d="M5.4,2.1c3.7-2.8,9.1-2.1,12,1.5c2.9,3.6,2.2,8.9-1.6,11.7c-3.7,2.8-9.1,2.1-12-1.5C1,10.2,1.7,4.9,5.4,2.1
-                            L5.4,2.1z"/>
-                <path class="st1" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-1,0c-0.6,0-1,0.5-1,1l0,1.4C0.3,10.2,0.8,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st1" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l1,0c0.6,0,1,0.5,1,1l0,1.4C20.9,10.1,20.4,10.6,19.9,10.5
-                            L19.9,10.5z"/>
-                <path d="M5.3,2c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c1.5,1.9,2,4.2,1.7,6.3c-0.3,2.2-1.4,4.2-3.4,5.7
-                            c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3c-1.5-1.9-2-4.2-1.7-6.3C2.2,5.5,3.3,3.4,5.3,2L5.3,2z M11.7,0.7
-                            C9.6,0.5,7.4,1,5.6,2.3C3.7,3.7,2.7,5.6,2.4,7.7c-0.3,2.1,0.3,4.2,1.7,6c1.4,1.8,3.4,2.8,5.5,3.1c2.1,0.3,4.3-0.2,6.1-1.6
-                            c1.8-1.4,2.9-3.3,3.2-5.4c0.3-2.1-0.3-4.2-1.7-6C15.8,2,13.8,1,11.7,0.7L11.7,0.7z"/>
-                <path class="st2" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-0.8,0C1.4,8.1,1.2,8.9,1.3,9.9l-0.9,0c0,0-0.1,0-0.1,0.1
-                            C0.5,10.3,0.9,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st2" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l0.8,0C19.8,8,20,8.9,19.8,9.9l0.9,0c0,0,0.1,0,0.1,0.1
-                            C20.7,10.3,20.3,10.5,19.9,10.5L19.9,10.5z"/>
-                <path class="st3" d="M1.3,10.8l0.9,0l0.3,0l-0.1-0.3C2.3,10,2.3,9.4,2.3,8.9c0-0.5,0.1-1.1,0.2-1.6l0,0l0,0l0,0l0-0.2l-0.2,0l-1,0
-                            l0,0C0.9,7,0.6,7.1,0.3,7.3C0.1,7.6,0,7.9,0,8.2v0l0,1.4c0,0.3,0.2,0.6,0.4,0.9C0.7,10.7,1,10.8,1.3,10.8L1.3,10.8z M1.9,10.3
-                            l-0.6,0c-0.2,0-0.4-0.1-0.6-0.2C0.6,10,0.5,9.8,0.5,9.6l0-1.4l0,0c0-0.2,0.1-0.4,0.2-0.5C0.8,7.5,1,7.4,1.2,7.4h0l0.7,0
-                            c-0.1,0.5-0.1,1-0.2,1.5C1.8,9.4,1.9,9.8,1.9,10.3L1.9,10.3z"/>
-                <path class="st3" d="M19.9,10.8l-0.9,0l-0.3,0l0.1-0.3c0.1-0.5,0.2-1.1,0.1-1.6c0-0.5-0.1-1.1-0.2-1.6l0,0l0,0l0,0l0-0.2l0.2,0l1,0
-                            h0c0.3,0,0.7,0.2,0.9,0.4c0.2,0.2,0.4,0.5,0.3,0.9v0l0,1.4c0,0.3-0.2,0.6-0.4,0.9C20.5,10.6,20.2,10.8,19.9,10.8L19.9,10.8z
-                            M19.3,10.3l0.6,0c0.2,0,0.4-0.1,0.6-0.2c0.1-0.1,0.2-0.3,0.2-0.5l0-1.4l0,0c0-0.2-0.1-0.4-0.2-0.5c-0.1-0.1-0.3-0.2-0.5-0.2l0,0
-                            l-0.7,0c0.1,0.5,0.1,1,0.2,1.5C19.4,9.3,19.3,9.8,19.3,10.3L19.3,10.3z"/>
-                <path class="st1" d="M19.1,9.8c-0.3,2.1-1.4,4.2-3.3,5.6c-3.7,2.8-9.1,2.1-12-1.5c-0.6-0.8-1.1-1.7-1.4-2.6
-                            C5.7,16.6,14.9,18.9,19.1,9.8L19.1,9.8z"/>
-                <path class="st3" d="M19.4,9.8c-0.1,1.1-0.5,2.2-1.1,3.2c-0.6,1-1.3,1.8-2.3,2.5c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3
-                            c-0.3-0.4-0.6-0.8-0.8-1.3c-0.2-0.5-0.4-0.9-0.6-1.4L1.9,9.8l0.7,1.3c1,1.7,2.6,3.1,4.5,3.9c1.2,0.5,2.4,0.8,3.7,0.8
-                            c1.3,0,2.5-0.3,3.7-1c1.7-0.9,3.2-2.6,4.3-5.1l0.5-1.4L19.4,9.8z M17.8,12.8c0.2-0.4,0.4-0.8,0.6-1.2c-1,1.7-2.3,2.8-3.6,3.6
-                            c-1.3,0.7-2.6,1-4,1.1c-1.3,0-2.7-0.3-3.9-0.8c-1.2-0.5-2.4-1.3-3.3-2.3c0.1,0.2,0.3,0.4,0.4,0.6c1.4,1.8,3.4,2.8,5.5,3.1
-                            c2.1,0.3,4.3-0.2,6.1-1.6C16.6,14.5,17.3,13.7,17.8,12.8L17.8,12.8z"/>
-                <path class="st1" d="M5.4,2c3.7-2.8,9.1-2.1,12,1.5c1.4,1.8,2,4,1.7,6.1c-0.8-3.3-2.3-5.1-4.3-6.1c-3.1-1.6-6.3-1.8-9.6,1
-                            c-2.4,2-2.7,4.5-2.8,6.6C1.4,7.8,2.5,4.1,5.4,2L5.4,2z"/>
-                <path class="st3" d="M5.3,1.8c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c0.7,0.9,1.2,1.9,1.5,3c0.3,1.1,0.4,2.2,0.2,3.3
-                            l-0.2,1.3l-0.3-1.3c-0.4-1.6-0.9-2.9-1.6-3.9c-0.7-1-1.6-1.6-2.5-2.1c-1.5-0.8-3-1.2-4.6-1.1C8.6,2.6,7,3.2,5.4,4.6
-                            c-1.2,1-1.8,2.1-2.2,3.2C2.9,8.9,2.8,10,2.7,11l-0.1,1.2l-0.4-1.2c-0.5-1.7-0.5-3.5,0-5.1C2.8,4.3,3.8,2.9,5.3,1.8L5.3,1.8z
-                            M11.7,0.5C9.6,0.3,7.4,0.8,5.6,2.1c-1.4,1-2.4,2.4-2.9,3.9C2.3,7.2,2.2,8.3,2.4,9.5c0.1-0.6,0.2-1.2,0.4-1.9
-                            c0.4-1.2,1.1-2.3,2.3-3.4c1.7-1.4,3.3-2.1,5-2.2c1.6-0.1,3.3,0.4,4.8,1.2c1,0.5,1.9,1.3,2.7,2.3C18.1,6.2,18.6,7,18.9,8
-                            c0-0.5-0.1-1.1-0.3-1.6c-0.3-1-0.8-1.9-1.4-2.8C15.8,1.9,13.8,0.8,11.7,0.5L11.7,0.5z"/>
-                <path class="st5" d="M19.2,8.8c0,0.2,0,0.5-0.1,0.7c-0.8-3.3-2.3-5.1-4.3-6.1C11.7,1.8,7.4,1.9,4.7,4.6C3.9,5.4,2.5,7.2,2.4,9.7
-                            C2,7.2,3,4.9,5.4,3c3.7-2.8,9.1-2.1,12,1.5C18.5,5.8,19,7.3,19.2,8.8L19.2,8.8z"/>
-                <path class="st3" d="M19.4,8.8c0,0.1,0,0.3,0,0.4c0,0.1,0,0.2,0,0.4l-0.1,1.1l-0.2-1.1C18.5,8,18,6.7,17.3,5.7
-                            c-0.7-1-1.6-1.6-2.5-2.1c-1.6-0.8-3.5-1.2-5.3-1C7.7,2.8,6.1,3.5,4.9,4.7C4.4,5.2,3.7,6,3.2,7.1C2.9,7.8,2.6,8.7,2.6,9.7l-0.1,2.1
-                            l-0.3-2C2,8.4,2.1,7.2,2.7,6c0.5-1.1,1.4-2.2,2.6-3.1l0,0l0,0c1.9-1.4,4.2-2,6.5-1.7c2.2,0.3,4.3,1.4,5.8,3.2l0,0l0,0
-                            c0.5,0.6,0.9,1.3,1.2,2.1C19.1,7.3,19.3,8,19.4,8.8L19.4,8.8L19.4,8.8z M17.6,5.5c0.5,0.7,0.9,1.4,1.2,2.4
-                            c-0.1-0.4-0.2-0.8-0.4-1.2c-0.3-0.7-0.7-1.4-1.2-2l0,0c-1.4-1.8-3.4-2.8-5.5-3.1C9.6,1.3,7.4,1.8,5.6,3.2l0,0c-1.2,0.9-2,1.9-2.5,3
-                            c-0.2,0.5-0.4,1-0.5,1.5c0.1-0.2,0.2-0.5,0.3-0.7c0.5-1.1,1.3-2,1.8-2.5c1.3-1.3,3-2,4.8-2.2c1.9-0.2,3.9,0.2,5.5,1
-                            C16,3.8,16.9,4.5,17.6,5.5L17.6,5.5z"/>
-                <path class="st5" d="M3.8,8.2c0,0,1.4-4.1,6.2-4.5c0.5-0.1,1.1,1.3,0.4,1.4c-0.7,0.2-3.6,0.6-5.4,4C4.7,9.4,3.5,8.9,3.8,8.2
-                            L3.8,8.2z"/>
-                <path class="st5" d="M12.4,5.1c0.4,0,0.7-0.3,0.7-0.7c0-0.4-0.3-0.7-0.7-0.7c-0.4,0-0.7,0.3-0.7,0.7C11.7,4.8,12,5.1,12.4,5.1
-                            L12.4,5.1z"/>
-                <path class="st11" d="M10.9,18.4l-1.5,2.3l0.9,0.6l0.1-0.2l0.5,2.2l1.5-2.3l-0.8-0.5l-0.1,0.2L10.9,18.4z M11.6,20.7l0.4,0.2
-                            l-1,1.5l-0.5-2.2l-0.4,0.6l-0.4-0.2l1-1.5l0.4,2.1L11.6,20.7z"/>
-                <g class="st12">
-                    <circle class="st13" cx="14.1" cy="8.9" r="1.8"/>
-                    <circle cx="14.4" cy="8.7" r="0.7"/>
-                    <circle class="st13" cx="7.1" cy="8.9" r="1.8"/>
-                    <path id="XMLID_00000028285902548687721290000002641907447975500945_" class="st14" d="M10.8,14.1c-1.6,0-2.7-0.7-3.3-1.1
-                                c-0.1-0.1-0.1-0.2,0-0.3c0.1-0.1,0.2-0.1,0.3,0c0.5,0.4,1.7,1.1,3.3,1c1.4,0,2.4-0.7,2.9-1c0.1-0.1,0.2,0,0.3,0
-                                c0.1,0.1,0,0.2,0,0.3c-0.5,0.4-1.6,1-3.1,1.1C10.9,14.1,10.9,14.1,10.8,14.1z"/>
-                    <circle cx="7.6" cy="8.6" r="0.7"/>
-                </g>
-            </g>
-        </svg>
-        <h1>zrok</h1>
-    </div>
-    <div id="container">
-        <div id="info">
-            <h1>not found!</h1>
-        </div>
-    </div>
-</div>
-</body>
-</html>
diff --git a/endpoints/proxyUi/template.go b/endpoints/proxyUi/template.go
new file mode 100644
index 00000000..bda1b17d
--- /dev/null
+++ b/endpoints/proxyUi/template.go
@@ -0,0 +1,82 @@
+package proxyUi
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"os"
+	"text/template"
+
+	"github.com/sirupsen/logrus"
+)
+
+var externalTemplate []byte
+
+func WriteBadGateway(w http.ResponseWriter, variableData map[string]interface{}, templatePath string) {
+	WriteTemplate(w, http.StatusBadGateway, variableData, templatePath)
+}
+
+func TemplateData(title, banner string) map[string]interface{} {
+	return map[string]interface{}{
+		"title":  title,
+		"banner": banner,
+	}
+}
+
+func NotFoundData(shareToken string) map[string]interface{} {
+	return TemplateData(
+		fmt.Sprintf("'%v' not found!", shareToken),
+		fmt.Sprintf("share <code>%v</code> not found!", shareToken),
+	)
+}
+
+func WriteNotFound(w http.ResponseWriter, variableData map[string]interface{}, templatePath string) {
+	WriteTemplate(w, http.StatusNotFound, variableData, templatePath)
+}
+
+func WriteTemplate(w http.ResponseWriter, statusCode int, variableData map[string]interface{}, templatePath string) {
+	if templatePath != "" && externalTemplate == nil {
+		if f, err := os.ReadFile(templatePath); err == nil {
+			externalTemplate = f
+		} else {
+			logrus.Errorf("error reading proxyUi template from '%v': %v", templatePath, err)
+		}
+	}
+	var templateData = externalTemplate
+	if templateData == nil {
+		if f, err := FS.ReadFile("template.html"); err == nil {
+			templateData = f
+		} else {
+			logrus.Errorf("error reading embedded proxyUi template 'template.html': %v", err)
+		}
+	}
+
+	tmpl, err := template.New("template").Parse(string(templateData))
+	if err != nil {
+		logrus.Errorf("failed to parse template: %v", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	logrus.Warnf("merging variable data: %v", variableData)
+	var buf bytes.Buffer
+	if err := tmpl.Execute(&buf, variableData); err != nil {
+		logrus.Errorf("failed to execute template: %v", err)
+		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+		return
+	}
+
+	// Write the response
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	w.WriteHeader(statusCode)
+
+	n, err := w.Write(buf.Bytes())
+	if n != buf.Len() {
+		logrus.Errorf("short write: wrote %d bytes, expected %d", n, buf.Len())
+		return
+	}
+	if err != nil {
+		logrus.Errorf("failed to write response: %v", err)
+		return
+	}
+}
diff --git a/endpoints/proxyUi/template.html b/endpoints/proxyUi/template.html
new file mode 100644
index 00000000..b6dfd652
--- /dev/null
+++ b/endpoints/proxyUi/template.html
@@ -0,0 +1,90 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1"/>
+    <meta name="theme-color" content="#000000"/>
+    <meta name="description" content="zrok ui"/>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:ital,wght@0,100..800;1,100..800&family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap" rel="stylesheet">
+    <title>zrok - {{ $.title }}</title>
+    <style>
+        body {
+            margin: 0;
+            padding: 25px;
+            font-family: 'Poppins', sans-serif;
+            -webkit-font-smoothing: antialiased;
+            -moz-osx-font-smoothing: grayscale;
+            background-color: #241775;
+        }
+        h1, h2, h3, h4, h5, h6 {
+            font-family: 'Poppins', sans-serif;
+        }
+        code {
+            font-family: 'JetBrains Mono', monospace;
+            padding: 5px;
+        }
+        table {
+            table-layout: fixed;
+            width: 100%;
+        }
+        td {
+            vertical-align: top;
+        }
+        td:last-child {
+            width: 80%;
+            overflow: clip;
+        }
+        td:first-child {
+            width: 20%;
+            overflow: auto;
+        }
+        #banner {
+            background-color: #241775;
+            text-align: center;
+            padding: 25px;
+            color: white;
+            display: flex;
+            flex-direction: row;
+            align-items: center;
+            height: 200px;
+            justify-content: center;
+        }
+        #banner h1 {
+            font-size: 48pt;
+            font-weight: bold;
+            margin: 0;
+            color: #9bf316;
+        }
+        #container {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        #info {
+            width: 80%;
+            text-align: center;
+            background-color: white;
+            border-radius: 12px;
+        }
+    </style>
+</head>
+<body>
+<div id="root">
+    <div id="banner">
+        <svg width="125.797mm" height="166.26598mm" viewBox="0 0 125.797 166.26598" version="1.1" style="width: 80px; height: 105px;">
+            <g transform="translate(-41.620475,-64.027978)">
+                <path style="fill:#9bf316;fill-opacity:1;stroke-width:0.865487" d="m 104.52059,64.027974 c 0,0 -12.300998,16.684095 -17.163248,24.964306 -4.8623,8.28022 -7.86765,12.84754 -10.59501,26.3339 -2.72736,13.48636 -1.27406,42.21319 -1.27406,42.21319 l -18.58752,20.04004 -15.280273,49.9615 40.422833,-6.79427 a 22.714797,11.567473 0 0 0 22.320548,9.54731 22.714797,11.567473 0 0 0 22.32712,-9.55945 l 40.72649,6.84277 -15.28027,-49.95979 -18.58916,-20.04001 c 0,0 1.45496,-28.72857 -1.2724,-42.21493 -2.72736,-13.48636 -5.73437,-18.05368 -10.59667,-26.3339 -4.8608,-8.277646 -17.14905,-24.947062 -17.15668,-24.957378 z m -0.0151,14.741718 c 0.52421,0.860497 14.76063,18.300498 18.34492,32.586238 3.65093,14.55125 3.25036,30.16797 2.29067,46.75483 -0.68395,11.82081 -5.48912,37.13724 -8.2384,50.97445 a 22.714797,11.567473 0 0 0 -12.54073,-1.9254 22.714797,11.567473 0 0 0 -12.237098,1.84921 c -2.75047,-13.84452 -7.55003,-39.12307 -8.23343,-50.93462 -0.95969,-16.58687 -1.36026,-32.20531 2.29067,-46.75656 3.57561,-14.25109 17.733538,-31.579359 18.323398,-32.548148 z m -27.999198,95.069708 6.36686,35.53319 -30.30472,9.08328 10.94985,-35.7998 z m 56.021568,0.0351 12.988,8.81667 10.9482,35.80155 -30.30311,-9.08504 z"/>
+            </g>
+        </svg>
+        <h1> z r o k</h1>
+    </div>
+    <div id="container">
+        <div id="info">
+            <h1>{{ $.banner }}</h1>
+        </div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/endpoints/publicProxy/config.go b/endpoints/publicProxy/config.go
index b108f71c..d13f3520 100644
--- a/endpoints/publicProxy/config.go
+++ b/endpoints/publicProxy/config.go
@@ -21,6 +21,7 @@ type Config struct {
 	Identity     string
 	Address      string
 	HostMatch    string
+	TemplatePath string
 	Interstitial *InterstitialConfig
 	Oauth        *OauthConfig
 	Tls          *endpoints.TlsConfig
diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go
index 1c953ade..f0aeb083 100644
--- a/endpoints/publicProxy/http.go
+++ b/endpoints/publicProxy/http.go
@@ -105,7 +105,14 @@ func newServiceProxy(cfg *Config, ctx ziti.Context) (*httputil.ReverseProxy, err
 	}
 	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
 		logrus.Errorf("error proxying: %v", err)
-		proxyUi.WriteNotFound(w)
+		proxyUi.WriteBadGateway(
+			w,
+			proxyUi.TemplateData(
+				"bad gateway!",
+				"bad gateway!",
+			),
+			cfg.TemplatePath,
+		)
 	}
 	return proxy, nil
 }
@@ -157,14 +164,14 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		svc, found := endpoints.GetRefreshedService(shrToken, ctx)
 		if !found {
 			logrus.Warnf("%v -> service '%v' not found", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 			return
 		}
 
 		svcCfg, found := svc.Config[sdk.ZrokProxyConfig]
 		if !found {
 			logrus.Warnf("%v -> no proxy config for '%v'", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 			return
 		}
 
@@ -175,7 +182,7 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		authScheme, found := svcCfg["auth_scheme"]
 		if !found {
 			logrus.Warnf("%v -> no auth scheme for '%v'", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
 			return
 		}
 

From f155ea77e71eebb23ec460cd6e0b49893c5bda24 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 15:24:04 -0400
Subject: [PATCH 2/9] unauthorized  (#1012)

---
 endpoints/proxy/frontend.go             |   4 +-
 endpoints/proxyUi/embed.go              |   2 +-
 endpoints/proxyUi/template.go           |  38 ++-
 endpoints/proxyUi/template.html         |   6 +
 endpoints/proxyUi/unauthorized.go       |  22 --
 endpoints/proxyUi/unauthorized.html     | 400 ------------------------
 endpoints/publicProxy/authOAuth.go      |  11 +-
 endpoints/publicProxy/config.go         |   8 +-
 endpoints/publicProxy/cookies.go        |  23 +-
 endpoints/publicProxy/http.go           |   7 +-
 endpoints/publicProxy/providerGithub.go |  76 +++--
 endpoints/publicProxy/providerGoogle.go |  53 ++--
 endpoints/publicProxy/providerOidc.go   |  63 ++--
 13 files changed, 168 insertions(+), 545 deletions(-)
 delete mode 100644 endpoints/proxyUi/unauthorized.go
 delete mode 100644 endpoints/proxyUi/unauthorized.html

diff --git a/endpoints/proxy/frontend.go b/endpoints/proxy/frontend.go
index 15283f33..7992194e 100644
--- a/endpoints/proxy/frontend.go
+++ b/endpoints/proxy/frontend.go
@@ -133,10 +133,10 @@ func newServiceProxy(cfg *FrontendConfig, ctx ziti.Context) (*httputil.ReversePr
 	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
 		logrus.Errorf("error proxying: %v", err)
 		proxyUi.WriteBadGateway(
-			w, proxyUi.TemplateData(
+			w, proxyUi.RequiredData(
 				"bad gateway!",
 				fmt.Sprintf("bad gateway for share <code>%v</code>!", cfg.ShrToken),
-			),
+			).WithError(err),
 			cfg.TemplatePath,
 		)
 	}
diff --git a/endpoints/proxyUi/embed.go b/endpoints/proxyUi/embed.go
index f31b4cc1..78f901d3 100644
--- a/endpoints/proxyUi/embed.go
+++ b/endpoints/proxyUi/embed.go
@@ -2,5 +2,5 @@ package proxyUi
 
 import "embed"
 
-//go:embed health.html intersititial.html unauthorized.html template.html
+//go:embed health.html intersititial.html template.html
 var FS embed.FS
diff --git a/endpoints/proxyUi/template.go b/endpoints/proxyUi/template.go
index bda1b17d..32f0d0c5 100644
--- a/endpoints/proxyUi/template.go
+++ b/endpoints/proxyUi/template.go
@@ -12,29 +12,54 @@ import (
 
 var externalTemplate []byte
 
-func WriteBadGateway(w http.ResponseWriter, variableData map[string]interface{}, templatePath string) {
+type VariableData map[string]interface{}
+
+func WriteBadGateway(w http.ResponseWriter, variableData VariableData, templatePath string) {
 	WriteTemplate(w, http.StatusBadGateway, variableData, templatePath)
 }
 
-func TemplateData(title, banner string) map[string]interface{} {
+func RequiredData(title, banner string) VariableData {
 	return map[string]interface{}{
 		"title":  title,
 		"banner": banner,
 	}
 }
 
-func NotFoundData(shareToken string) map[string]interface{} {
-	return TemplateData(
+func (vd VariableData) WithError(err error) VariableData {
+	vd["error"] = err.Error()
+	return vd
+}
+
+func NotFoundData(shareToken string) VariableData {
+	return RequiredData(
 		fmt.Sprintf("'%v' not found!", shareToken),
 		fmt.Sprintf("share <code>%v</code> not found!", shareToken),
 	)
 }
 
-func WriteNotFound(w http.ResponseWriter, variableData map[string]interface{}, templatePath string) {
+func WriteNotFound(w http.ResponseWriter, variableData VariableData, templatePath string) {
 	WriteTemplate(w, http.StatusNotFound, variableData, templatePath)
 }
 
-func WriteTemplate(w http.ResponseWriter, statusCode int, variableData map[string]interface{}, templatePath string) {
+func UnauthorizedData() VariableData {
+	return RequiredData(
+		"unauthorized!",
+		"user not authorized!",
+	)
+}
+
+func UnauthorizedUser(user string) VariableData {
+	return RequiredData(
+		"unauthorized!",
+		fmt.Sprintf("user <code>%v</code> not authorized to access share!", user),
+	)
+}
+
+func WriteUnauthorized(w http.ResponseWriter, variableData VariableData, templatePath string) {
+	WriteTemplate(w, http.StatusUnauthorized, variableData, templatePath)
+}
+
+func WriteTemplate(w http.ResponseWriter, statusCode int, variableData VariableData, templatePath string) {
 	if templatePath != "" && externalTemplate == nil {
 		if f, err := os.ReadFile(templatePath); err == nil {
 			externalTemplate = f
@@ -58,7 +83,6 @@ func WriteTemplate(w http.ResponseWriter, statusCode int, variableData map[strin
 		return
 	}
 
-	logrus.Warnf("merging variable data: %v", variableData)
 	var buf bytes.Buffer
 	if err := tmpl.Execute(&buf, variableData); err != nil {
 		logrus.Errorf("failed to execute template: %v", err)
diff --git a/endpoints/proxyUi/template.html b/endpoints/proxyUi/template.html
index b6dfd652..70829561 100644
--- a/endpoints/proxyUi/template.html
+++ b/endpoints/proxyUi/template.html
@@ -83,6 +83,12 @@
     <div id="container">
         <div id="info">
             <h1>{{ $.banner }}</h1>
+            
+            {{ if $.error }}
+            <div style="color: red; margin: 20px; padding: 15px; background-color: #ffe6e6; border: 1px solid #ff9999; border-radius: 5px;">
+                <strong>Error:</strong><code>{{ $.error }}</code>
+            </div>
+            {{ end }}
         </div>
     </div>
 </div>
diff --git a/endpoints/proxyUi/unauthorized.go b/endpoints/proxyUi/unauthorized.go
deleted file mode 100644
index 08d9c548..00000000
--- a/endpoints/proxyUi/unauthorized.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package proxyUi
-
-import (
-	"net/http"
-
-	"github.com/sirupsen/logrus"
-)
-
-func WriteUnauthorized(w http.ResponseWriter) {
-	if data, err := FS.ReadFile("unauthorized.html"); err == nil {
-		w.WriteHeader(http.StatusUnauthorized)
-		n, err := w.Write(data)
-		if n != len(data) {
-			logrus.Errorf("short write")
-			return
-		}
-		if err != nil {
-			logrus.Error(err)
-			return
-		}
-	}
-}
diff --git a/endpoints/proxyUi/unauthorized.html b/endpoints/proxyUi/unauthorized.html
deleted file mode 100644
index b2920124..00000000
--- a/endpoints/proxyUi/unauthorized.html
+++ /dev/null
@@ -1,400 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8"/>
-    <meta name="viewport" content="width=device-width, initial-scale=1"/>
-    <meta name="theme-color" content="#000000"/>
-    <meta name="description" content="zrok ui"/>
-    <link rel="preconnect" href="https://fonts.googleapis.com">
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Russo+One&display=swap" rel="stylesheet">
-    <title>zrok</title>
-    <style>
-        body {
-            margin: 0;
-            padding: 25;
-            font-family: 'JetBrains Mono', Consolas, 'Courier New', monospace;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-        }
-        h1, h2, h3, h4, h5, h6 {
-            font-family: 'Russo One', sans-serif;
-        }
-        table {
-            table-layout: fixed;
-            width: 100%;
-        }
-        td {
-            vertical-align: top;
-        }
-        td:last-child {
-            width: 80%;
-            overflow: clip;
-        }
-        td:first-child {
-            width: 20%;
-            overflow: auto;
-        }
-        #banner {
-            background-color: #3b2693;
-            text-align: center;
-            padding: 25px;
-            color: white;
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            height: 600px;
-            justify-content: center;
-        }
-        #banner h1 {
-            font-size: 64pt;
-        }
-        #container {
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        #info {
-            width: 920px;
-            text-align: center;
-        }
-        #info h1 {
-            font-size: 96pt;
-        }
-    </style>
-</head>
-<body>
-<div id="root">
-    <div id="banner">
-        <svg id="ziggy" viewBox="0 0 21.9 37.6" style="width: 200px; height: 343.38px;">
-            <style type="text/css">
-                .st0 {
-                    fill: #FFFFFF;
-                }
-
-                .st1 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FFFFFF;
-                }
-
-                .st2 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #A3A3A3;
-                }
-
-                .st3 {
-                    fill: #00001F;
-                }
-
-                .st4 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #B3B3B3;
-                }
-
-                .st5 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #E6E6E6;
-                }
-
-                .st6 {
-                    fill: #FFFFFF;
-                    stroke: #000000;
-                    stroke-width: 0.3;
-                    stroke-miterlimit: 10;
-                }
-
-                .st7 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FF0000;
-                }
-
-                .st8 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #00FF00;
-                }
-
-                .st9 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #06B806;
-                }
-
-                .st10 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                }
-
-                .st11 {
-                    fill: #B3B3B3;
-                }
-
-                .st12 {
-                    opacity: 0.25;
-                }
-
-                .st13 {
-                    fill: #FEFCF9;
-                }
-
-                .st14 {
-                    fill: none;
-                    stroke: #FFFFFF;
-                    stroke-width: 0.4;
-                    stroke-linecap: round;
-                    stroke-linejoin: round;
-                    stroke-miterlimit: 10;
-                }
-            </style>
-            <rect x="5.5" y="14.9" class="st0" width="10.7" height="5.7"/>
-            <polygon class="st0" points="16.9,35.4 17.3,35 17.2,34.5 17.1,34.2 16.2,26.5 6.1,26.6 5.1,34.2 4.9,34.8 5.4,35.2 7.3,35.1
-                        8.4,35.3 9,35.2 9.3,34.8 9.1,34.3 10.8,28.6 11.5,28.6 11.5,29.1 13,34.3 12.9,34.8 13.2,35.2 14,35.6 "/>
-            <g>
-                <g>
-                    <path class="st1" d="M16.4,16.1c0.3,0.1,2.8,0.8,3.4,1.7c0.5,0.9,2,4.8,2,5.8c0,0.1,0,2.6-0.2,3.3c-0.1,0.3-1.7,0.2-2.2,0.1,c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4c-0.2,0.6-2.1,1.6-2.1,1.6"/>
-                    <path class="st2" d="M21.7,26.4c0,0.2,0,0.3-0.1,0.4c-0.1,0.3-1.7,0.2-2.2,0.1c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4
-                                c-0.2,0.6-1.6,2.1-1.6,2.1l-0.3,0.1c-0.1-0.1,0.1-0.8,0.1-0.9c-0.4-0.8,1.5-2.6,1.7-2.9c0.3-0.3,0.5,0.1,0.5,0.7
-                                c0,0.5,0,0.6,0,0.6c0.9,3.7,0.5,4.5,0.5,4.5s0.2,0.1,0.9,0c0.7,0,0.9-0.2,0.9-0.2L21.7,26.4z"/>
-                    <path class="st3" d="M16.4,24.8c-1.6-2.7,2-0.6,2.2-1.8c0,0,0,0,0,0c0-0.5,0.1-1.1,0.2-1.5c0-0.2,0.1-0.4,0.1-0.4
-                                c0-0.1,0.1-0.1,0.1-0.1s0.1,0.1,0.1,0.1c0,0,0,0.2-0.1,0.4c0,0.2-0.1,0.4-0.1,0.6c0.1,0.1,0.2,0.3,0.2,0.4
-                                c0.1,0.3,0.3,0.9,0.4,1.7c0,0.2,0,0.3,0,0.5c0,0.4,0,0.9,0,1.3c0,0.4,0,0.8,0,0.8c0.3,0.1,0.8,0.1,1.4,0.1c0.3,0,0.6,0,0.6-0.1
-                                c0.2-0.6,0.2-2.7,0.2-3.1c0,0,0-0.1,0-0.1c0-0.4-0.3-1.4-0.6-2.4c-0.5-1.4-1.1-2.8-1.3-3.3c-0.2-0.3-0.6-0.6-1.1-0.8
-                                c-0.9-0.5-2-0.8-2.2-0.8 M16.5,16c0.2,0,1.3,0.4,2.3,0.8c0.5,0.3,1,0.6,1.2,0.9c0.3,0.5,0.9,2,1.4,3.4c0.4,1.1,0.6,2.1,0.6,2.5
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6-0.2,3.2c-0.1,0.2-0.4,0.3-0.8,0.3c-0.5,0-1.2,0-1.5-0.1c-0.2,0-0.2-0.5-0.1-1.1c0-0.4,0.1-0.9,0-1.3
-                                c-0.1-1-0.2-1.7-0.4-2.1c0,0.1-0.8,0-0.8,0.1 M17.4,23.3l0.8-0.3c-0.1,1.2-1.5,2-1.5,2.2"/>
-                    <path class="st1"
-                          d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.4,0.3,0.8,0.8,0.8h0.6c0.4,0,0.8-0.3,0.8-0.8V27z"/>
-                    <path class="st2" d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.2,0.3,0.4,0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H20
-                                c0.4,0.1,1,0.1,1.6,0V27z"/>
-                    <path class="st3" d="M21.7,26.8V27v1.3c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3h-0.6c-0.2,0-0.5-0.1-0.6-0.3
-                                c-0.2-0.2-0.3-0.4-0.3-0.6V27v-0.2h0.2h0.1h0l0,0c0.3,0,0.7,0.1,1.1,0.1c0.3,0,0.6,0,0.8-0.1l0,0h0h0H21.7z M20.6,27.2
-                                c-0.4,0-0.8,0-1-0.1v1.1c0,0.2,0.1,0.3,0.2,0.4c0.1,0.1,0.3,0.2,0.4,0.2h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C21.2,27.2,20.9,27.2,20.6,27.2L20.6,27.2z"/>
-                </g>
-                <g>
-                    <path class="st1" d="M5.5,16.2c-0.3,0.1-2.8,0.8-3.4,1.7c-0.5,0.9-2,4.8-2,5.8c0,0.1,0,2.6,0.2,3.3C0.4,27.2,2,27.2,2.5,27
-                                c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4C3.3,23,5.2,24,5.2,24"/>
-                    <path class="st2" d="M0.3,26.5c0,0.2,0,0.3,0.1,0.4C0.4,27.2,2,27.2,2.5,27c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4
-                                c0.2,0.6,1.6,2.1,1.6,2.1L5,24.7c0.1-0.1-0.1-0.8-0.1-0.9c0.4-0.8-1.5-2.6-1.7-2.9c-0.3-0.3-0.5,0.1-0.5,0.7c0,0.5,0,0.6,0,0.6
-                                c-0.9,3.7-0.5,4.5-0.5,4.5s-0.2,0.1-0.9,0c-0.7,0-0.9-0.2-0.9-0.2L0.3,26.5z"/>
-                    <path class="st3" d="M5.5,16.3c-0.2,0-1.3,0.3-2.2,0.8c-0.5,0.2-0.9,0.5-1.1,0.8c-0.3,0.5-0.9,2-1.3,3.3c-0.4,1-0.6,2-0.6,2.4
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6,0.2,3.1c0,0.1,0.3,0.1,0.6,0.1c0.5,0,1.1,0,1.4-0.1c0,0,0-0.4,0-0.8c0-0.4-0.1-0.9,0-1.3
-                                c0-0.2,0-0.3,0-0.5c0.1-0.8,0.2-1.4,0.4-1.7c0-0.1,0.1-0.3,0.2-0.4c0-0.2-0.1-0.4-0.1-0.6c0-0.2-0.1-0.4-0.1-0.4
-                                C2.8,21.1,2.9,21,3,21c0.1,0,0.1,0.1,0.1,0.1c0,0,0,0.2,0.1,0.4c0.1,0.4,0.1,1,0.2,1.5c0,0,0,0,0,0c0.2,1.3,3.8-0.8,2.2,1.8
-                                 M3.8,22.8c0-0.1-0.8,0-0.8-0.1c-0.1,0.4-0.3,1.1-0.4,2.1c0,0.4,0,0.9,0,1.3c0,0.6,0.1,1-0.1,1.1c-0.3,0.1-1,0.1-1.5,0.1
-                                c-0.4,0-0.8-0.1-0.8-0.3C0,26.4,0,24.2,0,23.8c0,0,0-0.1,0-0.1c0-0.4,0.3-1.4,0.6-2.5c0.5-1.4,1.1-2.9,1.4-3.4
-                                c0.2-0.3,0.6-0.7,1.2-0.9c0.9-0.5,2.1-0.8,2.3-0.8 M5.2,25.3c0-0.2-1.3-1-1.5-2.2l0.8,0.3"/>
-                    <path class="st1" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.4-0.3,0.8-0.8,0.8H1.2c-0.4,0-0.8-0.3-0.8-0.8V27.1z"/>
-                    <path class="st2" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.2-0.3,0.4-0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H2
-                                c-0.4,0.1-1,0.1-1.6,0V27.1z"/>
-                    <path class="st3" d="M0.4,26.9L0.4,26.9L0.4,26.9L0.4,26.9C0.6,27,1,27,1.3,27c0.4,0,0.8,0,1.1-0.1l0,0h0h0.1h0.2v0.2v1.3
-                                c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3H1.2c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.3v-0.2H0.4z M1.3,27.3
-                                c-0.3,0-0.5,0-0.7,0v1.1c0,0.2,0.1,0.3,0.2,0.4C0.8,28.9,1,29,1.2,29h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C2,27.3,1.7,27.3,1.3,27.3L1.3,27.3z"/>
-                </g>
-                <g>
-                    <path class="st2" d="M5.1,34.2h4.1l1.6-5.6c0.1,0,0.4,0,0.5,0l1.7,5.6h4.1l0-0.3c-0.1,0-0.1,0-0.2,0c-0.4,0.1-3.2,0-3.4,0
-                                c-0.2,0-1.6-4.9-1.6-5.1c0-0.2,0.3-0.1,0.6-0.6c0.3-0.5-0.4-0.5-0.4-0.5c-1,0.4-2,0-2,0c-0.9,0.6,0.2,1,0.2,1.1
-                                c0.1,0.1-1.3,5-1.5,5.1c-0.2,0.1-3.4,0-3.4,0s-0.1,0-0.2,0L5.1,34.2z"/>
-                    <path class="st3" d="M16.4,27.9 M6.1,27.3L6.1,27.3L6.1,27.3l-0.9,6.9h3.8l1.5-5.6c-0.4-0.1-0.5-0.3-0.5-0.3
-                                c-0.1-0.1-0.1-0.1,0-0.2c0.1-0.1,0.1-0.1,0.2,0c0,0,0.3,0.3,0.8,0.2c0.6,0,0.8-0.3,0.8-0.3c0.1-0.1,0.1,0,0.2,0
-                                c0.1,0.1,0.1,0.1,0,0.2c0,0-0.2,0.2-0.6,0.3l1.6,5.6h3.8l-0.7-7 M16.4,27.3l0.8,7.1l0,0.2h-0.2H13h-0.1l0-0.1l-1.6-5.7
-                                c-0.1,0-0.1,0-0.2,0c-0.1,0-0.1,0-0.2,0l-1.6,5.7l0,0.1H9.2H5.1H4.9l0-0.2l0.9-7.1"/>
-                    <path class="st4" d="M5.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4H5.4c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C4.9,35,5.1,35.2,5.4,35.2L5.4,35.2z"/>
-                    <path class="st3" d="M5.4,35.1h3.5C9,35.1,9,35,9.1,35c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2C9,34.5,9,34.4,8.9,34.4H5.4
-                                c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C5.2,35,5.3,35.1,5.4,35.1L5.4,35.1z M8.9,35.3H5.4
-                                c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C9.2,35.3,9,35.3,8.9,35.3L8.9,35.3z"/>
-                    <path class="st1" d="M4.8,37.5h4.4v-1.3C9.2,35.5,8.7,35,8,35H6.1c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st3" d="M5,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3H6.1c-0.3,0-0.6,0.1-0.8,0.3
-                                C5.1,35.6,5,35.9,5,36.2V37.4z M9.2,37.6H4.8H4.7v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4H8c0.4,0,0.7,0.2,1,0.4
-                                c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H9.2z"/>
-                    <path class="st4" d="M13.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4h-3.5c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C12.9,35,13.1,35.2,13.4,35.2L13.4,35.2z"/>
-                    <path class="st3" d="M13.4,35.1h3.5c0.1,0,0.2,0,0.2-0.1c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2c-0.1-0.1-0.1-0.1-0.2-0.1
-                                h-3.5c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C13.2,35,13.3,35.1,13.4,35.1L13.4,35.1z M16.9,35.3
-                                h-3.5c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C17.2,35.3,17,35.3,16.9,35.3L16.9,35.3z"/>
-                    <path class="st1" d="M13,37.5h4.4v-1.3c0-0.7-0.6-1.3-1.3-1.3h-1.8c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st4" d="M17.4,37.5H13v-1.3c0-0.3,0.1-0.7,0.4-0.9c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.3h3.8V37.5z"/>
-                    <path class="st3" d="M13.1,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3h-1.8c-0.3,0-0.6,0.1-0.8,0.3
-                                c-0.2,0.2-0.3,0.5-0.3,0.8V37.4z M17.4,37.6H13h-0.1v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4h1.8
-                                c0.4,0,0.7,0.2,1,0.4c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H17.4z"/>
-                    <path class="st4" d="M9.1,37.4H5v-1.2c0-0.3,0.1-0.6,0.4-0.8c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.2h3.6V37.4z"/>
-                </g>
-                <path class="st5" d="M2.5,15.4C2.3,15.1,2,15,2.1,13.6c0.1-0.9-0.1-2.4,1-2.1l0,5.5l-1.6,2.1c0,0-0.2-2.7,0-3.2
-                            C1.8,15.4,2.3,15.4,2.5,15.4L2.5,15.4z"/>
-                <path class="st4" d="M3.1,16.7l0,0.4l-1.6,2c0,0-0.1-1-0.1-1.9c0.3-0.3,0.7-0.5,1.1-0.7c0-0.1,0-0.2,0-0.4v-4.7
-                            c0.1-0.1,0.3-0.1,0.5,0L3.1,16.7L3.1,16.7z"/>
-                <path class="st3" d="M2.7,15.3c0-0.1-0.1-0.1-0.1-0.1c-0.2-0.2-0.3-0.4-0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8,0.1-1.1
-                            c0.1-0.2,0.2-0.4,0.5-0.4l0,5.3l-1.2,1.6c0-0.8-0.1-2.2,0-2.6c0.1-0.2,0.2-0.3,0.3-0.3c0.1,0,0.3,0,0.4,0l0.4,0L2.7,15.3z
-                            M1.9,13.6c0,1,0.1,1.4,0.2,1.6c-0.1,0-0.1,0-0.2,0c-0.2,0.1-0.4,0.2-0.6,0.6c-0.2,0.5,0,3.3,0,3.3l0,0.5l0.3-0.4l1.6-2.1l0-0.1V17
-                            l0-5.5l0-0.1l-0.1,0c-0.7-0.2-1,0.1-1.1,0.6c-0.1,0.3-0.1,0.8-0.1,1.2C1.9,13.3,1.9,13.4,1.9,13.6L1.9,13.6z"/>
-                <path class="st5" d="M6.1,10.5h-2c-0.6,0-1,0.5-1,1v5.3c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-5.3C7.2,11,6.7,10.5,6.1,10.5L6.1,10.5
-                            z"/>
-                <path class="st4" d="M3.1,16.5v0.7c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-0.2c0,0,0,0,0.1,0v-5.2c0-0.6-0.5-1-1-1h-2
-                            c-0.6,0-1,0.5-1,1v1.8c0.5,0.8,1.1,1.4,1.8,2C4.4,15.9,3.7,16.2,3.1,16.5L3.1,16.5z"/>
-                <path class="st3" d="M6.2,10.3h-2c-0.3,0-0.7,0.1-0.9,0.4C3.1,10.9,3,11.2,3,11.5v5.3c0,0.3,0.1,0.6,0.4,0.9
-                            C3.5,17.9,3.9,18,4.2,18h2c0.3,0,0.7-0.1,0.9-0.4c0.2-0.2,0.4-0.5,0.4-0.9v-5.3c0-0.3-0.1-0.6-0.4-0.9C6.8,10.5,6.5,10.3,6.2,10.3
-                            L6.2,10.3z M4.2,10.7h2c0.2,0,0.4,0.1,0.6,0.2C6.9,11.1,7,11.3,7,11.5v5.3c0,0.2-0.1,0.4-0.2,0.6c-0.2,0.1-0.4,0.2-0.6,0.2h-2
-                            c-0.2,0-0.4-0.1-0.6-0.2c-0.2-0.1-0.2-0.4-0.2-0.6v-5.3c0-0.2,0.1-0.4,0.2-0.6C3.7,10.8,4,10.7,4.2,10.7L4.2,10.7z"/>
-                <path class="st5" d="M19.4,15.4c0.2-0.3,0.5-0.4,0.4-1.8c-0.1-0.9,0.1-2.4-1-2.1l0,5.5l1.6,2.1c0,0,0.2-2.7,0-3.2
-                            C20.2,15.4,19.7,15.4,19.4,15.4L19.4,15.4z"/>
-                <path class="st4" d="M18.8,16.9l0,0.4l1.6,2c0,0,0.1-1,0.1-1.9c-0.3-0.3-0.7-0.5-1.1-0.7c0-0.1,0-0.2,0-0.4v-4.8
-                            c-0.1-0.1-0.3-0.1-0.5,0L18.8,16.9L18.8,16.9z"/>
-                <path class="st3" d="M19.3,15.3c0-0.1,0.1-0.1,0.1-0.1c0.2-0.2,0.3-0.4,0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8-0.1-1.1
-                            c-0.1-0.2-0.2-0.4-0.5-0.4l0,5.3l1.2,1.6c0-0.8,0.1-2.2,0-2.6c-0.1-0.2-0.2-0.3-0.3-0.3c-0.1,0-0.3,0-0.4,0l-0.4,0L19.3,15.3z
-                            M20,13.6c0,1-0.1,1.4-0.2,1.6c0.1,0,0.1,0,0.2,0c0.2,0.1,0.4,0.2,0.6,0.6c0.2,0.5,0,3.3,0,3.3l0,0.5l-0.3-0.4l-1.6-2.1l0-0.1
-                            l0-0.1l0-5.5l0-0.1l0.1,0c0.7-0.2,1,0.1,1.1,0.6c0.1,0.3,0.1,0.8,0.1,1.2C20,13.3,20,13.4,20,13.6L20,13.6z"/>
-                <path class="st5" d="M15.8,10.5h2c0.6,0,1,0.5,1,1v5.3c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-5.3C14.8,11,15.2,10.5,15.8,10.5
-                            L15.8,10.5z"/>
-                <path class="st4" d="M18.8,16.5v0.7c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-2c0.6,0,1,0,1,0C15.9,15.3,17.4,15.8,18.8,16.5
-                            L18.8,16.5z"/>
-                <path class="st3" d="M15.8,10.3h2c0.3,0,0.7,0.1,0.9,0.4c0.2,0.2,0.4,0.5,0.4,0.9v5.3c0,0.3-0.1,0.6-0.4,0.9
-                            c-0.2,0.2-0.5,0.4-0.9,0.4h-2c-0.3,0-0.7-0.1-0.9-0.4c-0.2-0.2-0.4-0.5-0.4-0.9v-5.3c0-0.3,0.1-0.6,0.4-0.9
-                            C15.1,10.5,15.4,10.3,15.8,10.3L15.8,10.3z M17.7,10.7h-2c-0.2,0-0.4,0.1-0.6,0.2c-0.2,0.1-0.2,0.4-0.2,0.6v5.3
-                            c0,0.2,0.1,0.4,0.2,0.6c0.2,0.1,0.4,0.2,0.6,0.2h2c0.2,0,0.4-0.1,0.6-0.2c0.2-0.1,0.2-0.4,0.2-0.6v-5.3c0-0.2-0.1-0.4-0.2-0.6
-                            C18.2,10.8,18,10.7,17.7,10.7L17.7,10.7z"/>
-                <g>
-                    <ellipse transform="matrix(0.9999 -1.050124e-02 1.050124e-02 0.9999 -0.2761 0.1189)" class="st6" cx="11.2"
-                             cy="26.4" rx="6.3" ry="2.7"/>
-                </g>
-                <path class="st2" d="M14.4,16.6c-0.3-0.1-0.6-0.2-0.6-0.2c-0.2,0-5.4,0-5.7,0c-0.1,0-0.5,0.1-1.1,0.3C9.2,18,12.2,18,14.4,16.6
-                            L14.4,16.6z"/>
-                <path class="st6" d="M3.2,18.6l0.1,6.1c0,1.8,3.6,3.3,7.9,3.2s7.7-1.6,7.8-3.4c0-0.2,0-2.9,0-6.4l-0.1-1.3c0,1.8-3.3,0.9-7.6,0.9
-                            s-8.1,0.9-8.1-0.9L3.2,18.6z"/>
-                <g>
-                    <g>
-                        <path class="st2" d="M15.7,16c-0.7-0.3-1.2-0.5-1.3-0.5c-0.9,1.3-0.7,7.7-0.8,7.9c-0.2,0.2-0.2,0.7-0.1,1.3
-                                    c0.1,0.6,1.5,1.1,1.8,0c0.4-1.1-0.4-1.4-0.4-1.4C14.6,20.8,15.3,16.8,15.7,16L15.7,16z"/>
-                        <path class="st2" d="M7.5,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.5,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.4,8.5,16.8,7.5,15.6L7.5,15.6z"/>
-                        <path class="st2" d="M7.6,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.6,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.3,8.5,16.8,7.6,15.6L7.6,15.6z"/>
-                        <path class="st2" d="M9.4,23.6h3.2c0.5,0,0.8,0.4,0.8,0.9v1.4c0,0.5-0.4,0.9-0.8,0.9H9.4c-0.5,0-0.8-0.4-0.8-0.9v-1.4
-                                    C8.5,24,8.9,23.6,9.4,23.6L9.4,23.6z"/>
-                        <path class="st1" d="M9.6,23.9h2.7c0.4,0,0.7,0.3,0.7,0.7v1.1c0,0.4-0.3,0.7-0.7,0.7H9.6c-0.4,0-0.7-0.3-0.7-0.7v-1.1
-                                    C8.9,24.3,9.2,23.9,9.6,23.9L9.6,23.9z"/>
-                        <path class="st2" d="M11.5,23.9h0.3c0.5,0.1,0.9,0.5,0.9,1c0,0.6-0.5,1-1,1c-0.6,0-1-0.5-1-1C10.6,24.4,11,24,11.5,23.9
-                                    L11.5,23.9z"/>
-                        <path class="st2" d="M10,24.2c0.4,0,0.8,0.3,0.8,0.8c0,0.4-0.3,0.8-0.8,0.8c-0.4,0-0.8-0.3-0.8-0.8C9.2,24.6,9.5,24.2,10,24.2
-                                    L10,24.2z"/>
-                        <path class="st7" d="M11.6,24.3c0.4,0,0.7,0.3,0.7,0.7c0,0.4-0.3,0.7-0.7,0.7c-0.4,0-0.7-0.3-0.7-0.7
-                                    C10.9,24.6,11.2,24.3,11.6,24.3L11.6,24.3z"/>
-                        <path class="st3" d="M11.6,24.1c0.2,0,0.4,0.1,0.6,0.2c0.1,0.1,0.2,0.4,0.2,0.6c0,0.2-0.1,0.4-0.2,0.6c-0.1,0.1-0.4,0.2-0.6,0.2
-                                    c-0.2,0-0.4-0.1-0.6-0.2c-0.1-0.1-0.2-0.4-0.2-0.6c0-0.2,0.1-0.4,0.2-0.6C11.1,24.2,11.3,24.1,11.6,24.1L11.6,24.1z M11.9,24.6
-                                    c-0.1-0.1-0.2-0.2-0.4-0.2c-0.1,0-0.3,0.1-0.4,0.2c-0.1,0.1-0.2,0.2-0.2,0.4c0,0.1,0.1,0.3,0.2,0.4c0.1,0.1,0.2,0.2,0.4,0.2
-                                    c0.1,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4C12.1,24.8,12,24.7,11.9,24.6L11.9,24.6z"/>
-                        <path class="st8" d="M10,24.6c0.2,0,0.4,0.2,0.4,0.4c0,0.2-0.2,0.4-0.4,0.4c-0.2,0-0.4-0.2-0.4-0.4C9.5,24.7,9.7,24.6,10,24.6
-                                    L10,24.6z"/>
-                        <path class="st9" d="M10.3,24.7c0.1,0.1,0.1,0.2,0.1,0.3c0,0.2-0.2,0.4-0.4,0.4c-0.2-0.1-0.3-0.2-0.2-0.2
-                                    C10,25.2,10.2,25,10.3,24.7C10.2,24.8,10.2,24.7,10.3,24.7L10.3,24.7z"/>
-                        <path class="st3" d="M10,24.4c0.2,0,0.3,0.1,0.4,0.2c0.1,0.1,0.2,0.2,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4c-0.1,0.1-0.2,0.2-0.4,0.2
-                                    c-0.2,0-0.3-0.1-0.4-0.2S9.4,25.1,9.4,25c0-0.2,0.1-0.3,0.2-0.4C9.7,24.5,9.8,24.4,10,24.4L10,24.4z M10.2,24.8
-                                    c0,0-0.1-0.1-0.2-0.1c-0.1,0-0.1,0-0.2,0.1c0,0-0.1,0.1-0.1,0.2c0,0.1,0,0.1,0.1,0.2c0,0,0.1,0.1,0.2,0.1c0.1,0,0.1,0,0.2-0.1
-                                    c0,0,0.1-0.1,0.1-0.2C10.2,24.9,10.2,24.8,10.2,24.8L10.2,24.8z"/>
-                        <path class="st3" d="M9.6,23.8h2.7c0.2,0,0.5,0.1,0.6,0.3c0.2,0.2,0.3,0.4,0.3,0.6v1.1c0,0.2-0.1,0.5-0.3,0.6
-                                    c-0.2,0.2-0.4,0.3-0.6,0.3H9.6c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.1c0-0.2,0.1-0.5,0.3-0.6
-                                    C9.1,23.9,9.4,23.8,9.6,23.8L9.6,23.8z M12.3,24.1H9.6c-0.2,0-0.3,0.1-0.4,0.2C9.1,24.4,9,24.5,9,24.7v1.1c0,0.2,0.1,0.3,0.2,0.4
-                                    c0.1,0.1,0.2,0.2,0.4,0.2h2.7c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4v-1.1c0-0.2-0.1-0.3-0.2-0.4
-                                    C12.7,24.2,12.5,24.1,12.3,24.1L12.3,24.1z"/>
-                        <path class="st3" d="M7.5,23.6h0.1C8,20.3,7.3,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.5,23.6L7.5,23.6z
-                                    M7.9,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.3
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6L6.4,16l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.4,15.8,8.3,19.8,7.9,23.7L7.9,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24.1,7.9,24,7.8,23.9C7.8,24,7.8,24,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M7.6,23.6h0.1C8,20.2,7.4,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.6,23.6L7.6,23.6z
-                                    M8,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.4
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6l-0.1-0.1l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.5,15.8,8.4,19.8,8,23.7L8,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24,7.9,24,7.8,23.9C7.9,23.9,7.8,23.9,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M14.4,23.5h-0.1c-0.3-3.4,0.3-6.8,0.5-7.6L15,16c-0.6,1.5-0.8,4.3-0.8,6C14.3,22.4,14.3,23,14.4,23.5
-                                    L14.4,23.5z M13.9,23.5c0,0-0.1,0-0.1,0.1c-0.1,0.1-0.1,0.2-0.1,0.3v0.4c0,0.1,0.1,0.2,0.1,0.3c0.1,0.1,0.2,0.1,0.3,0.1h0.4
-                                    c0.1,0,0.2-0.1,0.3-0.1c0.1-0.1,0.1-0.2,0.1-0.3v-0.4c0-0.1-0.1-0.2-0.1-0.3c-0.1-0.1-0.1-0.1-0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8,0.1-4.6,0.8-6l0.1-0.1l-0.2-0.1l-0.6-0.2l-0.2-0.1l0,0.2C14.5,15.6,13.5,19.7,13.9,23.5L13.9,23.5z
-                                    M14.1,23.8L14.1,23.8l0.4,0c0,0,0.1,0,0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0-0.1,0-0.1,0h-0.4c0,0-0.1,0-0.1,0
-                                    c0,0,0-0.1,0-0.1v-0.4C14,23.9,14,23.8,14.1,23.8C14.1,23.8,14.1,23.8,14.1,23.8L14.1,23.8z"/>
-                    </g>
-                </g>
-                <path class="st4" d="M15.5,10.6h2c0.6,0,1,0.5,1,1v1.8c-0.6,0.9-1.3,1.7-2.2,2.4c-0.6,0.4,0,0-0.6,0.2l-0.3-4.3
-                            C15.4,11.2,15,10.6,15.5,10.6L15.5,10.6z"/>
-                <path class="st10" d="M5.4,2.1c3.7-2.8,9.1-2.1,12,1.5c2.9,3.6,2.2,8.9-1.6,11.7c-3.7,2.8-9.1,2.1-12-1.5C1,10.2,1.7,4.9,5.4,2.1
-                            L5.4,2.1z"/>
-                <path class="st1" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-1,0c-0.6,0-1,0.5-1,1l0,1.4C0.3,10.2,0.8,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st1" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l1,0c0.6,0,1,0.5,1,1l0,1.4C20.9,10.1,20.4,10.6,19.9,10.5
-                            L19.9,10.5z"/>
-                <path d="M5.3,2c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c1.5,1.9,2,4.2,1.7,6.3c-0.3,2.2-1.4,4.2-3.4,5.7
-                            c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3c-1.5-1.9-2-4.2-1.7-6.3C2.2,5.5,3.3,3.4,5.3,2L5.3,2z M11.7,0.7
-                            C9.6,0.5,7.4,1,5.6,2.3C3.7,3.7,2.7,5.6,2.4,7.7c-0.3,2.1,0.3,4.2,1.7,6c1.4,1.8,3.4,2.8,5.5,3.1c2.1,0.3,4.3-0.2,6.1-1.6
-                            c1.8-1.4,2.9-3.3,3.2-5.4c0.3-2.1-0.3-4.2-1.7-6C15.8,2,13.8,1,11.7,0.7L11.7,0.7z"/>
-                <path class="st2" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-0.8,0C1.4,8.1,1.2,8.9,1.3,9.9l-0.9,0c0,0-0.1,0-0.1,0.1
-                            C0.5,10.3,0.9,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st2" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l0.8,0C19.8,8,20,8.9,19.8,9.9l0.9,0c0,0,0.1,0,0.1,0.1
-                            C20.7,10.3,20.3,10.5,19.9,10.5L19.9,10.5z"/>
-                <path class="st3" d="M1.3,10.8l0.9,0l0.3,0l-0.1-0.3C2.3,10,2.3,9.4,2.3,8.9c0-0.5,0.1-1.1,0.2-1.6l0,0l0,0l0,0l0-0.2l-0.2,0l-1,0
-                            l0,0C0.9,7,0.6,7.1,0.3,7.3C0.1,7.6,0,7.9,0,8.2v0l0,1.4c0,0.3,0.2,0.6,0.4,0.9C0.7,10.7,1,10.8,1.3,10.8L1.3,10.8z M1.9,10.3
-                            l-0.6,0c-0.2,0-0.4-0.1-0.6-0.2C0.6,10,0.5,9.8,0.5,9.6l0-1.4l0,0c0-0.2,0.1-0.4,0.2-0.5C0.8,7.5,1,7.4,1.2,7.4h0l0.7,0
-                            c-0.1,0.5-0.1,1-0.2,1.5C1.8,9.4,1.9,9.8,1.9,10.3L1.9,10.3z"/>
-                <path class="st3" d="M19.9,10.8l-0.9,0l-0.3,0l0.1-0.3c0.1-0.5,0.2-1.1,0.1-1.6c0-0.5-0.1-1.1-0.2-1.6l0,0l0,0l0,0l0-0.2l0.2,0l1,0
-                            h0c0.3,0,0.7,0.2,0.9,0.4c0.2,0.2,0.4,0.5,0.3,0.9v0l0,1.4c0,0.3-0.2,0.6-0.4,0.9C20.5,10.6,20.2,10.8,19.9,10.8L19.9,10.8z
-                            M19.3,10.3l0.6,0c0.2,0,0.4-0.1,0.6-0.2c0.1-0.1,0.2-0.3,0.2-0.5l0-1.4l0,0c0-0.2-0.1-0.4-0.2-0.5c-0.1-0.1-0.3-0.2-0.5-0.2l0,0
-                            l-0.7,0c0.1,0.5,0.1,1,0.2,1.5C19.4,9.3,19.3,9.8,19.3,10.3L19.3,10.3z"/>
-                <path class="st1" d="M19.1,9.8c-0.3,2.1-1.4,4.2-3.3,5.6c-3.7,2.8-9.1,2.1-12-1.5c-0.6-0.8-1.1-1.7-1.4-2.6
-                            C5.7,16.6,14.9,18.9,19.1,9.8L19.1,9.8z"/>
-                <path class="st3" d="M19.4,9.8c-0.1,1.1-0.5,2.2-1.1,3.2c-0.6,1-1.3,1.8-2.3,2.5c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3
-                            c-0.3-0.4-0.6-0.8-0.8-1.3c-0.2-0.5-0.4-0.9-0.6-1.4L1.9,9.8l0.7,1.3c1,1.7,2.6,3.1,4.5,3.9c1.2,0.5,2.4,0.8,3.7,0.8
-                            c1.3,0,2.5-0.3,3.7-1c1.7-0.9,3.2-2.6,4.3-5.1l0.5-1.4L19.4,9.8z M17.8,12.8c0.2-0.4,0.4-0.8,0.6-1.2c-1,1.7-2.3,2.8-3.6,3.6
-                            c-1.3,0.7-2.6,1-4,1.1c-1.3,0-2.7-0.3-3.9-0.8c-1.2-0.5-2.4-1.3-3.3-2.3c0.1,0.2,0.3,0.4,0.4,0.6c1.4,1.8,3.4,2.8,5.5,3.1
-                            c2.1,0.3,4.3-0.2,6.1-1.6C16.6,14.5,17.3,13.7,17.8,12.8L17.8,12.8z"/>
-                <path class="st1" d="M5.4,2c3.7-2.8,9.1-2.1,12,1.5c1.4,1.8,2,4,1.7,6.1c-0.8-3.3-2.3-5.1-4.3-6.1c-3.1-1.6-6.3-1.8-9.6,1
-                            c-2.4,2-2.7,4.5-2.8,6.6C1.4,7.8,2.5,4.1,5.4,2L5.4,2z"/>
-                <path class="st3" d="M5.3,1.8c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c0.7,0.9,1.2,1.9,1.5,3c0.3,1.1,0.4,2.2,0.2,3.3
-                            l-0.2,1.3l-0.3-1.3c-0.4-1.6-0.9-2.9-1.6-3.9c-0.7-1-1.6-1.6-2.5-2.1c-1.5-0.8-3-1.2-4.6-1.1C8.6,2.6,7,3.2,5.4,4.6
-                            c-1.2,1-1.8,2.1-2.2,3.2C2.9,8.9,2.8,10,2.7,11l-0.1,1.2l-0.4-1.2c-0.5-1.7-0.5-3.5,0-5.1C2.8,4.3,3.8,2.9,5.3,1.8L5.3,1.8z
-                            M11.7,0.5C9.6,0.3,7.4,0.8,5.6,2.1c-1.4,1-2.4,2.4-2.9,3.9C2.3,7.2,2.2,8.3,2.4,9.5c0.1-0.6,0.2-1.2,0.4-1.9
-                            c0.4-1.2,1.1-2.3,2.3-3.4c1.7-1.4,3.3-2.1,5-2.2c1.6-0.1,3.3,0.4,4.8,1.2c1,0.5,1.9,1.3,2.7,2.3C18.1,6.2,18.6,7,18.9,8
-                            c0-0.5-0.1-1.1-0.3-1.6c-0.3-1-0.8-1.9-1.4-2.8C15.8,1.9,13.8,0.8,11.7,0.5L11.7,0.5z"/>
-                <path class="st5" d="M19.2,8.8c0,0.2,0,0.5-0.1,0.7c-0.8-3.3-2.3-5.1-4.3-6.1C11.7,1.8,7.4,1.9,4.7,4.6C3.9,5.4,2.5,7.2,2.4,9.7
-                            C2,7.2,3,4.9,5.4,3c3.7-2.8,9.1-2.1,12,1.5C18.5,5.8,19,7.3,19.2,8.8L19.2,8.8z"/>
-                <path class="st3" d="M19.4,8.8c0,0.1,0,0.3,0,0.4c0,0.1,0,0.2,0,0.4l-0.1,1.1l-0.2-1.1C18.5,8,18,6.7,17.3,5.7
-                            c-0.7-1-1.6-1.6-2.5-2.1c-1.6-0.8-3.5-1.2-5.3-1C7.7,2.8,6.1,3.5,4.9,4.7C4.4,5.2,3.7,6,3.2,7.1C2.9,7.8,2.6,8.7,2.6,9.7l-0.1,2.1
-                            l-0.3-2C2,8.4,2.1,7.2,2.7,6c0.5-1.1,1.4-2.2,2.6-3.1l0,0l0,0c1.9-1.4,4.2-2,6.5-1.7c2.2,0.3,4.3,1.4,5.8,3.2l0,0l0,0
-                            c0.5,0.6,0.9,1.3,1.2,2.1C19.1,7.3,19.3,8,19.4,8.8L19.4,8.8L19.4,8.8z M17.6,5.5c0.5,0.7,0.9,1.4,1.2,2.4
-                            c-0.1-0.4-0.2-0.8-0.4-1.2c-0.3-0.7-0.7-1.4-1.2-2l0,0c-1.4-1.8-3.4-2.8-5.5-3.1C9.6,1.3,7.4,1.8,5.6,3.2l0,0c-1.2,0.9-2,1.9-2.5,3
-                            c-0.2,0.5-0.4,1-0.5,1.5c0.1-0.2,0.2-0.5,0.3-0.7c0.5-1.1,1.3-2,1.8-2.5c1.3-1.3,3-2,4.8-2.2c1.9-0.2,3.9,0.2,5.5,1
-                            C16,3.8,16.9,4.5,17.6,5.5L17.6,5.5z"/>
-                <path class="st5" d="M3.8,8.2c0,0,1.4-4.1,6.2-4.5c0.5-0.1,1.1,1.3,0.4,1.4c-0.7,0.2-3.6,0.6-5.4,4C4.7,9.4,3.5,8.9,3.8,8.2
-                            L3.8,8.2z"/>
-                <path class="st5" d="M12.4,5.1c0.4,0,0.7-0.3,0.7-0.7c0-0.4-0.3-0.7-0.7-0.7c-0.4,0-0.7,0.3-0.7,0.7C11.7,4.8,12,5.1,12.4,5.1
-                            L12.4,5.1z"/>
-                <path class="st11" d="M10.9,18.4l-1.5,2.3l0.9,0.6l0.1-0.2l0.5,2.2l1.5-2.3l-0.8-0.5l-0.1,0.2L10.9,18.4z M11.6,20.7l0.4,0.2
-                            l-1,1.5l-0.5-2.2l-0.4,0.6l-0.4-0.2l1-1.5l0.4,2.1L11.6,20.7z"/>
-                <g class="st12">
-                    <circle class="st13" cx="14.1" cy="8.9" r="1.8"/>
-                    <circle cx="14.4" cy="8.7" r="0.7"/>
-                    <circle class="st13" cx="7.1" cy="8.9" r="1.8"/>
-                    <path id="XMLID_00000028285902548687721290000002641907447975500945_" class="st14" d="M10.8,14.1c-1.6,0-2.7-0.7-3.3-1.1
-                                c-0.1-0.1-0.1-0.2,0-0.3c0.1-0.1,0.2-0.1,0.3,0c0.5,0.4,1.7,1.1,3.3,1c1.4,0,2.4-0.7,2.9-1c0.1-0.1,0.2,0,0.3,0
-                                c0.1,0.1,0,0.2,0,0.3c-0.5,0.4-1.6,1-3.1,1.1C10.9,14.1,10.9,14.1,10.8,14.1z"/>
-                    <circle cx="7.6" cy="8.6" r="0.7"/>
-                </g>
-            </g>
-        </svg>
-        <h1>zrok</h1>
-    </div>
-    <div id="container">
-        <div id="info">
-            <h1>Unauthorized</h1>
-        </div>
-    </div>
-</div>
-</body>
-</html>
diff --git a/endpoints/publicProxy/authOAuth.go b/endpoints/publicProxy/authOAuth.go
index fde57fd9..5925bc36 100644
--- a/endpoints/publicProxy/authOAuth.go
+++ b/endpoints/publicProxy/authOAuth.go
@@ -58,7 +58,7 @@ func (h *authHandler) handleOAuth(w http.ResponseWriter, r *http.Request, cfg ma
 		return false
 	}
 
-	if !h.validateEmailDomain(w, oauthMap, cookie) {
+	if !h.validateEmailDomain(w, oauthMap, cookie, h.cfg) {
 		return false
 	}
 
@@ -105,7 +105,7 @@ func (h *authHandler) validateOAuthToken(w http.ResponseWriter, r *http.Request,
 	return true
 }
 
-func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[string]interface{}, cookie *http.Cookie) bool {
+func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[string]interface{}, cookie *http.Cookie, cfg *Config) bool {
 	if patterns, found := oauthCfg["email_domains"].([]interface{}); found && len(patterns) > 0 {
 		tkn, _ := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 			return h.signingKey, nil
@@ -116,8 +116,9 @@ func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[st
 			if castedPattern, ok := pattern.(string); ok {
 				match, err := glob.Compile(castedPattern)
 				if err != nil {
-					logrus.Errorf("invalid email address pattern glob '%v': %v", pattern, err)
-					proxyUi.WriteUnauthorized(w)
+					err := fmt.Errorf("invalid email address pattern glob '%v': %v", pattern, err)
+					logrus.Error(err)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(err), cfg.TemplatePath)
 					return false
 				}
 				if match.Match(claims.Email) {
@@ -126,7 +127,7 @@ func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[st
 			}
 		}
 		logrus.Warnf("unauthorized email '%v'", claims.Email)
-		proxyUi.WriteUnauthorized(w)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email), cfg.TemplatePath)
 		return false
 	}
 	return true
diff --git a/endpoints/publicProxy/config.go b/endpoints/publicProxy/config.go
index d13f3520..4a295e88 100644
--- a/endpoints/publicProxy/config.go
+++ b/endpoints/publicProxy/config.go
@@ -102,7 +102,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 			if t, found := mv["type"]; found {
 				switch t {
 				case "github":
-					cfger, err := newGithubConfigurer(cfg.Oauth, tls, mv)
+					cfger, err := newGithubConfigurer(cfg, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -111,7 +111,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 					}
 
 				case "google":
-					cfger, err := newGoogleConfigurer(cfg.Oauth, tls, mv)
+					cfger, err := newGoogleConfigurer(cfg, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -120,7 +120,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 					}
 
 				case "oidc":
-					cfger, err := newOidcConfigurer(cfg.Oauth, tls, mv)
+					cfger, err := newOidcConfigurer(cfg, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -140,7 +140,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 	}
 
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		proxyUi.WriteUnauthorized(w)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData(), cfg.TemplatePath)
 	})
 
 	zhttp.StartServer(ctx, cfg.Oauth.BindAddress)
diff --git a/endpoints/publicProxy/cookies.go b/endpoints/publicProxy/cookies.go
index 76412f9a..6e3ae2d2 100644
--- a/endpoints/publicProxy/cookies.go
+++ b/endpoints/publicProxy/cookies.go
@@ -7,11 +7,13 @@ import (
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/openziti/zrok/endpoints/proxyUi"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
 type sessionCookieRequest struct {
-	cfg             *OauthConfig
+	cfg             *Config
+	oauthCfg        *OauthConfig
 	supportsRefresh bool
 	email           string
 	accessToken     string
@@ -25,8 +27,9 @@ type sessionCookieRequest struct {
 func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	targetHost := strings.TrimSpace(req.targetHost)
 	if targetHost == "" {
-		logrus.Error("targetHost claim must not be empty")
-		proxyUi.WriteUnauthorized(w)
+		err := errors.New("targetHost claim must not be empty")
+		logrus.Error(err)
+		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err), req.cfg.TemplatePath)
 		return
 	}
 	targetHost = strings.Split(targetHost, "/")[0]
@@ -34,7 +37,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	encryptedAccessToken, err := encryptToken(req.accessToken, req.encryptionKey)
 	if err != nil {
 		logrus.Errorf("failed to encrypt access token: %v", err)
-		proxyUi.WriteUnauthorized(w)
+		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(errors.New("failed to encrypt access token")), req.cfg.TemplatePath)
 		return
 	}
 
@@ -47,23 +50,23 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 		RefreshInterval: req.refreshInterval,
 		NextRefresh:     time.Now().Add(req.refreshInterval),
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(req.cfg.SessionLifetime)),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(req.oauthCfg.SessionLifetime)),
 		},
 	})
 	sTkn, err := tkn.SignedString(req.signingKey)
 	if err != nil {
 		logrus.Errorf("error signing jwt: %v", err)
-		proxyUi.WriteUnauthorized(w)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(req.email).WithError(errors.New("error signing jwt")), req.cfg.TemplatePath)
 		return
 	}
 
 	http.SetCookie(w, &http.Cookie{
-		Name:    req.cfg.CookieName,
+		Name:    req.oauthCfg.CookieName,
 		Value:   sTkn,
-		MaxAge:  int(req.cfg.SessionLifetime.Seconds()),
-		Domain:  req.cfg.CookieDomain,
+		MaxAge:  int(req.oauthCfg.SessionLifetime.Seconds()),
+		Domain:  req.oauthCfg.CookieDomain,
 		Path:    "/",
-		Expires: time.Now().Add(req.cfg.SessionLifetime),
+		Expires: time.Now().Add(req.oauthCfg.SessionLifetime),
 		// Secure:  true, // pending server tls feature https://github.com/openziti/zrok/issues/24
 		HttpOnly: true,                 // enabled because zrok frontend is the only intended consumer of this cookie, not client-side scripts
 		SameSite: http.SameSiteLaxMode, // explicitly set to the default Lax mode which allows the zrok share to be navigated to from another site and receive the cookie
diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go
index f0aeb083..5f4ef908 100644
--- a/endpoints/publicProxy/http.go
+++ b/endpoints/publicProxy/http.go
@@ -107,7 +107,7 @@ func newServiceProxy(cfg *Config, ctx ziti.Context) (*httputil.ReverseProxy, err
 		logrus.Errorf("error proxying: %v", err)
 		proxyUi.WriteBadGateway(
 			w,
-			proxyUi.TemplateData(
+			proxyUi.RequiredData(
 				"bad gateway!",
 				"bad gateway!",
 			),
@@ -206,8 +206,9 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 			}
 
 		default:
-			logrus.Infof("invalid auth scheme '%v'", authScheme)
-			proxyUi.WriteUnauthorized(w)
+			err := fmt.Errorf("invalid auth scheme '%v'", authScheme)
+			logrus.Error(err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(err), cfg.TemplatePath)
 		}
 	}
 }
diff --git a/endpoints/publicProxy/providerGithub.go b/endpoints/publicProxy/providerGithub.go
index d89a97ed..dd920739 100644
--- a/endpoints/publicProxy/providerGithub.go
+++ b/endpoints/publicProxy/providerGithub.go
@@ -13,6 +13,7 @@ import (
 	"github.com/google/uuid"
 	"github.com/mitchellh/mapstructure"
 	"github.com/openziti/zrok/endpoints/proxyUi"
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/zitadel/oidc/v3/pkg/client/rp"
 	zhttp "github.com/zitadel/oidc/v3/pkg/http"
@@ -22,12 +23,12 @@ import (
 )
 
 type githubConfigurer struct {
-	cfg       *OauthConfig
+	cfg       *Config
 	githubCfg *githubConfig
 	tls       bool
 }
 
-func newGithubConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*githubConfigurer, error) {
+func newGithubConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*githubConfigurer, error) {
 	c := &githubConfigurer{cfg: cfg}
 	githubCfg, err := newGithubConfig(v)
 	if err != nil {
@@ -58,20 +59,20 @@ func (c *githubConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
 
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
 	rpConfig := &oauth2.Config{
 		ClientID:     c.githubCfg.ClientId,
 		ClientSecret: c.githubCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.githubCfg.Name),
+		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.githubCfg.Name),
 		Scopes:       []string{"user:email"},
 		Endpoint:     githubOAuth.Endpoint,
 	}
@@ -95,8 +96,9 @@ func (c *githubConfigurer) configure() error {
 		return func(w http.ResponseWriter, r *http.Request) {
 			targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 			if err != nil {
-				logrus.Errorf("unable to unescape targetHost: %v", err)
-				proxyUi.WriteUnauthorized(w)
+				err := fmt.Errorf("unable to unescape targetHost: %v", err)
+				logrus.Error(err)
+				proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err), c.cfg.TemplatePath)
 				return
 			}
 			rp.AuthURLHandler(func() string {
@@ -106,7 +108,7 @@ func (c *githubConfigurer) configure() error {
 					TargetHost:      targetHost,
 					RefreshInterval: r.URL.Query().Get("refreshInterval"),
 					RegisteredClaims: jwt.RegisteredClaims{
-						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
+						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
 						IssuedAt:  jwt.NewNumericDate(time.Now()),
 						NotBefore: jwt.NewNumericDate(time.Now()),
 						Issuer:    "zrok",
@@ -129,8 +131,9 @@ func (c *githubConfigurer) configure() error {
 			return signingKey, nil
 		})
 		if err != nil {
-			logrus.Errorf("error parsing intermediate token: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrap(err, "error parsing intermediate token")
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 
@@ -138,15 +141,17 @@ func (c *githubConfigurer) configure() error {
 		if v, err := time.ParseDuration(token.Claims.(*IntermediateJWT).RefreshInterval); err == nil {
 			refreshInterval = v
 		} else {
-			logrus.Errorf("unable to parse authorization check interval: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrapf(err, "unable to parse authorization check interval '%v'", token.Claims.(*IntermediateJWT).RefreshInterval)
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 
 		parsedUrl, err := url.Parse("https://api.github.com/user/emails")
 		if err != nil {
-			logrus.Errorf("unable to parse api.github.com url: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrap(err, "error parsing github url")
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 		req := &http.Request{
@@ -157,8 +162,9 @@ func (c *githubConfigurer) configure() error {
 		req.Header.Add("Authorization", fmt.Sprintf("Bearer %s", tokens.AccessToken))
 		resp, err := http.DefaultClient.Do(req)
 		if err != nil {
-			logrus.Errorf("error getting user info from github: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrap(err, "error getting user info from github")
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 		defer func() {
@@ -166,15 +172,17 @@ func (c *githubConfigurer) configure() error {
 		}()
 		response, err := io.ReadAll(resp.Body)
 		if err != nil {
-			logrus.Errorf("error reading response body: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrap(err, "error reading response body from github")
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 		var rDat []githubUserResp
 		err = json.Unmarshal(response, &rDat)
 		if err != nil {
-			logrus.Errorf("error unmarshalling github oauth response: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			errOut := errors.Wrap(err, "error unmarshalling response from github")
+			logrus.Error(errOut)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
 			return
 		}
 
@@ -187,7 +195,7 @@ func (c *githubConfigurer) configure() error {
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			cfg:             c.cfg,
+			oauthCfg:        c.cfg.Oauth,
 			supportsRefresh: false,
 			email:           primaryEmail,
 			accessToken:     tokens.AccessToken,
@@ -203,7 +211,7 @@ func (c *githubConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.githubCfg.Name), rp.CodeExchangeHandler(login, provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.CookieName)
+		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -218,7 +226,7 @@ func (c *githubConfigurer) configure() error {
 							strings.NewReader(fmt.Sprintf(`{"access_token":"%s"}`, accessToken)))
 						if err != nil {
 							logrus.Errorf("error creating access token delete request for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error creating access token delete request")), c.cfg.TemplatePath)
 							return
 						}
 
@@ -228,7 +236,7 @@ func (c *githubConfigurer) configure() error {
 						resp, err := http.DefaultClient.Do(req)
 						if err != nil {
 							logrus.Errorf("error invoking access token delete request for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error executing access token delete request")), c.cfg.TemplatePath)
 							return
 						}
 						defer resp.Body.Close()
@@ -237,42 +245,42 @@ func (c *githubConfigurer) configure() error {
 							logrus.Infof("revoked github access token for '%v'", claims.Email)
 						} else {
 							logrus.Errorf("access token revocation failed with status: %v", resp.StatusCode)
-							proxyUi.WriteUnauthorized(w)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.githubCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")), c.cfg.TemplatePath)
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
-			proxyUi.WriteUnauthorized(w)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")), c.cfg.TemplatePath)
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.CookieName,
+			Name:     c.cfg.Oauth.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.CookieDomain,
+			Domain:   c.cfg.Oauth.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.githubCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.githubCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}
diff --git a/endpoints/publicProxy/providerGoogle.go b/endpoints/publicProxy/providerGoogle.go
index c3ff39e8..c30e205f 100644
--- a/endpoints/publicProxy/providerGoogle.go
+++ b/endpoints/publicProxy/providerGoogle.go
@@ -2,6 +2,7 @@ package publicProxy
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -21,12 +22,12 @@ import (
 )
 
 type googleConfigurer struct {
-	cfg       *OauthConfig
+	cfg       *Config
 	googleCfg *googleConfig
 	tls       bool
 }
 
-func newGoogleConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*googleConfigurer, error) {
+func newGoogleConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*googleConfigurer, error) {
 	c := &googleConfigurer{cfg: cfg}
 	googleCfg, err := newGoogleConfig(v)
 	if err != nil {
@@ -57,20 +58,20 @@ func (c *googleConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
 
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
 	rpConfig := &oauth2.Config{
 		ClientID:     c.googleCfg.ClientId,
 		ClientSecret: c.googleCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.googleCfg.Name),
+		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.googleCfg.Name),
 		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
 		Endpoint:     googleOauth.Endpoint,
 	}
@@ -93,7 +94,7 @@ func (c *googleConfigurer) configure() error {
 			targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 			if err != nil {
 				logrus.Errorf("unable to unescape targetHost: %v", err)
-				proxyUi.WriteUnauthorized(w)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to escape targetHost")), c.cfg.TemplatePath)
 				return
 			}
 			rp.AuthURLHandler(func() string {
@@ -103,7 +104,7 @@ func (c *googleConfigurer) configure() error {
 					TargetHost:      targetHost,
 					RefreshInterval: r.URL.Query().Get("refreshInterval"),
 					RegisteredClaims: jwt.RegisteredClaims{
-						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
+						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
 						IssuedAt:  jwt.NewNumericDate(time.Now()),
 						NotBefore: jwt.NewNumericDate(time.Now()),
 						Issuer:    "zrok",
@@ -126,8 +127,8 @@ func (c *googleConfigurer) configure() error {
 			return signingKey, nil
 		})
 		if err != nil {
-			logrus.Errorf("after intermediate token parse: %v", err.Error())
-			proxyUi.WriteUnauthorized(w)
+			logrus.Errorf("error parsing intermediate token: %v", err.Error())
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error parsing intermediate token")), c.cfg.TemplatePath)
 			return
 		}
 
@@ -136,14 +137,14 @@ func (c *googleConfigurer) configure() error {
 			refreshInterval = v
 		} else {
 			logrus.Errorf("unable to parse authorization check interval: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse authorization check interval")), c.cfg.TemplatePath)
 			return
 		}
 
 		resp, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + url.QueryEscape(tokens.AccessToken))
 		if err != nil {
 			logrus.Errorf("error getting user info from google: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting user info from google")), c.cfg.TemplatePath)
 			return
 		}
 		defer func() {
@@ -152,7 +153,7 @@ func (c *googleConfigurer) configure() error {
 		response, err := io.ReadAll(resp.Body)
 		if err != nil {
 			logrus.Errorf("error reading response body: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error reading google response body")), c.cfg.TemplatePath)
 			return
 		}
 		logrus.Debugf("response from google userinfo endpoint: %s", string(response))
@@ -160,12 +161,12 @@ func (c *googleConfigurer) configure() error {
 		err = json.Unmarshal(response, &data)
 		if err != nil {
 			logrus.Errorf("error unmarshalling google oauth response: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error unmarshalling google oauth response")), c.cfg.TemplatePath)
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			cfg:             c.cfg,
+			oauthCfg:        c.cfg.Oauth,
 			supportsRefresh: false,
 			email:           data.Email,
 			accessToken:     tokens.AccessToken,
@@ -181,7 +182,7 @@ func (c *googleConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.googleCfg.Name), rp.CodeExchangeHandler(login, provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.CookieName)
+		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -201,47 +202,47 @@ func (c *googleConfigurer) configure() error {
 								logrus.Infof("revoked google token for '%v'", claims.Email)
 							} else {
 								logrus.Errorf("access token revocation failed with status: %v", resp.StatusCode)
-								proxyUi.WriteUnauthorized(w)
+								proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
 								return
 							}
 						} else {
 							logrus.Errorf("unable to revoke access token for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to post access token revocation")), c.cfg.TemplatePath)
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.googleCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")), c.cfg.TemplatePath)
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
-			proxyUi.WriteUnauthorized(w)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting cookie")), c.cfg.TemplatePath)
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.CookieName,
+			Name:     c.cfg.Oauth.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.CookieDomain,
+			Domain:   c.cfg.Oauth.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.googleCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.googleCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}
diff --git a/endpoints/publicProxy/providerOidc.go b/endpoints/publicProxy/providerOidc.go
index fb2ec17a..21f53fb2 100644
--- a/endpoints/publicProxy/providerOidc.go
+++ b/endpoints/publicProxy/providerOidc.go
@@ -2,6 +2,7 @@ package publicProxy
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -18,12 +19,12 @@ import (
 )
 
 type oidcConfigurer struct {
-	cfg     *OauthConfig
+	cfg     *Config
 	oidcCfg *oidcConfig
 	tls     bool
 }
 
-func newOidcConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*oidcConfigurer, error) {
+func newOidcConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*oidcConfigurer, error) {
 	c := &oidcConfigurer{cfg: cfg}
 	oidcCfg, err := newOidcConfig(v)
 	if err != nil {
@@ -58,16 +59,16 @@ func (c *oidcConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
-	redirectUrl := fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.oidcCfg.Name)
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
+	redirectUrl := fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.oidcCfg.Name)
 	providerOptions := []rp.Option{
 		rp.WithCookieHandler(cookieHandler),
 		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
@@ -92,7 +93,7 @@ func (c *oidcConfigurer) configure() error {
 		targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 		if err != nil {
 			logrus.Errorf("unable to unescape 'targetHost': %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")), c.cfg.TemplatePath)
 			return
 		}
 		state := func() string {
@@ -102,7 +103,7 @@ func (c *oidcConfigurer) configure() error {
 				TargetHost:      targetHost,
 				RefreshInterval: r.URL.Query().Get("refreshInterval"),
 				RegisteredClaims: jwt.RegisteredClaims{
-					ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
 					IssuedAt:  jwt.NewNumericDate(time.Now()),
 					NotBefore: jwt.NewNumericDate(time.Now()),
 					Issuer:    "zrok",
@@ -134,14 +135,14 @@ func (c *oidcConfigurer) configure() error {
 		targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 		if err != nil {
 			logrus.Errorf("unable to unescape 'targetHost': %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")), c.cfg.TemplatePath)
 			return
 		}
 
-		cookie, err := r.Cookie(c.cfg.CookieName)
+		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
 		if err != nil {
-			logrus.Errorf("unable to get 'zrok-access' cookie: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			logrus.Errorf("unable to get auth session cookie: %v", err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to get auth session cookie")), c.cfg.TemplatePath)
 			return
 		}
 
@@ -150,33 +151,33 @@ func (c *oidcConfigurer) configure() error {
 		})
 		if err != nil {
 			logrus.Errorf("unable to parse jwt: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse jwt")), c.cfg.TemplatePath)
 			return
 		}
 
 		claims := tkn.Claims.(*zrokClaims)
 		if claims.Provider != c.oidcCfg.Name {
-			logrus.Error("token validation failed")
-			proxyUi.WriteUnauthorized(w)
+			logrus.Error("token provider mismatch")
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("token provider mismatch")), c.cfg.TemplatePath)
 			return
 		}
 
 		accessToken, err := decryptToken(claims.AccessToken, encryptionKey)
 		if err != nil {
 			logrus.Errorf("unable to decrypt access token: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
 			return
 		}
 
 		newTokens, err := rp.RefreshTokens[*oidc.IDTokenClaims](context.Background(), provider, accessToken, "", "")
 		if err != nil {
 			logrus.Errorf("unable to refresh tokens: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to refresh tokens")), c.cfg.TemplatePath)
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			cfg:             c.cfg,
+			oauthCfg:        c.cfg.Oauth,
 			supportsRefresh: true,
 			email:           claims.Email,
 			accessToken:     newTokens.AccessToken,
@@ -197,7 +198,7 @@ func (c *oidcConfigurer) configure() error {
 		})
 		if err != nil {
 			logrus.Errorf("unable to parse intermediate JWT: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse intermediate jwt")), c.cfg.TemplatePath)
 			return
 		}
 
@@ -206,12 +207,12 @@ func (c *oidcConfigurer) configure() error {
 			refreshInterval = v
 		} else {
 			logrus.Errorf("unable to parse authorization check interval: %v", err)
-			proxyUi.WriteUnauthorized(w)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(info.Email).WithError(errors.New("unable to parse authorization check interval")), c.cfg.TemplatePath)
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			cfg:             c.cfg,
+			oauthCfg:        c.cfg.Oauth,
 			supportsRefresh: true,
 			email:           info.Email,
 			accessToken:     tokens.AccessToken,
@@ -227,7 +228,7 @@ func (c *oidcConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.oidcCfg.Name), rp.CodeExchangeHandler(rp.UserinfoCallback(login), provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.CookieName)
+		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -241,42 +242,42 @@ func (c *oidcConfigurer) configure() error {
 							logrus.Infof("revoked access token for '%v'", claims.Email)
 						} else {
 							logrus.Errorf("access token revocation failed: %v", err)
-							proxyUi.WriteUnauthorized(w)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.oidcCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider mismatch")), c.cfg.TemplatePath)
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
-			proxyUi.WriteUnauthorized(w)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")), c.cfg.TemplatePath)
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.CookieName,
+			Name:     c.cfg.Oauth.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.CookieDomain,
+			Domain:   c.cfg.Oauth.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.oidcCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.oidcCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}

From facbbc1a5295ac5b633ba1c3160ab02505c96267 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 15:28:16 -0400
Subject: [PATCH 3/9] health check -> template (#1012)

---
 endpoints/proxyUi/embed.go    |   2 +-
 endpoints/proxyUi/health.go   |  22 --
 endpoints/proxyUi/health.html | 400 ----------------------------------
 endpoints/proxyUi/template.go |   4 +
 endpoints/publicProxy/http.go |   2 +-
 5 files changed, 6 insertions(+), 424 deletions(-)
 delete mode 100644 endpoints/proxyUi/health.go
 delete mode 100644 endpoints/proxyUi/health.html

diff --git a/endpoints/proxyUi/embed.go b/endpoints/proxyUi/embed.go
index 78f901d3..e695c223 100644
--- a/endpoints/proxyUi/embed.go
+++ b/endpoints/proxyUi/embed.go
@@ -2,5 +2,5 @@ package proxyUi
 
 import "embed"
 
-//go:embed health.html intersititial.html template.html
+//go:embed intersititial.html template.html
 var FS embed.FS
diff --git a/endpoints/proxyUi/health.go b/endpoints/proxyUi/health.go
deleted file mode 100644
index 69422ca3..00000000
--- a/endpoints/proxyUi/health.go
+++ /dev/null
@@ -1,22 +0,0 @@
-package proxyUi
-
-import (
-	"net/http"
-
-	"github.com/sirupsen/logrus"
-)
-
-func WriteHealthOk(w http.ResponseWriter) {
-	if data, err := FS.ReadFile("health.html"); err == nil {
-		w.WriteHeader(http.StatusOK)
-		n, err := w.Write(data)
-		if n != len(data) {
-			logrus.Errorf("short write")
-			return
-		}
-		if err != nil {
-			logrus.Error(err)
-			return
-		}
-	}
-}
diff --git a/endpoints/proxyUi/health.html b/endpoints/proxyUi/health.html
deleted file mode 100644
index 5a750e53..00000000
--- a/endpoints/proxyUi/health.html
+++ /dev/null
@@ -1,400 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8"/>
-    <meta name="viewport" content="width=device-width, initial-scale=1"/>
-    <meta name="theme-color" content="#000000"/>
-    <meta name="description" content="zrok ui"/>
-    <link rel="preconnect" href="https://fonts.googleapis.com">
-    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Russo+One&display=swap" rel="stylesheet">
-    <title>zrok</title>
-    <style>
-        body {
-            margin: 0;
-            padding: 25;
-            font-family: 'JetBrains Mono', Consolas, 'Courier New', monospace;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-        }
-        h1, h2, h3, h4, h5, h6 {
-            font-family: 'Russo One', sans-serif;
-        }
-        table {
-            table-layout: fixed;
-            width: 100%;
-        }
-        td {
-            vertical-align: top;
-        }
-        td:last-child {
-            width: 80%;
-            overflow: clip;
-        }
-        td:first-child {
-            width: 20%;
-            overflow: auto;
-        }
-        #banner {
-            background-color: #3b2693;
-            text-align: center;
-            padding: 25px;
-            color: white;
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            height: 600px;
-            justify-content: center;
-        }
-        #banner h1 {
-            font-size: 64pt;
-        }
-        #container {
-            display: flex;
-            align-items: center;
-            justify-content: center;
-        }
-        #info {
-            width: 920px;
-            text-align: center;
-        }
-        #info h1 {
-            font-size: 96pt;
-        }
-    </style>
-</head>
-<body>
-<div id="root">
-    <div id="banner">
-        <svg id="ziggy" viewBox="0 0 21.9 37.6" style="width: 200px; height: 343.38px;">
-            <style type="text/css">
-                .st0 {
-                    fill: #FFFFFF;
-                }
-
-                .st1 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FFFFFF;
-                }
-
-                .st2 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #A3A3A3;
-                }
-
-                .st3 {
-                    fill: #00001F;
-                }
-
-                .st4 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #B3B3B3;
-                }
-
-                .st5 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #E6E6E6;
-                }
-
-                .st6 {
-                    fill: #FFFFFF;
-                    stroke: #000000;
-                    stroke-width: 0.3;
-                    stroke-miterlimit: 10;
-                }
-
-                .st7 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #FF0000;
-                }
-
-                .st8 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #00FF00;
-                }
-
-                .st9 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                    fill: #06B806;
-                }
-
-                .st10 {
-                    fill-rule: evenodd;
-                    clip-rule: evenodd;
-                }
-
-                .st11 {
-                    fill: #B3B3B3;
-                }
-
-                .st12 {
-                    opacity: 0.25;
-                }
-
-                .st13 {
-                    fill: #FEFCF9;
-                }
-
-                .st14 {
-                    fill: none;
-                    stroke: #FFFFFF;
-                    stroke-width: 0.4;
-                    stroke-linecap: round;
-                    stroke-linejoin: round;
-                    stroke-miterlimit: 10;
-                }
-            </style>
-            <rect x="5.5" y="14.9" class="st0" width="10.7" height="5.7"/>
-            <polygon class="st0" points="16.9,35.4 17.3,35 17.2,34.5 17.1,34.2 16.2,26.5 6.1,26.6 5.1,34.2 4.9,34.8 5.4,35.2 7.3,35.1
-                        8.4,35.3 9,35.2 9.3,34.8 9.1,34.3 10.8,28.6 11.5,28.6 11.5,29.1 13,34.3 12.9,34.8 13.2,35.2 14,35.6 "/>
-            <g>
-                <g>
-                    <path class="st1" d="M16.4,16.1c0.3,0.1,2.8,0.8,3.4,1.7c0.5,0.9,2,4.8,2,5.8c0,0.1,0,2.6-0.2,3.3c-0.1,0.3-1.7,0.2-2.2,0.1,c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4c-0.2,0.6-2.1,1.6-2.1,1.6"/>
-                    <path class="st2" d="M21.7,26.4c0,0.2,0,0.3-0.1,0.4c-0.1,0.3-1.7,0.2-2.2,0.1c-0.2,0,0.1-1.4,0-2.2c-0.1-1.6-0.5-2.6-0.6-2.4
-                                c-0.2,0.6-1.6,2.1-1.6,2.1l-0.3,0.1c-0.1-0.1,0.1-0.8,0.1-0.9c-0.4-0.8,1.5-2.6,1.7-2.9c0.3-0.3,0.5,0.1,0.5,0.7
-                                c0,0.5,0,0.6,0,0.6c0.9,3.7,0.5,4.5,0.5,4.5s0.2,0.1,0.9,0c0.7,0,0.9-0.2,0.9-0.2L21.7,26.4z"/>
-                    <path class="st3" d="M16.4,24.8c-1.6-2.7,2-0.6,2.2-1.8c0,0,0,0,0,0c0-0.5,0.1-1.1,0.2-1.5c0-0.2,0.1-0.4,0.1-0.4
-                                c0-0.1,0.1-0.1,0.1-0.1s0.1,0.1,0.1,0.1c0,0,0,0.2-0.1,0.4c0,0.2-0.1,0.4-0.1,0.6c0.1,0.1,0.2,0.3,0.2,0.4
-                                c0.1,0.3,0.3,0.9,0.4,1.7c0,0.2,0,0.3,0,0.5c0,0.4,0,0.9,0,1.3c0,0.4,0,0.8,0,0.8c0.3,0.1,0.8,0.1,1.4,0.1c0.3,0,0.6,0,0.6-0.1
-                                c0.2-0.6,0.2-2.7,0.2-3.1c0,0,0-0.1,0-0.1c0-0.4-0.3-1.4-0.6-2.4c-0.5-1.4-1.1-2.8-1.3-3.3c-0.2-0.3-0.6-0.6-1.1-0.8
-                                c-0.9-0.5-2-0.8-2.2-0.8 M16.5,16c0.2,0,1.3,0.4,2.3,0.8c0.5,0.3,1,0.6,1.2,0.9c0.3,0.5,0.9,2,1.4,3.4c0.4,1.1,0.6,2.1,0.6,2.5
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6-0.2,3.2c-0.1,0.2-0.4,0.3-0.8,0.3c-0.5,0-1.2,0-1.5-0.1c-0.2,0-0.2-0.5-0.1-1.1c0-0.4,0.1-0.9,0-1.3
-                                c-0.1-1-0.2-1.7-0.4-2.1c0,0.1-0.8,0-0.8,0.1 M17.4,23.3l0.8-0.3c-0.1,1.2-1.5,2-1.5,2.2"/>
-                    <path class="st1"
-                          d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.4,0.3,0.8,0.8,0.8h0.6c0.4,0,0.8-0.3,0.8-0.8V27z"/>
-                    <path class="st2" d="M21.5,27L21.5,27c-0.5,0.1-1.5,0.1-2,0h-0.1v1.3c0,0.2,0.3,0.4,0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H20
-                                c0.4,0.1,1,0.1,1.6,0V27z"/>
-                    <path class="st3" d="M21.7,26.8V27v1.3c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3h-0.6c-0.2,0-0.5-0.1-0.6-0.3
-                                c-0.2-0.2-0.3-0.4-0.3-0.6V27v-0.2h0.2h0.1h0l0,0c0.3,0,0.7,0.1,1.1,0.1c0.3,0,0.6,0,0.8-0.1l0,0h0h0H21.7z M20.6,27.2
-                                c-0.4,0-0.8,0-1-0.1v1.1c0,0.2,0.1,0.3,0.2,0.4c0.1,0.1,0.3,0.2,0.4,0.2h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C21.2,27.2,20.9,27.2,20.6,27.2L20.6,27.2z"/>
-                </g>
-                <g>
-                    <path class="st1" d="M5.5,16.2c-0.3,0.1-2.8,0.8-3.4,1.7c-0.5,0.9-2,4.8-2,5.8c0,0.1,0,2.6,0.2,3.3C0.4,27.2,2,27.2,2.5,27
-                                c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4C3.3,23,5.2,24,5.2,24"/>
-                    <path class="st2" d="M0.3,26.5c0,0.2,0,0.3,0.1,0.4C0.4,27.2,2,27.2,2.5,27c0.2,0-0.1-1.4,0-2.2c0.1-1.6,0.5-2.6,0.6-2.4
-                                c0.2,0.6,1.6,2.1,1.6,2.1L5,24.7c0.1-0.1-0.1-0.8-0.1-0.9c0.4-0.8-1.5-2.6-1.7-2.9c-0.3-0.3-0.5,0.1-0.5,0.7c0,0.5,0,0.6,0,0.6
-                                c-0.9,3.7-0.5,4.5-0.5,4.5s-0.2,0.1-0.9,0c-0.7,0-0.9-0.2-0.9-0.2L0.3,26.5z"/>
-                    <path class="st3" d="M5.5,16.3c-0.2,0-1.3,0.3-2.2,0.8c-0.5,0.2-0.9,0.5-1.1,0.8c-0.3,0.5-0.9,2-1.3,3.3c-0.4,1-0.6,2-0.6,2.4
-                                c0,0,0,0,0,0.1c0,0.4,0,2.6,0.2,3.1c0,0.1,0.3,0.1,0.6,0.1c0.5,0,1.1,0,1.4-0.1c0,0,0-0.4,0-0.8c0-0.4-0.1-0.9,0-1.3
-                                c0-0.2,0-0.3,0-0.5c0.1-0.8,0.2-1.4,0.4-1.7c0-0.1,0.1-0.3,0.2-0.4c0-0.2-0.1-0.4-0.1-0.6c0-0.2-0.1-0.4-0.1-0.4
-                                C2.8,21.1,2.9,21,3,21c0.1,0,0.1,0.1,0.1,0.1c0,0,0,0.2,0.1,0.4c0.1,0.4,0.1,1,0.2,1.5c0,0,0,0,0,0c0.2,1.3,3.8-0.8,2.2,1.8
-                                 M3.8,22.8c0-0.1-0.8,0-0.8-0.1c-0.1,0.4-0.3,1.1-0.4,2.1c0,0.4,0,0.9,0,1.3c0,0.6,0.1,1-0.1,1.1c-0.3,0.1-1,0.1-1.5,0.1
-                                c-0.4,0-0.8-0.1-0.8-0.3C0,26.4,0,24.2,0,23.8c0,0,0-0.1,0-0.1c0-0.4,0.3-1.4,0.6-2.5c0.5-1.4,1.1-2.9,1.4-3.4
-                                c0.2-0.3,0.6-0.7,1.2-0.9c0.9-0.5,2.1-0.8,2.3-0.8 M5.2,25.3c0-0.2-1.3-1-1.5-2.2l0.8,0.3"/>
-                    <path class="st1" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.4-0.3,0.8-0.8,0.8H1.2c-0.4,0-0.8-0.3-0.8-0.8V27.1z"/>
-                    <path class="st2" d="M0.4,27.1L0.4,27.1c0.5,0.1,1.5,0.1,2,0h0.1v1.3c0,0.2-0.3,0.4-0.4,0.6c0-0.1,0-0.2,0-0.2v-1.2H2
-                                c-0.4,0.1-1,0.1-1.6,0V27.1z"/>
-                    <path class="st3" d="M0.4,26.9L0.4,26.9L0.4,26.9L0.4,26.9C0.6,27,1,27,1.3,27c0.4,0,0.8,0,1.1-0.1l0,0h0h0.1h0.2v0.2v1.3
-                                c0,0.2-0.1,0.5-0.3,0.6c-0.2,0.2-0.4,0.3-0.6,0.3H1.2c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.3v-0.2H0.4z M1.3,27.3
-                                c-0.3,0-0.5,0-0.7,0v1.1c0,0.2,0.1,0.3,0.2,0.4C0.8,28.9,1,29,1.2,29h0.6c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.3,0.2-0.4v-1.1
-                                C2,27.3,1.7,27.3,1.3,27.3L1.3,27.3z"/>
-                </g>
-                <g>
-                    <path class="st2" d="M5.1,34.2h4.1l1.6-5.6c0.1,0,0.4,0,0.5,0l1.7,5.6h4.1l0-0.3c-0.1,0-0.1,0-0.2,0c-0.4,0.1-3.2,0-3.4,0
-                                c-0.2,0-1.6-4.9-1.6-5.1c0-0.2,0.3-0.1,0.6-0.6c0.3-0.5-0.4-0.5-0.4-0.5c-1,0.4-2,0-2,0c-0.9,0.6,0.2,1,0.2,1.1
-                                c0.1,0.1-1.3,5-1.5,5.1c-0.2,0.1-3.4,0-3.4,0s-0.1,0-0.2,0L5.1,34.2z"/>
-                    <path class="st3" d="M16.4,27.9 M6.1,27.3L6.1,27.3L6.1,27.3l-0.9,6.9h3.8l1.5-5.6c-0.4-0.1-0.5-0.3-0.5-0.3
-                                c-0.1-0.1-0.1-0.1,0-0.2c0.1-0.1,0.1-0.1,0.2,0c0,0,0.3,0.3,0.8,0.2c0.6,0,0.8-0.3,0.8-0.3c0.1-0.1,0.1,0,0.2,0
-                                c0.1,0.1,0.1,0.1,0,0.2c0,0-0.2,0.2-0.6,0.3l1.6,5.6h3.8l-0.7-7 M16.4,27.3l0.8,7.1l0,0.2h-0.2H13h-0.1l0-0.1l-1.6-5.7
-                                c-0.1,0-0.1,0-0.2,0c-0.1,0-0.1,0-0.2,0l-1.6,5.7l0,0.1H9.2H5.1H4.9l0-0.2l0.9-7.1"/>
-                    <path class="st4" d="M5.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4H5.4c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C4.9,35,5.1,35.2,5.4,35.2L5.4,35.2z"/>
-                    <path class="st3" d="M5.4,35.1h3.5C9,35.1,9,35,9.1,35c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2C9,34.5,9,34.4,8.9,34.4H5.4
-                                c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C5.2,35,5.3,35.1,5.4,35.1L5.4,35.1z M8.9,35.3H5.4
-                                c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C9.2,35.3,9,35.3,8.9,35.3L8.9,35.3z"/>
-                    <path class="st1" d="M4.8,37.5h4.4v-1.3C9.2,35.5,8.7,35,8,35H6.1c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st3" d="M5,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3H6.1c-0.3,0-0.6,0.1-0.8,0.3
-                                C5.1,35.6,5,35.9,5,36.2V37.4z M9.2,37.6H4.8H4.7v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4H8c0.4,0,0.7,0.2,1,0.4
-                                c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H9.2z"/>
-                    <path class="st4" d="M13.4,35.2h3.5c0.2,0,0.5-0.2,0.5-0.4l0,0c0-0.2-0.2-0.4-0.5-0.4h-3.5c-0.2,0-0.5,0.2-0.5,0.4l0,0
-                                C12.9,35,13.1,35.2,13.4,35.2L13.4,35.2z"/>
-                    <path class="st3" d="M13.4,35.1h3.5c0.1,0,0.2,0,0.2-0.1c0.1-0.1,0.1-0.1,0.1-0.2c0-0.1,0-0.2-0.1-0.2c-0.1-0.1-0.1-0.1-0.2-0.1
-                                h-3.5c-0.1,0-0.2,0-0.2,0.1c-0.1,0.1-0.1,0.1-0.1,0.2c0,0.1,0,0.2,0.1,0.2C13.2,35,13.3,35.1,13.4,35.1L13.4,35.1z M16.9,35.3
-                                h-3.5c-0.2,0-0.3-0.1-0.4-0.2c-0.1-0.1-0.2-0.3-0.2-0.4c0-0.2,0.1-0.3,0.2-0.4c0.1-0.1,0.3-0.2,0.4-0.2h3.5c0.2,0,0.3,0.1,0.4,0.2
-                                c0.1,0.1,0.2,0.3,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4C17.2,35.3,17,35.3,16.9,35.3L16.9,35.3z"/>
-                    <path class="st1" d="M13,37.5h4.4v-1.3c0-0.7-0.6-1.3-1.3-1.3h-1.8c-0.7,0-1.3,0.6-1.3,1.3V37.5z"/>
-                    <path class="st4" d="M17.4,37.5H13v-1.3c0-0.3,0.1-0.7,0.4-0.9c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.3h3.8V37.5z"/>
-                    <path class="st3" d="M13.1,37.4h4.1v-1.1c0-0.3-0.1-0.6-0.3-0.8c-0.2-0.2-0.5-0.3-0.8-0.3h-1.8c-0.3,0-0.6,0.1-0.8,0.3
-                                c-0.2,0.2-0.3,0.5-0.3,0.8V37.4z M17.4,37.6H13h-0.1v-0.1v-1.3c0-0.4,0.2-0.7,0.4-1c0.3-0.3,0.6-0.4,1-0.4h1.8
-                                c0.4,0,0.7,0.2,1,0.4c0.3,0.3,0.4,0.6,0.4,1v1.3v0.1H17.4z"/>
-                    <path class="st4" d="M9.1,37.4H5v-1.2c0-0.3,0.1-0.6,0.4-0.8c0.1,0,0.2,0,0.2,0c0,0,0,0.2,0,0.4v1.2h3.6V37.4z"/>
-                </g>
-                <path class="st5" d="M2.5,15.4C2.3,15.1,2,15,2.1,13.6c0.1-0.9-0.1-2.4,1-2.1l0,5.5l-1.6,2.1c0,0-0.2-2.7,0-3.2
-                            C1.8,15.4,2.3,15.4,2.5,15.4L2.5,15.4z"/>
-                <path class="st4" d="M3.1,16.7l0,0.4l-1.6,2c0,0-0.1-1-0.1-1.9c0.3-0.3,0.7-0.5,1.1-0.7c0-0.1,0-0.2,0-0.4v-4.7
-                            c0.1-0.1,0.3-0.1,0.5,0L3.1,16.7L3.1,16.7z"/>
-                <path class="st3" d="M2.7,15.3c0-0.1-0.1-0.1-0.1-0.1c-0.2-0.2-0.3-0.4-0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8,0.1-1.1
-                            c0.1-0.2,0.2-0.4,0.5-0.4l0,5.3l-1.2,1.6c0-0.8-0.1-2.2,0-2.6c0.1-0.2,0.2-0.3,0.3-0.3c0.1,0,0.3,0,0.4,0l0.4,0L2.7,15.3z
-                            M1.9,13.6c0,1,0.1,1.4,0.2,1.6c-0.1,0-0.1,0-0.2,0c-0.2,0.1-0.4,0.2-0.6,0.6c-0.2,0.5,0,3.3,0,3.3l0,0.5l0.3-0.4l1.6-2.1l0-0.1V17
-                            l0-5.5l0-0.1l-0.1,0c-0.7-0.2-1,0.1-1.1,0.6c-0.1,0.3-0.1,0.8-0.1,1.2C1.9,13.3,1.9,13.4,1.9,13.6L1.9,13.6z"/>
-                <path class="st5" d="M6.1,10.5h-2c-0.6,0-1,0.5-1,1v5.3c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-5.3C7.2,11,6.7,10.5,6.1,10.5L6.1,10.5
-                            z"/>
-                <path class="st4" d="M3.1,16.5v0.7c0,0.6,0.5,1,1,1h2c0.6,0,1-0.5,1-1v-0.2c0,0,0,0,0.1,0v-5.2c0-0.6-0.5-1-1-1h-2
-                            c-0.6,0-1,0.5-1,1v1.8c0.5,0.8,1.1,1.4,1.8,2C4.4,15.9,3.7,16.2,3.1,16.5L3.1,16.5z"/>
-                <path class="st3" d="M6.2,10.3h-2c-0.3,0-0.7,0.1-0.9,0.4C3.1,10.9,3,11.2,3,11.5v5.3c0,0.3,0.1,0.6,0.4,0.9
-                            C3.5,17.9,3.9,18,4.2,18h2c0.3,0,0.7-0.1,0.9-0.4c0.2-0.2,0.4-0.5,0.4-0.9v-5.3c0-0.3-0.1-0.6-0.4-0.9C6.8,10.5,6.5,10.3,6.2,10.3
-                            L6.2,10.3z M4.2,10.7h2c0.2,0,0.4,0.1,0.6,0.2C6.9,11.1,7,11.3,7,11.5v5.3c0,0.2-0.1,0.4-0.2,0.6c-0.2,0.1-0.4,0.2-0.6,0.2h-2
-                            c-0.2,0-0.4-0.1-0.6-0.2c-0.2-0.1-0.2-0.4-0.2-0.6v-5.3c0-0.2,0.1-0.4,0.2-0.6C3.7,10.8,4,10.7,4.2,10.7L4.2,10.7z"/>
-                <path class="st5" d="M19.4,15.4c0.2-0.3,0.5-0.4,0.4-1.8c-0.1-0.9,0.1-2.4-1-2.1l0,5.5l1.6,2.1c0,0,0.2-2.7,0-3.2
-                            C20.2,15.4,19.7,15.4,19.4,15.4L19.4,15.4z"/>
-                <path class="st4" d="M18.8,16.9l0,0.4l1.6,2c0,0,0.1-1,0.1-1.9c-0.3-0.3-0.7-0.5-1.1-0.7c0-0.1,0-0.2,0-0.4v-4.8
-                            c-0.1-0.1-0.3-0.1-0.5,0L18.8,16.9L18.8,16.9z"/>
-                <path class="st3" d="M19.3,15.3c0-0.1,0.1-0.1,0.1-0.1c0.2-0.2,0.3-0.4,0.3-1.5l0,0c0-0.1,0-0.3,0-0.5c0-0.4,0-0.8-0.1-1.1
-                            c-0.1-0.2-0.2-0.4-0.5-0.4l0,5.3l1.2,1.6c0-0.8,0.1-2.2,0-2.6c-0.1-0.2-0.2-0.3-0.3-0.3c-0.1,0-0.3,0-0.4,0l-0.4,0L19.3,15.3z
-                            M20,13.6c0,1-0.1,1.4-0.2,1.6c0.1,0,0.1,0,0.2,0c0.2,0.1,0.4,0.2,0.6,0.6c0.2,0.5,0,3.3,0,3.3l0,0.5l-0.3-0.4l-1.6-2.1l0-0.1
-                            l0-0.1l0-5.5l0-0.1l0.1,0c0.7-0.2,1,0.1,1.1,0.6c0.1,0.3,0.1,0.8,0.1,1.2C20,13.3,20,13.4,20,13.6L20,13.6z"/>
-                <path class="st5" d="M15.8,10.5h2c0.6,0,1,0.5,1,1v5.3c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-5.3C14.8,11,15.2,10.5,15.8,10.5
-                            L15.8,10.5z"/>
-                <path class="st4" d="M18.8,16.5v0.7c0,0.6-0.5,1-1,1h-2c-0.6,0-1-0.5-1-1v-2c0.6,0,1,0,1,0C15.9,15.3,17.4,15.8,18.8,16.5
-                            L18.8,16.5z"/>
-                <path class="st3" d="M15.8,10.3h2c0.3,0,0.7,0.1,0.9,0.4c0.2,0.2,0.4,0.5,0.4,0.9v5.3c0,0.3-0.1,0.6-0.4,0.9
-                            c-0.2,0.2-0.5,0.4-0.9,0.4h-2c-0.3,0-0.7-0.1-0.9-0.4c-0.2-0.2-0.4-0.5-0.4-0.9v-5.3c0-0.3,0.1-0.6,0.4-0.9
-                            C15.1,10.5,15.4,10.3,15.8,10.3L15.8,10.3z M17.7,10.7h-2c-0.2,0-0.4,0.1-0.6,0.2c-0.2,0.1-0.2,0.4-0.2,0.6v5.3
-                            c0,0.2,0.1,0.4,0.2,0.6c0.2,0.1,0.4,0.2,0.6,0.2h2c0.2,0,0.4-0.1,0.6-0.2c0.2-0.1,0.2-0.4,0.2-0.6v-5.3c0-0.2-0.1-0.4-0.2-0.6
-                            C18.2,10.8,18,10.7,17.7,10.7L17.7,10.7z"/>
-                <g>
-                    <ellipse transform="matrix(0.9999 -1.050124e-02 1.050124e-02 0.9999 -0.2761 0.1189)" class="st6" cx="11.2"
-                             cy="26.4" rx="6.3" ry="2.7"/>
-                </g>
-                <path class="st2" d="M14.4,16.6c-0.3-0.1-0.6-0.2-0.6-0.2c-0.2,0-5.4,0-5.7,0c-0.1,0-0.5,0.1-1.1,0.3C9.2,18,12.2,18,14.4,16.6
-                            L14.4,16.6z"/>
-                <path class="st6" d="M3.2,18.6l0.1,6.1c0,1.8,3.6,3.3,7.9,3.2s7.7-1.6,7.8-3.4c0-0.2,0-2.9,0-6.4l-0.1-1.3c0,1.8-3.3,0.9-7.6,0.9
-                            s-8.1,0.9-8.1-0.9L3.2,18.6z"/>
-                <g>
-                    <g>
-                        <path class="st2" d="M15.7,16c-0.7-0.3-1.2-0.5-1.3-0.5c-0.9,1.3-0.7,7.7-0.8,7.9c-0.2,0.2-0.2,0.7-0.1,1.3
-                                    c0.1,0.6,1.5,1.1,1.8,0c0.4-1.1-0.4-1.4-0.4-1.4C14.6,20.8,15.3,16.8,15.7,16L15.7,16z"/>
-                        <path class="st2" d="M7.5,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.5,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.4,8.5,16.8,7.5,15.6L7.5,15.6z"/>
-                        <path class="st2" d="M7.6,15.6c-0.3,0.1-0.8,0.2-1.3,0.5c0.4,0.6,1.1,4.8,0.9,7.3c0,0-0.7,0.3-0.4,1.4c0.4,1.1,1.7,0.6,1.8,0
-                                    c0.1-0.6,0-1.1-0.1-1.3C8.2,23.3,8.5,16.8,7.6,15.6L7.6,15.6z"/>
-                        <path class="st2" d="M9.4,23.6h3.2c0.5,0,0.8,0.4,0.8,0.9v1.4c0,0.5-0.4,0.9-0.8,0.9H9.4c-0.5,0-0.8-0.4-0.8-0.9v-1.4
-                                    C8.5,24,8.9,23.6,9.4,23.6L9.4,23.6z"/>
-                        <path class="st1" d="M9.6,23.9h2.7c0.4,0,0.7,0.3,0.7,0.7v1.1c0,0.4-0.3,0.7-0.7,0.7H9.6c-0.4,0-0.7-0.3-0.7-0.7v-1.1
-                                    C8.9,24.3,9.2,23.9,9.6,23.9L9.6,23.9z"/>
-                        <path class="st2" d="M11.5,23.9h0.3c0.5,0.1,0.9,0.5,0.9,1c0,0.6-0.5,1-1,1c-0.6,0-1-0.5-1-1C10.6,24.4,11,24,11.5,23.9
-                                    L11.5,23.9z"/>
-                        <path class="st2" d="M10,24.2c0.4,0,0.8,0.3,0.8,0.8c0,0.4-0.3,0.8-0.8,0.8c-0.4,0-0.8-0.3-0.8-0.8C9.2,24.6,9.5,24.2,10,24.2
-                                    L10,24.2z"/>
-                        <path class="st7" d="M11.6,24.3c0.4,0,0.7,0.3,0.7,0.7c0,0.4-0.3,0.7-0.7,0.7c-0.4,0-0.7-0.3-0.7-0.7
-                                    C10.9,24.6,11.2,24.3,11.6,24.3L11.6,24.3z"/>
-                        <path class="st3" d="M11.6,24.1c0.2,0,0.4,0.1,0.6,0.2c0.1,0.1,0.2,0.4,0.2,0.6c0,0.2-0.1,0.4-0.2,0.6c-0.1,0.1-0.4,0.2-0.6,0.2
-                                    c-0.2,0-0.4-0.1-0.6-0.2c-0.1-0.1-0.2-0.4-0.2-0.6c0-0.2,0.1-0.4,0.2-0.6C11.1,24.2,11.3,24.1,11.6,24.1L11.6,24.1z M11.9,24.6
-                                    c-0.1-0.1-0.2-0.2-0.4-0.2c-0.1,0-0.3,0.1-0.4,0.2c-0.1,0.1-0.2,0.2-0.2,0.4c0,0.1,0.1,0.3,0.2,0.4c0.1,0.1,0.2,0.2,0.4,0.2
-                                    c0.1,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4C12.1,24.8,12,24.7,11.9,24.6L11.9,24.6z"/>
-                        <path class="st8" d="M10,24.6c0.2,0,0.4,0.2,0.4,0.4c0,0.2-0.2,0.4-0.4,0.4c-0.2,0-0.4-0.2-0.4-0.4C9.5,24.7,9.7,24.6,10,24.6
-                                    L10,24.6z"/>
-                        <path class="st9" d="M10.3,24.7c0.1,0.1,0.1,0.2,0.1,0.3c0,0.2-0.2,0.4-0.4,0.4c-0.2-0.1-0.3-0.2-0.2-0.2
-                                    C10,25.2,10.2,25,10.3,24.7C10.2,24.8,10.2,24.7,10.3,24.7L10.3,24.7z"/>
-                        <path class="st3" d="M10,24.4c0.2,0,0.3,0.1,0.4,0.2c0.1,0.1,0.2,0.2,0.2,0.4c0,0.2-0.1,0.3-0.2,0.4c-0.1,0.1-0.2,0.2-0.4,0.2
-                                    c-0.2,0-0.3-0.1-0.4-0.2S9.4,25.1,9.4,25c0-0.2,0.1-0.3,0.2-0.4C9.7,24.5,9.8,24.4,10,24.4L10,24.4z M10.2,24.8
-                                    c0,0-0.1-0.1-0.2-0.1c-0.1,0-0.1,0-0.2,0.1c0,0-0.1,0.1-0.1,0.2c0,0.1,0,0.1,0.1,0.2c0,0,0.1,0.1,0.2,0.1c0.1,0,0.1,0,0.2-0.1
-                                    c0,0,0.1-0.1,0.1-0.2C10.2,24.9,10.2,24.8,10.2,24.8L10.2,24.8z"/>
-                        <path class="st3" d="M9.6,23.8h2.7c0.2,0,0.5,0.1,0.6,0.3c0.2,0.2,0.3,0.4,0.3,0.6v1.1c0,0.2-0.1,0.5-0.3,0.6
-                                    c-0.2,0.2-0.4,0.3-0.6,0.3H9.6c-0.2,0-0.5-0.1-0.6-0.3c-0.2-0.2-0.3-0.4-0.3-0.6v-1.1c0-0.2,0.1-0.5,0.3-0.6
-                                    C9.1,23.9,9.4,23.8,9.6,23.8L9.6,23.8z M12.3,24.1H9.6c-0.2,0-0.3,0.1-0.4,0.2C9.1,24.4,9,24.5,9,24.7v1.1c0,0.2,0.1,0.3,0.2,0.4
-                                    c0.1,0.1,0.2,0.2,0.4,0.2h2.7c0.2,0,0.3-0.1,0.4-0.2c0.1-0.1,0.2-0.2,0.2-0.4v-1.1c0-0.2-0.1-0.3-0.2-0.4
-                                    C12.7,24.2,12.5,24.1,12.3,24.1L12.3,24.1z"/>
-                        <path class="st3" d="M7.5,23.6h0.1C8,20.3,7.3,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.5,23.6L7.5,23.6z
-                                    M7.9,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.3
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6L6.4,16l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.4,15.8,8.3,19.8,7.9,23.7L7.9,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24.1,7.9,24,7.8,23.9C7.8,24,7.8,24,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M7.6,23.6h0.1C8,20.2,7.4,16.8,7.2,16l-0.3,0.1c0.6,1.5,0.8,4.3,0.8,6C7.6,22.6,7.6,23.2,7.6,23.6L7.6,23.6z
-                                    M8,23.7c0,0,0.1,0,0.1,0.1c0.1,0.1,0.1,0.2,0.1,0.3v0.4c0,0.1-0.1,0.2-0.1,0.3c-0.1,0.1-0.2,0.1-0.3,0.1H7.4
-                                    c-0.1,0-0.2-0.1-0.3-0.1c-0.1-0.1-0.1-0.2-0.1-0.3v-0.4c0-0.1,0.1-0.2,0.1-0.3c0.1-0.1,0.1-0.1,0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8-0.1-4.6-0.8-6l-0.1-0.1l0.2-0.1l0.6-0.2l0.2-0.1l0,0.2C7.5,15.8,8.4,19.8,8,23.7L8,23.7z M7.8,23.9
-                                    L7.8,23.9l-0.4,0c0,0-0.1,0-0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0,0.1,0,0.1,0h0.4c0,0,0.1,0,0.1,0c0,0,0-0.1,0-0.1
-                                    v-0.4C7.9,24,7.9,24,7.8,23.9C7.9,23.9,7.8,23.9,7.8,23.9L7.8,23.9z"/>
-                        <path class="st3" d="M14.4,23.5h-0.1c-0.3-3.4,0.3-6.8,0.5-7.6L15,16c-0.6,1.5-0.8,4.3-0.8,6C14.3,22.4,14.3,23,14.4,23.5
-                                    L14.4,23.5z M13.9,23.5c0,0-0.1,0-0.1,0.1c-0.1,0.1-0.1,0.2-0.1,0.3v0.4c0,0.1,0.1,0.2,0.1,0.3c0.1,0.1,0.2,0.1,0.3,0.1h0.4
-                                    c0.1,0,0.2-0.1,0.3-0.1c0.1-0.1,0.1-0.2,0.1-0.3v-0.4c0-0.1-0.1-0.2-0.1-0.3c-0.1-0.1-0.1-0.1-0.2-0.1c0-0.1,0-0.1,0-0.3
-                                    c0-0.3,0-0.7,0-1.1c0-1.8,0.1-4.6,0.8-6l0.1-0.1l-0.2-0.1l-0.6-0.2l-0.2-0.1l0,0.2C14.5,15.6,13.5,19.7,13.9,23.5L13.9,23.5z
-                                    M14.1,23.8L14.1,23.8l0.4,0c0,0,0.1,0,0.1,0c0,0,0,0.1,0,0.1v0.4c0,0,0,0.1,0,0.1c0,0-0.1,0-0.1,0h-0.4c0,0-0.1,0-0.1,0
-                                    c0,0,0-0.1,0-0.1v-0.4C14,23.9,14,23.8,14.1,23.8C14.1,23.8,14.1,23.8,14.1,23.8L14.1,23.8z"/>
-                    </g>
-                </g>
-                <path class="st4" d="M15.5,10.6h2c0.6,0,1,0.5,1,1v1.8c-0.6,0.9-1.3,1.7-2.2,2.4c-0.6,0.4,0,0-0.6,0.2l-0.3-4.3
-                            C15.4,11.2,15,10.6,15.5,10.6L15.5,10.6z"/>
-                <path class="st10" d="M5.4,2.1c3.7-2.8,9.1-2.1,12,1.5c2.9,3.6,2.2,8.9-1.6,11.7c-3.7,2.8-9.1,2.1-12-1.5C1,10.2,1.7,4.9,5.4,2.1
-                            L5.4,2.1z"/>
-                <path class="st1" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-1,0c-0.6,0-1,0.5-1,1l0,1.4C0.3,10.2,0.8,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st1" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l1,0c0.6,0,1,0.5,1,1l0,1.4C20.9,10.1,20.4,10.6,19.9,10.5
-                            L19.9,10.5z"/>
-                <path d="M5.3,2c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c1.5,1.9,2,4.2,1.7,6.3c-0.3,2.2-1.4,4.2-3.4,5.7
-                            c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3c-1.5-1.9-2-4.2-1.7-6.3C2.2,5.5,3.3,3.4,5.3,2L5.3,2z M11.7,0.7
-                            C9.6,0.5,7.4,1,5.6,2.3C3.7,3.7,2.7,5.6,2.4,7.7c-0.3,2.1,0.3,4.2,1.7,6c1.4,1.8,3.4,2.8,5.5,3.1c2.1,0.3,4.3-0.2,6.1-1.6
-                            c1.8-1.4,2.9-3.3,3.2-5.4c0.3-2.1-0.3-4.2-1.7-6C15.8,2,13.8,1,11.7,0.7L11.7,0.7z"/>
-                <path class="st2" d="M1.3,10.6l0.9,0C2,9.4,2,8.3,2.3,7.2l0,0l-0.8,0C1.4,8.1,1.2,8.9,1.3,9.9l-0.9,0c0,0-0.1,0-0.1,0.1
-                            C0.5,10.3,0.9,10.6,1.3,10.6L1.3,10.6z"/>
-                <path class="st2" d="M19.9,10.5l-0.9,0c0.2-1.1,0.2-2.3,0-3.4l0,0l0.8,0C19.8,8,20,8.9,19.8,9.9l0.9,0c0,0,0.1,0,0.1,0.1
-                            C20.7,10.3,20.3,10.5,19.9,10.5L19.9,10.5z"/>
-                <path class="st3" d="M1.3,10.8l0.9,0l0.3,0l-0.1-0.3C2.3,10,2.3,9.4,2.3,8.9c0-0.5,0.1-1.1,0.2-1.6l0,0l0,0l0,0l0-0.2l-0.2,0l-1,0
-                            l0,0C0.9,7,0.6,7.1,0.3,7.3C0.1,7.6,0,7.9,0,8.2v0l0,1.4c0,0.3,0.2,0.6,0.4,0.9C0.7,10.7,1,10.8,1.3,10.8L1.3,10.8z M1.9,10.3
-                            l-0.6,0c-0.2,0-0.4-0.1-0.6-0.2C0.6,10,0.5,9.8,0.5,9.6l0-1.4l0,0c0-0.2,0.1-0.4,0.2-0.5C0.8,7.5,1,7.4,1.2,7.4h0l0.7,0
-                            c-0.1,0.5-0.1,1-0.2,1.5C1.8,9.4,1.9,9.8,1.9,10.3L1.9,10.3z"/>
-                <path class="st3" d="M19.9,10.8l-0.9,0l-0.3,0l0.1-0.3c0.1-0.5,0.2-1.1,0.1-1.6c0-0.5-0.1-1.1-0.2-1.6l0,0l0,0l0,0l0-0.2l0.2,0l1,0
-                            h0c0.3,0,0.7,0.2,0.9,0.4c0.2,0.2,0.4,0.5,0.3,0.9v0l0,1.4c0,0.3-0.2,0.6-0.4,0.9C20.5,10.6,20.2,10.8,19.9,10.8L19.9,10.8z
-                            M19.3,10.3l0.6,0c0.2,0,0.4-0.1,0.6-0.2c0.1-0.1,0.2-0.3,0.2-0.5l0-1.4l0,0c0-0.2-0.1-0.4-0.2-0.5c-0.1-0.1-0.3-0.2-0.5-0.2l0,0
-                            l-0.7,0c0.1,0.5,0.1,1,0.2,1.5C19.4,9.3,19.3,9.8,19.3,10.3L19.3,10.3z"/>
-                <path class="st1" d="M19.1,9.8c-0.3,2.1-1.4,4.2-3.3,5.6c-3.7,2.8-9.1,2.1-12-1.5c-0.6-0.8-1.1-1.7-1.4-2.6
-                            C5.7,16.6,14.9,18.9,19.1,9.8L19.1,9.8z"/>
-                <path class="st3" d="M19.4,9.8c-0.1,1.1-0.5,2.2-1.1,3.2c-0.6,1-1.3,1.8-2.3,2.5c-1.9,1.4-4.3,2-6.5,1.7c-2.2-0.3-4.4-1.4-5.8-3.3
-                            c-0.3-0.4-0.6-0.8-0.8-1.3c-0.2-0.5-0.4-0.9-0.6-1.4L1.9,9.8l0.7,1.3c1,1.7,2.6,3.1,4.5,3.9c1.2,0.5,2.4,0.8,3.7,0.8
-                            c1.3,0,2.5-0.3,3.7-1c1.7-0.9,3.2-2.6,4.3-5.1l0.5-1.4L19.4,9.8z M17.8,12.8c0.2-0.4,0.4-0.8,0.6-1.2c-1,1.7-2.3,2.8-3.6,3.6
-                            c-1.3,0.7-2.6,1-4,1.1c-1.3,0-2.7-0.3-3.9-0.8c-1.2-0.5-2.4-1.3-3.3-2.3c0.1,0.2,0.3,0.4,0.4,0.6c1.4,1.8,3.4,2.8,5.5,3.1
-                            c2.1,0.3,4.3-0.2,6.1-1.6C16.6,14.5,17.3,13.7,17.8,12.8L17.8,12.8z"/>
-                <path class="st1" d="M5.4,2c3.7-2.8,9.1-2.1,12,1.5c1.4,1.8,2,4,1.7,6.1c-0.8-3.3-2.3-5.1-4.3-6.1c-3.1-1.6-6.3-1.8-9.6,1
-                            c-2.4,2-2.7,4.5-2.8,6.6C1.4,7.8,2.5,4.1,5.4,2L5.4,2z"/>
-                <path class="st3" d="M5.3,1.8c1.9-1.4,4.3-2,6.5-1.7c2.2,0.3,4.4,1.4,5.8,3.3c0.7,0.9,1.2,1.9,1.5,3c0.3,1.1,0.4,2.2,0.2,3.3
-                            l-0.2,1.3l-0.3-1.3c-0.4-1.6-0.9-2.9-1.6-3.9c-0.7-1-1.6-1.6-2.5-2.1c-1.5-0.8-3-1.2-4.6-1.1C8.6,2.6,7,3.2,5.4,4.6
-                            c-1.2,1-1.8,2.1-2.2,3.2C2.9,8.9,2.8,10,2.7,11l-0.1,1.2l-0.4-1.2c-0.5-1.7-0.5-3.5,0-5.1C2.8,4.3,3.8,2.9,5.3,1.8L5.3,1.8z
-                            M11.7,0.5C9.6,0.3,7.4,0.8,5.6,2.1c-1.4,1-2.4,2.4-2.9,3.9C2.3,7.2,2.2,8.3,2.4,9.5c0.1-0.6,0.2-1.2,0.4-1.9
-                            c0.4-1.2,1.1-2.3,2.3-3.4c1.7-1.4,3.3-2.1,5-2.2c1.6-0.1,3.3,0.4,4.8,1.2c1,0.5,1.9,1.3,2.7,2.3C18.1,6.2,18.6,7,18.9,8
-                            c0-0.5-0.1-1.1-0.3-1.6c-0.3-1-0.8-1.9-1.4-2.8C15.8,1.9,13.8,0.8,11.7,0.5L11.7,0.5z"/>
-                <path class="st5" d="M19.2,8.8c0,0.2,0,0.5-0.1,0.7c-0.8-3.3-2.3-5.1-4.3-6.1C11.7,1.8,7.4,1.9,4.7,4.6C3.9,5.4,2.5,7.2,2.4,9.7
-                            C2,7.2,3,4.9,5.4,3c3.7-2.8,9.1-2.1,12,1.5C18.5,5.8,19,7.3,19.2,8.8L19.2,8.8z"/>
-                <path class="st3" d="M19.4,8.8c0,0.1,0,0.3,0,0.4c0,0.1,0,0.2,0,0.4l-0.1,1.1l-0.2-1.1C18.5,8,18,6.7,17.3,5.7
-                            c-0.7-1-1.6-1.6-2.5-2.1c-1.6-0.8-3.5-1.2-5.3-1C7.7,2.8,6.1,3.5,4.9,4.7C4.4,5.2,3.7,6,3.2,7.1C2.9,7.8,2.6,8.7,2.6,9.7l-0.1,2.1
-                            l-0.3-2C2,8.4,2.1,7.2,2.7,6c0.5-1.1,1.4-2.2,2.6-3.1l0,0l0,0c1.9-1.4,4.2-2,6.5-1.7c2.2,0.3,4.3,1.4,5.8,3.2l0,0l0,0
-                            c0.5,0.6,0.9,1.3,1.2,2.1C19.1,7.3,19.3,8,19.4,8.8L19.4,8.8L19.4,8.8z M17.6,5.5c0.5,0.7,0.9,1.4,1.2,2.4
-                            c-0.1-0.4-0.2-0.8-0.4-1.2c-0.3-0.7-0.7-1.4-1.2-2l0,0c-1.4-1.8-3.4-2.8-5.5-3.1C9.6,1.3,7.4,1.8,5.6,3.2l0,0c-1.2,0.9-2,1.9-2.5,3
-                            c-0.2,0.5-0.4,1-0.5,1.5c0.1-0.2,0.2-0.5,0.3-0.7c0.5-1.1,1.3-2,1.8-2.5c1.3-1.3,3-2,4.8-2.2c1.9-0.2,3.9,0.2,5.5,1
-                            C16,3.8,16.9,4.5,17.6,5.5L17.6,5.5z"/>
-                <path class="st5" d="M3.8,8.2c0,0,1.4-4.1,6.2-4.5c0.5-0.1,1.1,1.3,0.4,1.4c-0.7,0.2-3.6,0.6-5.4,4C4.7,9.4,3.5,8.9,3.8,8.2
-                            L3.8,8.2z"/>
-                <path class="st5" d="M12.4,5.1c0.4,0,0.7-0.3,0.7-0.7c0-0.4-0.3-0.7-0.7-0.7c-0.4,0-0.7,0.3-0.7,0.7C11.7,4.8,12,5.1,12.4,5.1
-                            L12.4,5.1z"/>
-                <path class="st11" d="M10.9,18.4l-1.5,2.3l0.9,0.6l0.1-0.2l0.5,2.2l1.5-2.3l-0.8-0.5l-0.1,0.2L10.9,18.4z M11.6,20.7l0.4,0.2
-                            l-1,1.5l-0.5-2.2l-0.4,0.6l-0.4-0.2l1-1.5l0.4,2.1L11.6,20.7z"/>
-                <g class="st12">
-                    <circle class="st13" cx="14.1" cy="8.9" r="1.8"/>
-                    <circle cx="14.4" cy="8.7" r="0.7"/>
-                    <circle class="st13" cx="7.1" cy="8.9" r="1.8"/>
-                    <path id="XMLID_00000028285902548687721290000002641907447975500945_" class="st14" d="M10.8,14.1c-1.6,0-2.7-0.7-3.3-1.1
-                                c-0.1-0.1-0.1-0.2,0-0.3c0.1-0.1,0.2-0.1,0.3,0c0.5,0.4,1.7,1.1,3.3,1c1.4,0,2.4-0.7,2.9-1c0.1-0.1,0.2,0,0.3,0
-                                c0.1,0.1,0,0.2,0,0.3c-0.5,0.4-1.6,1-3.1,1.1C10.9,14.1,10.9,14.1,10.8,14.1z"/>
-                    <circle cx="7.6" cy="8.6" r="0.7"/>
-                </g>
-            </g>
-        </svg>
-        <h1>zrok</h1>
-    </div>
-    <div id="container">
-        <div id="info">
-            <h1>zrok frontend health: ok</h1>
-        </div>
-    </div>
-</div>
-</body>
-</html>
diff --git a/endpoints/proxyUi/template.go b/endpoints/proxyUi/template.go
index 32f0d0c5..3572b77c 100644
--- a/endpoints/proxyUi/template.go
+++ b/endpoints/proxyUi/template.go
@@ -14,6 +14,10 @@ var externalTemplate []byte
 
 type VariableData map[string]interface{}
 
+func WriteHealthOk(w http.ResponseWriter, templatePath string) {
+	WriteTemplate(w, http.StatusOK, RequiredData("healthy", "healthy"), templatePath)
+}
+
 func WriteBadGateway(w http.ResponseWriter, variableData VariableData, templatePath string) {
 	WriteTemplate(w, http.StatusBadGateway, variableData, templatePath)
 }
diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go
index 5f4ef908..18d8ef70 100644
--- a/endpoints/publicProxy/http.go
+++ b/endpoints/publicProxy/http.go
@@ -157,7 +157,7 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		shrToken := resolveService(cfg.HostMatch, r.Host)
 		if shrToken == "" {
 			logrus.Debugf("host '%v' did not match host match, returning health check", r.Host)
-			proxyUi.WriteHealthOk(w)
+			proxyUi.WriteHealthOk(w, cfg.TemplatePath)
 			return
 		}
 

From bdb8d1882c51fe60c0e3579d6c04f755686e5e25 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 15:31:08 -0400
Subject: [PATCH 4/9] changelog (#1012)

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4fe71af2..a5a3319f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 FEATURE: Rewritten and improved `publicProxy` package (`zrok access public`), with support for extensible OAuth-compliant identity providers. The `publicProxy` configuration now supports any number of configured OAuth-compliant providers (rather than just a single `google` provider and/or a single `github` provider). Also includes a new OIDC-compliant generic IDP provider integration. Improvements to authentication flows and security all around. See the updated guide on using OAuth-based identity providers with the zrok public frontend (https://github.com/openziti/zrok/issues/968)
 
+FEATURE: Templatized and improved static pages (not found/404, unauthorized/401, health check, etc.) used by the public frontend. Consolidated variable data using golang `text/template` so that static `proxyUi` package can display additional error information and provide extension points for replacing all of the templated content with external files (https://github.com/openziti/zrok/issues/1012)
+
 FIX: Invoking `/agent/*` endpoints to remotely manage agents with remoting was causing a new API session to be allocated in the ziti controller for each request. A slightly different strategy was employed for embedding the ziti SDK into the zrok controller that should mitigate this (https://github.com/openziti/zrok/issues/1023)
 
 ## v1.0.8

From 8f93bee33da5bb07066674e0ad074895d4d4bb74 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 15:59:06 -0400
Subject: [PATCH 5/9] stop passing the template path around; silly (#1012)

---
 endpoints/proxy/frontend.go             |  8 ++-
 endpoints/proxyUi/template.go           | 68 ++++++++++++-------------
 endpoints/publicProxy/authOAuth.go      |  4 +-
 endpoints/publicProxy/config.go         |  8 +--
 endpoints/publicProxy/cookies.go        |  7 ++-
 endpoints/publicProxy/http.go           | 17 ++++---
 endpoints/publicProxy/providerGithub.go | 54 ++++++++++----------
 endpoints/publicProxy/providerGoogle.go | 50 +++++++++---------
 endpoints/publicProxy/providerOidc.go   | 58 ++++++++++-----------
 9 files changed, 138 insertions(+), 136 deletions(-)

diff --git a/endpoints/proxy/frontend.go b/endpoints/proxy/frontend.go
index 7992194e..1d671625 100644
--- a/endpoints/proxy/frontend.go
+++ b/endpoints/proxy/frontend.go
@@ -25,7 +25,6 @@ type FrontendConfig struct {
 	ShrToken        string
 	Address         string
 	ResponseHeaders []string
-	TemplatePath    string
 	Tls             *endpoints.TlsConfig
 	RequestsChan    chan *endpoints.Request
 	SuperNetwork    bool
@@ -137,7 +136,6 @@ func newServiceProxy(cfg *FrontendConfig, ctx ziti.Context) (*httputil.ReversePr
 				"bad gateway!",
 				fmt.Sprintf("bad gateway for share <code>%v</code>!", cfg.ShrToken),
 			).WithError(err),
-			cfg.TemplatePath,
 		)
 	}
 	return proxy, nil
@@ -238,15 +236,15 @@ func authHandler(shrToken string, handler http.Handler, realm string, cfg *Front
 					}
 				} else {
 					logrus.Warnf("%v -> no auth scheme for '%v'", r.RemoteAddr, shrToken)
-					proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+					proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 				}
 			} else {
 				logrus.Warnf("%v -> no proxy config for '%v'", r.RemoteAddr, shrToken)
-				proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+				proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 			}
 		} else {
 			logrus.Warnf("%v -> service '%v' not found", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 		}
 	}
 }
diff --git a/endpoints/proxyUi/template.go b/endpoints/proxyUi/template.go
index 3572b77c..3fdaaf3b 100644
--- a/endpoints/proxyUi/template.go
+++ b/endpoints/proxyUi/template.go
@@ -7,19 +7,43 @@ import (
 	"os"
 	"text/template"
 
+	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
 
-var externalTemplate []byte
+var tmpl *template.Template
+
+func init() {
+	if data, err := FS.ReadFile("template.html"); err == nil {
+		tmpl, err = template.New("template").Parse(string(data))
+		if err != nil {
+			panic(errors.Wrap(err, "unable to parse embedded template 'template.html'"))
+		}
+	} else {
+		panic(errors.Wrap(err, "unable to load embedded template 'template.html'"))
+	}
+}
 
 type VariableData map[string]interface{}
 
-func WriteHealthOk(w http.ResponseWriter, templatePath string) {
-	WriteTemplate(w, http.StatusOK, RequiredData("healthy", "healthy"), templatePath)
+func ReplaceTemplate(path string) error {
+	if f, err := os.ReadFile(path); err == nil {
+		tmpl, err = template.New("template").Parse(string(f))
+		if err != nil {
+			panic(errors.Wrapf(err, "unable to parse template '%v'", path))
+		}
+	} else {
+		return errors.Wrapf(err, "error reading template from '%v'", path)
+	}
+	return nil
 }
 
-func WriteBadGateway(w http.ResponseWriter, variableData VariableData, templatePath string) {
-	WriteTemplate(w, http.StatusBadGateway, variableData, templatePath)
+func WriteHealthOk(w http.ResponseWriter) {
+	WriteTemplate(w, http.StatusOK, RequiredData("healthy", "healthy"))
+}
+
+func WriteBadGateway(w http.ResponseWriter, variableData VariableData) {
+	WriteTemplate(w, http.StatusBadGateway, variableData)
 }
 
 func RequiredData(title, banner string) VariableData {
@@ -41,8 +65,8 @@ func NotFoundData(shareToken string) VariableData {
 	)
 }
 
-func WriteNotFound(w http.ResponseWriter, variableData VariableData, templatePath string) {
-	WriteTemplate(w, http.StatusNotFound, variableData, templatePath)
+func WriteNotFound(w http.ResponseWriter, variableData VariableData) {
+	WriteTemplate(w, http.StatusNotFound, variableData)
 }
 
 func UnauthorizedData() VariableData {
@@ -59,34 +83,11 @@ func UnauthorizedUser(user string) VariableData {
 	)
 }
 
-func WriteUnauthorized(w http.ResponseWriter, variableData VariableData, templatePath string) {
-	WriteTemplate(w, http.StatusUnauthorized, variableData, templatePath)
+func WriteUnauthorized(w http.ResponseWriter, variableData VariableData) {
+	WriteTemplate(w, http.StatusUnauthorized, variableData)
 }
 
-func WriteTemplate(w http.ResponseWriter, statusCode int, variableData VariableData, templatePath string) {
-	if templatePath != "" && externalTemplate == nil {
-		if f, err := os.ReadFile(templatePath); err == nil {
-			externalTemplate = f
-		} else {
-			logrus.Errorf("error reading proxyUi template from '%v': %v", templatePath, err)
-		}
-	}
-	var templateData = externalTemplate
-	if templateData == nil {
-		if f, err := FS.ReadFile("template.html"); err == nil {
-			templateData = f
-		} else {
-			logrus.Errorf("error reading embedded proxyUi template 'template.html': %v", err)
-		}
-	}
-
-	tmpl, err := template.New("template").Parse(string(templateData))
-	if err != nil {
-		logrus.Errorf("failed to parse template: %v", err)
-		http.Error(w, "Internal Server Error", http.StatusInternalServerError)
-		return
-	}
-
+func WriteTemplate(w http.ResponseWriter, statusCode int, variableData VariableData) {
 	var buf bytes.Buffer
 	if err := tmpl.Execute(&buf, variableData); err != nil {
 		logrus.Errorf("failed to execute template: %v", err)
@@ -94,7 +95,6 @@ func WriteTemplate(w http.ResponseWriter, statusCode int, variableData VariableD
 		return
 	}
 
-	// Write the response
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.WriteHeader(statusCode)
 
diff --git a/endpoints/publicProxy/authOAuth.go b/endpoints/publicProxy/authOAuth.go
index 5925bc36..293a2ed4 100644
--- a/endpoints/publicProxy/authOAuth.go
+++ b/endpoints/publicProxy/authOAuth.go
@@ -118,7 +118,7 @@ func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[st
 				if err != nil {
 					err := fmt.Errorf("invalid email address pattern glob '%v': %v", pattern, err)
 					logrus.Error(err)
-					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(err), cfg.TemplatePath)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(err))
 					return false
 				}
 				if match.Match(claims.Email) {
@@ -127,7 +127,7 @@ func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[st
 			}
 		}
 		logrus.Warnf("unauthorized email '%v'", claims.Email)
-		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email), cfg.TemplatePath)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email))
 		return false
 	}
 	return true
diff --git a/endpoints/publicProxy/config.go b/endpoints/publicProxy/config.go
index 4a295e88..2782ee69 100644
--- a/endpoints/publicProxy/config.go
+++ b/endpoints/publicProxy/config.go
@@ -102,7 +102,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 			if t, found := mv["type"]; found {
 				switch t {
 				case "github":
-					cfger, err := newGithubConfigurer(cfg, tls, mv)
+					cfger, err := newGithubConfigurer(cfg.Oauth, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -111,7 +111,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 					}
 
 				case "google":
-					cfger, err := newGoogleConfigurer(cfg, tls, mv)
+					cfger, err := newGoogleConfigurer(cfg.Oauth, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -120,7 +120,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 					}
 
 				case "oidc":
-					cfger, err := newOidcConfigurer(cfg, tls, mv)
+					cfger, err := newOidcConfigurer(cfg.Oauth, tls, mv)
 					if err != nil {
 						return err
 					}
@@ -140,7 +140,7 @@ func configureOauth(ctx context.Context, cfg *Config, tls bool) error {
 	}
 
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
-		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData(), cfg.TemplatePath)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData())
 	})
 
 	zhttp.StartServer(ctx, cfg.Oauth.BindAddress)
diff --git a/endpoints/publicProxy/cookies.go b/endpoints/publicProxy/cookies.go
index 6e3ae2d2..b7ed3df1 100644
--- a/endpoints/publicProxy/cookies.go
+++ b/endpoints/publicProxy/cookies.go
@@ -12,7 +12,6 @@ import (
 )
 
 type sessionCookieRequest struct {
-	cfg             *Config
 	oauthCfg        *OauthConfig
 	supportsRefresh bool
 	email           string
@@ -29,7 +28,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	if targetHost == "" {
 		err := errors.New("targetHost claim must not be empty")
 		logrus.Error(err)
-		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err), req.cfg.TemplatePath)
+		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err))
 		return
 	}
 	targetHost = strings.Split(targetHost, "/")[0]
@@ -37,7 +36,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	encryptedAccessToken, err := encryptToken(req.accessToken, req.encryptionKey)
 	if err != nil {
 		logrus.Errorf("failed to encrypt access token: %v", err)
-		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(errors.New("failed to encrypt access token")), req.cfg.TemplatePath)
+		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(errors.New("failed to encrypt access token")))
 		return
 	}
 
@@ -56,7 +55,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	sTkn, err := tkn.SignedString(req.signingKey)
 	if err != nil {
 		logrus.Errorf("error signing jwt: %v", err)
-		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(req.email).WithError(errors.New("error signing jwt")), req.cfg.TemplatePath)
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(req.email).WithError(errors.New("error signing jwt")))
 		return
 	}
 
diff --git a/endpoints/publicProxy/http.go b/endpoints/publicProxy/http.go
index 18d8ef70..d3d360ce 100644
--- a/endpoints/publicProxy/http.go
+++ b/endpoints/publicProxy/http.go
@@ -32,6 +32,12 @@ func NewHTTP(cfg *Config) (*HttpFrontend, error) {
 		return nil, err
 	}
 
+	if cfg.TemplatePath != "" {
+		if err := proxyUi.ReplaceTemplate(cfg.TemplatePath); err != nil {
+			return nil, err
+		}
+	}
+
 	root, err := environment.LoadRoot()
 	if err != nil {
 		return nil, errors.Wrap(err, "error loading environment root")
@@ -111,7 +117,6 @@ func newServiceProxy(cfg *Config, ctx ziti.Context) (*httputil.ReverseProxy, err
 				"bad gateway!",
 				"bad gateway!",
 			),
-			cfg.TemplatePath,
 		)
 	}
 	return proxy, nil
@@ -157,21 +162,21 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		shrToken := resolveService(cfg.HostMatch, r.Host)
 		if shrToken == "" {
 			logrus.Debugf("host '%v' did not match host match, returning health check", r.Host)
-			proxyUi.WriteHealthOk(w, cfg.TemplatePath)
+			proxyUi.WriteHealthOk(w)
 			return
 		}
 
 		svc, found := endpoints.GetRefreshedService(shrToken, ctx)
 		if !found {
 			logrus.Warnf("%v -> service '%v' not found", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 			return
 		}
 
 		svcCfg, found := svc.Config[sdk.ZrokProxyConfig]
 		if !found {
 			logrus.Warnf("%v -> no proxy config for '%v'", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 			return
 		}
 
@@ -182,7 +187,7 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		authScheme, found := svcCfg["auth_scheme"]
 		if !found {
 			logrus.Warnf("%v -> no auth scheme for '%v'", r.RemoteAddr, shrToken)
-			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken), cfg.TemplatePath)
+			proxyUi.WriteNotFound(w, proxyUi.NotFoundData(shrToken))
 			return
 		}
 
@@ -208,7 +213,7 @@ func shareHandler(handler http.Handler, cfg *Config, signingKey []byte, ctx ziti
 		default:
 			err := fmt.Errorf("invalid auth scheme '%v'", authScheme)
 			logrus.Error(err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(err), cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(err))
 		}
 	}
 }
diff --git a/endpoints/publicProxy/providerGithub.go b/endpoints/publicProxy/providerGithub.go
index dd920739..144a2b44 100644
--- a/endpoints/publicProxy/providerGithub.go
+++ b/endpoints/publicProxy/providerGithub.go
@@ -23,12 +23,12 @@ import (
 )
 
 type githubConfigurer struct {
-	cfg       *Config
+	cfg       *OauthConfig
 	githubCfg *githubConfig
 	tls       bool
 }
 
-func newGithubConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*githubConfigurer, error) {
+func newGithubConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*githubConfigurer, error) {
 	c := &githubConfigurer{cfg: cfg}
 	githubCfg, err := newGithubConfig(v)
 	if err != nil {
@@ -59,20 +59,20 @@ func (c *githubConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
 
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
 	rpConfig := &oauth2.Config{
 		ClientID:     c.githubCfg.ClientId,
 		ClientSecret: c.githubCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.githubCfg.Name),
+		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.githubCfg.Name),
 		Scopes:       []string{"user:email"},
 		Endpoint:     githubOAuth.Endpoint,
 	}
@@ -98,7 +98,7 @@ func (c *githubConfigurer) configure() error {
 			if err != nil {
 				err := fmt.Errorf("unable to unescape targetHost: %v", err)
 				logrus.Error(err)
-				proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err), c.cfg.TemplatePath)
+				proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err))
 				return
 			}
 			rp.AuthURLHandler(func() string {
@@ -108,7 +108,7 @@ func (c *githubConfigurer) configure() error {
 					TargetHost:      targetHost,
 					RefreshInterval: r.URL.Query().Get("refreshInterval"),
 					RegisteredClaims: jwt.RegisteredClaims{
-						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
+						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
 						IssuedAt:  jwt.NewNumericDate(time.Now()),
 						NotBefore: jwt.NewNumericDate(time.Now()),
 						Issuer:    "zrok",
@@ -133,7 +133,7 @@ func (c *githubConfigurer) configure() error {
 		if err != nil {
 			errOut := errors.Wrap(err, "error parsing intermediate token")
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 
@@ -143,7 +143,7 @@ func (c *githubConfigurer) configure() error {
 		} else {
 			errOut := errors.Wrapf(err, "unable to parse authorization check interval '%v'", token.Claims.(*IntermediateJWT).RefreshInterval)
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 
@@ -151,7 +151,7 @@ func (c *githubConfigurer) configure() error {
 		if err != nil {
 			errOut := errors.Wrap(err, "error parsing github url")
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 		req := &http.Request{
@@ -164,7 +164,7 @@ func (c *githubConfigurer) configure() error {
 		if err != nil {
 			errOut := errors.Wrap(err, "error getting user info from github")
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 		defer func() {
@@ -174,7 +174,7 @@ func (c *githubConfigurer) configure() error {
 		if err != nil {
 			errOut := errors.Wrap(err, "error reading response body from github")
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 		var rDat []githubUserResp
@@ -182,7 +182,7 @@ func (c *githubConfigurer) configure() error {
 		if err != nil {
 			errOut := errors.Wrap(err, "error unmarshalling response from github")
 			logrus.Error(errOut)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errOut))
 			return
 		}
 
@@ -195,7 +195,7 @@ func (c *githubConfigurer) configure() error {
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			oauthCfg:        c.cfg.Oauth,
+			oauthCfg:        c.cfg,
 			supportsRefresh: false,
 			email:           primaryEmail,
 			accessToken:     tokens.AccessToken,
@@ -211,7 +211,7 @@ func (c *githubConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.githubCfg.Name), rp.CodeExchangeHandler(login, provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
+		cookie, err := r.Cookie(c.cfg.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -226,7 +226,7 @@ func (c *githubConfigurer) configure() error {
 							strings.NewReader(fmt.Sprintf(`{"access_token":"%s"}`, accessToken)))
 						if err != nil {
 							logrus.Errorf("error creating access token delete request for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error creating access token delete request")), c.cfg.TemplatePath)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error creating access token delete request")))
 							return
 						}
 
@@ -236,7 +236,7 @@ func (c *githubConfigurer) configure() error {
 						resp, err := http.DefaultClient.Do(req)
 						if err != nil {
 							logrus.Errorf("error invoking access token delete request for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error executing access token delete request")), c.cfg.TemplatePath)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("error executing access token delete request")))
 							return
 						}
 						defer resp.Body.Close()
@@ -245,42 +245,42 @@ func (c *githubConfigurer) configure() error {
 							logrus.Infof("revoked github access token for '%v'", claims.Email)
 						} else {
 							logrus.Errorf("access token revocation failed with status: %v", resp.StatusCode)
-							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")))
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")))
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.githubCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")), c.cfg.TemplatePath)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")))
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")))
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")), c.cfg.TemplatePath)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")))
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.Oauth.CookieName,
+			Name:     c.cfg.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.Oauth.CookieDomain,
+			Domain:   c.cfg.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.githubCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.githubCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}
diff --git a/endpoints/publicProxy/providerGoogle.go b/endpoints/publicProxy/providerGoogle.go
index c30e205f..0dd283f3 100644
--- a/endpoints/publicProxy/providerGoogle.go
+++ b/endpoints/publicProxy/providerGoogle.go
@@ -22,12 +22,12 @@ import (
 )
 
 type googleConfigurer struct {
-	cfg       *Config
+	cfg       *OauthConfig
 	googleCfg *googleConfig
 	tls       bool
 }
 
-func newGoogleConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*googleConfigurer, error) {
+func newGoogleConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*googleConfigurer, error) {
 	c := &googleConfigurer{cfg: cfg}
 	googleCfg, err := newGoogleConfig(v)
 	if err != nil {
@@ -58,20 +58,20 @@ func (c *googleConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
 
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
 	rpConfig := &oauth2.Config{
 		ClientID:     c.googleCfg.ClientId,
 		ClientSecret: c.googleCfg.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.googleCfg.Name),
+		RedirectURL:  fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.googleCfg.Name),
 		Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email"},
 		Endpoint:     googleOauth.Endpoint,
 	}
@@ -94,7 +94,7 @@ func (c *googleConfigurer) configure() error {
 			targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 			if err != nil {
 				logrus.Errorf("unable to unescape targetHost: %v", err)
-				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to escape targetHost")), c.cfg.TemplatePath)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to escape targetHost")))
 				return
 			}
 			rp.AuthURLHandler(func() string {
@@ -104,7 +104,7 @@ func (c *googleConfigurer) configure() error {
 					TargetHost:      targetHost,
 					RefreshInterval: r.URL.Query().Get("refreshInterval"),
 					RegisteredClaims: jwt.RegisteredClaims{
-						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
+						ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
 						IssuedAt:  jwt.NewNumericDate(time.Now()),
 						NotBefore: jwt.NewNumericDate(time.Now()),
 						Issuer:    "zrok",
@@ -128,7 +128,7 @@ func (c *googleConfigurer) configure() error {
 		})
 		if err != nil {
 			logrus.Errorf("error parsing intermediate token: %v", err.Error())
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error parsing intermediate token")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error parsing intermediate token")))
 			return
 		}
 
@@ -137,14 +137,14 @@ func (c *googleConfigurer) configure() error {
 			refreshInterval = v
 		} else {
 			logrus.Errorf("unable to parse authorization check interval: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse authorization check interval")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse authorization check interval")))
 			return
 		}
 
 		resp, err := http.Get("https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + url.QueryEscape(tokens.AccessToken))
 		if err != nil {
 			logrus.Errorf("error getting user info from google: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting user info from google")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting user info from google")))
 			return
 		}
 		defer func() {
@@ -153,7 +153,7 @@ func (c *googleConfigurer) configure() error {
 		response, err := io.ReadAll(resp.Body)
 		if err != nil {
 			logrus.Errorf("error reading response body: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error reading google response body")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error reading google response body")))
 			return
 		}
 		logrus.Debugf("response from google userinfo endpoint: %s", string(response))
@@ -161,12 +161,12 @@ func (c *googleConfigurer) configure() error {
 		err = json.Unmarshal(response, &data)
 		if err != nil {
 			logrus.Errorf("error unmarshalling google oauth response: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error unmarshalling google oauth response")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error unmarshalling google oauth response")))
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			oauthCfg:        c.cfg.Oauth,
+			oauthCfg:        c.cfg,
 			supportsRefresh: false,
 			email:           data.Email,
 			accessToken:     tokens.AccessToken,
@@ -182,7 +182,7 @@ func (c *googleConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.googleCfg.Name), rp.CodeExchangeHandler(login, provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
+		cookie, err := r.Cookie(c.cfg.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -202,47 +202,47 @@ func (c *googleConfigurer) configure() error {
 								logrus.Infof("revoked google token for '%v'", claims.Email)
 							} else {
 								logrus.Errorf("access token revocation failed with status: %v", resp.StatusCode)
-								proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
+								proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")))
 								return
 							}
 						} else {
 							logrus.Errorf("unable to revoke access token for '%v': %v", claims.Email, err)
-							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to post access token revocation")), c.cfg.TemplatePath)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to post access token revocation")))
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")))
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.googleCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")), c.cfg.TemplatePath)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider name mismatch")))
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")))
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting cookie")), c.cfg.TemplatePath)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("error getting cookie")))
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.Oauth.CookieName,
+			Name:     c.cfg.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.Oauth.CookieDomain,
+			Domain:   c.cfg.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.googleCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.googleCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}
diff --git a/endpoints/publicProxy/providerOidc.go b/endpoints/publicProxy/providerOidc.go
index 21f53fb2..1bfb9364 100644
--- a/endpoints/publicProxy/providerOidc.go
+++ b/endpoints/publicProxy/providerOidc.go
@@ -19,12 +19,12 @@ import (
 )
 
 type oidcConfigurer struct {
-	cfg     *Config
+	cfg     *OauthConfig
 	oidcCfg *oidcConfig
 	tls     bool
 }
 
-func newOidcConfigurer(cfg *Config, tls bool, v map[string]interface{}) (*oidcConfigurer, error) {
+func newOidcConfigurer(cfg *OauthConfig, tls bool, v map[string]interface{}) (*oidcConfigurer, error) {
 	c := &oidcConfigurer{cfg: cfg}
 	oidcCfg, err := newOidcConfig(v)
 	if err != nil {
@@ -59,16 +59,16 @@ func (c *oidcConfigurer) configure() error {
 		scheme = "https"
 	}
 
-	signingKey, err := deriveKey(c.cfg.Oauth.SigningKey, 32)
+	signingKey, err := deriveKey(c.cfg.SigningKey, 32)
 	if err != nil {
 		return err
 	}
-	encryptionKey, err := deriveKey(c.cfg.Oauth.EncryptionKey, 32)
+	encryptionKey, err := deriveKey(c.cfg.EncryptionKey, 32)
 	if err != nil {
 		return err
 	}
-	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.Oauth.CookieDomain))
-	redirectUrl := fmt.Sprintf("%v/%v/auth/callback", c.cfg.Oauth.EndpointUrl, c.oidcCfg.Name)
+	cookieHandler := zhttp.NewCookieHandler(signingKey, encryptionKey, zhttp.WithUnsecure(), zhttp.WithDomain(c.cfg.CookieDomain))
+	redirectUrl := fmt.Sprintf("%v/%v/auth/callback", c.cfg.EndpointUrl, c.oidcCfg.Name)
 	providerOptions := []rp.Option{
 		rp.WithCookieHandler(cookieHandler),
 		rp.WithVerifierOpts(rp.WithIssuedAtOffset(5 * time.Second)),
@@ -93,7 +93,7 @@ func (c *oidcConfigurer) configure() error {
 		targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 		if err != nil {
 			logrus.Errorf("unable to unescape 'targetHost': %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")))
 			return
 		}
 		state := func() string {
@@ -103,7 +103,7 @@ func (c *oidcConfigurer) configure() error {
 				TargetHost:      targetHost,
 				RefreshInterval: r.URL.Query().Get("refreshInterval"),
 				RegisteredClaims: jwt.RegisteredClaims{
-					ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.Oauth.IntermediateLifetime)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(c.cfg.IntermediateLifetime)),
 					IssuedAt:  jwt.NewNumericDate(time.Now()),
 					NotBefore: jwt.NewNumericDate(time.Now()),
 					Issuer:    "zrok",
@@ -135,14 +135,14 @@ func (c *oidcConfigurer) configure() error {
 		targetHost, err := url.QueryUnescape(r.URL.Query().Get("targetHost"))
 		if err != nil {
 			logrus.Errorf("unable to unescape 'targetHost': %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to unescape targetHost")))
 			return
 		}
 
-		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
+		cookie, err := r.Cookie(c.cfg.CookieName)
 		if err != nil {
 			logrus.Errorf("unable to get auth session cookie: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to get auth session cookie")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to get auth session cookie")))
 			return
 		}
 
@@ -151,33 +151,33 @@ func (c *oidcConfigurer) configure() error {
 		})
 		if err != nil {
 			logrus.Errorf("unable to parse jwt: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse jwt")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse jwt")))
 			return
 		}
 
 		claims := tkn.Claims.(*zrokClaims)
 		if claims.Provider != c.oidcCfg.Name {
 			logrus.Error("token provider mismatch")
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("token provider mismatch")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("token provider mismatch")))
 			return
 		}
 
 		accessToken, err := decryptToken(claims.AccessToken, encryptionKey)
 		if err != nil {
 			logrus.Errorf("unable to decrypt access token: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")))
 			return
 		}
 
 		newTokens, err := rp.RefreshTokens[*oidc.IDTokenClaims](context.Background(), provider, accessToken, "", "")
 		if err != nil {
 			logrus.Errorf("unable to refresh tokens: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to refresh tokens")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to refresh tokens")))
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			oauthCfg:        c.cfg.Oauth,
+			oauthCfg:        c.cfg,
 			supportsRefresh: true,
 			email:           claims.Email,
 			accessToken:     newTokens.AccessToken,
@@ -198,7 +198,7 @@ func (c *oidcConfigurer) configure() error {
 		})
 		if err != nil {
 			logrus.Errorf("unable to parse intermediate JWT: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse intermediate jwt")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("unable to parse intermediate jwt")))
 			return
 		}
 
@@ -207,12 +207,12 @@ func (c *oidcConfigurer) configure() error {
 			refreshInterval = v
 		} else {
 			logrus.Errorf("unable to parse authorization check interval: %v", err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(info.Email).WithError(errors.New("unable to parse authorization check interval")), c.cfg.TemplatePath)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(info.Email).WithError(errors.New("unable to parse authorization check interval")))
 			return
 		}
 
 		setSessionCookie(w, sessionCookieRequest{
-			oauthCfg:        c.cfg.Oauth,
+			oauthCfg:        c.cfg,
 			supportsRefresh: true,
 			email:           info.Email,
 			accessToken:     tokens.AccessToken,
@@ -228,7 +228,7 @@ func (c *oidcConfigurer) configure() error {
 	http.Handle(fmt.Sprintf("/%v/auth/callback", c.oidcCfg.Name), rp.CodeExchangeHandler(rp.UserinfoCallback(login), provider))
 
 	logout := func(w http.ResponseWriter, r *http.Request) {
-		cookie, err := r.Cookie(c.cfg.Oauth.CookieName)
+		cookie, err := r.Cookie(c.cfg.CookieName)
 		if err == nil {
 			tkn, err := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 				return signingKey, nil
@@ -242,42 +242,42 @@ func (c *oidcConfigurer) configure() error {
 							logrus.Infof("revoked access token for '%v'", claims.Email)
 						} else {
 							logrus.Errorf("access token revocation failed: %v", err)
-							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")), c.cfg.TemplatePath)
+							proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("access token revocation failed")))
 							return
 						}
 					} else {
 						logrus.Errorf("unable to decrypt access token for '%v': %v", claims.Email, err)
-						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")), c.cfg.TemplatePath)
+						proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("unable to decrypt access token")))
 						return
 					}
 				} else {
 					logrus.Errorf("expected provider name '%v' got '%v'", c.oidcCfg.Name, claims.Email)
-					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider mismatch")), c.cfg.TemplatePath)
+					proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedUser(claims.Email).WithError(errors.New("provider mismatch")))
 					return
 				}
 			} else {
 				logrus.Errorf("invalid jwt; unable to parse: %v", err)
-				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")), c.cfg.TemplatePath)
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid jwt; unable to parse")))
 				return
 			}
 		} else {
-			logrus.Errorf("error getting cookie '%v': %v", c.cfg.Oauth.CookieName, err)
-			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")), c.cfg.TemplatePath)
+			logrus.Errorf("error getting cookie '%v': %v", c.cfg.CookieName, err)
+			proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("invalid cookie")))
 			return
 		}
 
 		http.SetCookie(w, &http.Cookie{
-			Name:     c.cfg.Oauth.CookieName,
+			Name:     c.cfg.CookieName,
 			Value:    "",
 			MaxAge:   -1,
-			Domain:   c.cfg.Oauth.CookieDomain,
+			Domain:   c.cfg.CookieDomain,
 			Path:     "/",
 			HttpOnly: true,
 		})
 
 		redirectURL := r.URL.Query().Get("redirect_url")
 		if redirectURL == "" {
-			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.Oauth.EndpointUrl, c.oidcCfg.Name)
+			redirectURL = fmt.Sprintf("%s/%s/login", c.cfg.EndpointUrl, c.oidcCfg.Name)
 		}
 		http.Redirect(w, r, redirectURL, http.StatusFound)
 	}

From 528c1c477163a2d24fbaad2f7e6c4120e86f127d Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 16:00:18 -0400
Subject: [PATCH 6/9] revert; no pass path (#1012)

---
 endpoints/publicProxy/authOAuth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/endpoints/publicProxy/authOAuth.go b/endpoints/publicProxy/authOAuth.go
index 293a2ed4..17299120 100644
--- a/endpoints/publicProxy/authOAuth.go
+++ b/endpoints/publicProxy/authOAuth.go
@@ -58,7 +58,7 @@ func (h *authHandler) handleOAuth(w http.ResponseWriter, r *http.Request, cfg ma
 		return false
 	}
 
-	if !h.validateEmailDomain(w, oauthMap, cookie, h.cfg) {
+	if !h.validateEmailDomain(w, oauthMap, cookie) {
 		return false
 	}
 
@@ -105,7 +105,7 @@ func (h *authHandler) validateOAuthToken(w http.ResponseWriter, r *http.Request,
 	return true
 }
 
-func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[string]interface{}, cookie *http.Cookie, cfg *Config) bool {
+func (h *authHandler) validateEmailDomain(w http.ResponseWriter, oauthCfg map[string]interface{}, cookie *http.Cookie) bool {
 	if patterns, found := oauthCfg["email_domains"].([]interface{}); found && len(patterns) > 0 {
 		tkn, _ := jwt.ParseWithClaims(cookie.Value, &zrokClaims{}, func(t *jwt.Token) (interface{}, error) {
 			return h.signingKey, nil

From 5ff6d2578dacdcace3676e40feb062b1e48edc98 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 16:01:45 -0400
Subject: [PATCH 7/9] UnauthorizedData (#1012)

---
 endpoints/publicProxy/cookies.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/endpoints/publicProxy/cookies.go b/endpoints/publicProxy/cookies.go
index b7ed3df1..e8c90782 100644
--- a/endpoints/publicProxy/cookies.go
+++ b/endpoints/publicProxy/cookies.go
@@ -28,7 +28,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	if targetHost == "" {
 		err := errors.New("targetHost claim must not be empty")
 		logrus.Error(err)
-		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err))
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(err))
 		return
 	}
 	targetHost = strings.Split(targetHost, "/")[0]
@@ -36,7 +36,7 @@ func setSessionCookie(w http.ResponseWriter, req sessionCookieRequest) {
 	encryptedAccessToken, err := encryptToken(req.accessToken, req.encryptionKey)
 	if err != nil {
 		logrus.Errorf("failed to encrypt access token: %v", err)
-		proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(errors.New("failed to encrypt access token")))
+		proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(errors.New("failed to encrypt access token")))
 		return
 	}
 

From 7b2ff044d84546896a85d704709666bbfebc73d6 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 16:03:32 -0400
Subject: [PATCH 8/9] UnauthorizedData (#1012)

---
 endpoints/publicProxy/providerGithub.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/endpoints/publicProxy/providerGithub.go b/endpoints/publicProxy/providerGithub.go
index 144a2b44..3792721d 100644
--- a/endpoints/publicProxy/providerGithub.go
+++ b/endpoints/publicProxy/providerGithub.go
@@ -98,7 +98,7 @@ func (c *githubConfigurer) configure() error {
 			if err != nil {
 				err := fmt.Errorf("unable to unescape targetHost: %v", err)
 				logrus.Error(err)
-				proxyUi.WriteUnauthorized(w, proxyUi.RequiredData("unauthorized!", "unauthorized!").WithError(err))
+				proxyUi.WriteUnauthorized(w, proxyUi.UnauthorizedData().WithError(err))
 				return
 			}
 			rp.AuthURLHandler(func() string {

From fe72fdc6f40cee3efb69797c92c8a7c56574e8d1 Mon Sep 17 00:00:00 2001
From: Michael Quigley <michael@quigley.com>
Date: Wed, 6 Aug 2025 16:14:22 -0400
Subject: [PATCH 9/9] better responsiveness (#1012)

---
 endpoints/proxyUi/template.html | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/endpoints/proxyUi/template.html b/endpoints/proxyUi/template.html
index 70829561..c39ebaca 100644
--- a/endpoints/proxyUi/template.html
+++ b/endpoints/proxyUi/template.html
@@ -55,8 +55,13 @@
             font-size: 48pt;
             font-weight: bold;
             margin: 0;
+            margin-left: 25px;
             color: #9bf316;
         }
+        #banner svg {
+            width: 80px;
+            height: 105px;
+        }
         #container {
             display: flex;
             align-items: center;
@@ -67,13 +72,29 @@
             text-align: center;
             background-color: white;
             border-radius: 12px;
+            word-wrap: break-word;
+            overflow-wrap: break-word;
+            white-space: normal;
+            hyphens: auto;
         }
+        @media (max-width: 599px) {
+              body {
+                  font-size: 0.5em;
+              }
+              #banner h1 {
+                  font-size: 24pt;
+              }
+              #banner svg {
+                  width: 40px;
+                  height: 52.5px;
+              }
+          }
     </style>
 </head>
 <body>
 <div id="root">
     <div id="banner">
-        <svg width="125.797mm" height="166.26598mm" viewBox="0 0 125.797 166.26598" version="1.1" style="width: 80px; height: 105px;">
+        <svg width="125.797mm" height="166.26598mm" viewBox="0 0 125.797 166.26598" version="1.1">
             <g transform="translate(-41.620475,-64.027978)">
                 <path style="fill:#9bf316;fill-opacity:1;stroke-width:0.865487" d="m 104.52059,64.027974 c 0,0 -12.300998,16.684095 -17.163248,24.964306 -4.8623,8.28022 -7.86765,12.84754 -10.59501,26.3339 -2.72736,13.48636 -1.27406,42.21319 -1.27406,42.21319 l -18.58752,20.04004 -15.280273,49.9615 40.422833,-6.79427 a 22.714797,11.567473 0 0 0 22.320548,9.54731 22.714797,11.567473 0 0 0 22.32712,-9.55945 l 40.72649,6.84277 -15.28027,-49.95979 -18.58916,-20.04001 c 0,0 1.45496,-28.72857 -1.2724,-42.21493 -2.72736,-13.48636 -5.73437,-18.05368 -10.59667,-26.3339 -4.8608,-8.277646 -17.14905,-24.947062 -17.15668,-24.957378 z m -0.0151,14.741718 c 0.52421,0.860497 14.76063,18.300498 18.34492,32.586238 3.65093,14.55125 3.25036,30.16797 2.29067,46.75483 -0.68395,11.82081 -5.48912,37.13724 -8.2384,50.97445 a 22.714797,11.567473 0 0 0 -12.54073,-1.9254 22.714797,11.567473 0 0 0 -12.237098,1.84921 c -2.75047,-13.84452 -7.55003,-39.12307 -8.23343,-50.93462 -0.95969,-16.58687 -1.36026,-32.20531 2.29067,-46.75656 3.57561,-14.25109 17.733538,-31.579359 18.323398,-32.548148 z m -27.999198,95.069708 6.36686,35.53319 -30.30472,9.08328 10.94985,-35.7998 z m 56.021568,0.0351 12.988,8.81667 10.9482,35.80155 -30.30311,-9.08504 z"/>
             </g>