diff --git a/conf/config.js b/conf/config.js
index 49c19cd..f1e57bc 100644
--- a/conf/config.js
+++ b/conf/config.js
@@ -106,7 +106,7 @@ const conf = convict({
   },
   redis_db: {
     format: String,
-    default: '',
+    default: '__REDIS_DB__',
     env: 'REDIS_DB'
   },
   redis_event_expire: {
@@ -147,7 +147,7 @@ const conf = convict({
   },
   env: {
     format: ['production', 'development', 'test'],
-    default: 'development',
+    default: 'production',
     env: 'NODE_ENV'
   },
   max_file_size: {
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 2c8ef20..0ef73f7 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,16 +1,10 @@
 location / {
 
-  proxy_pass        http://127.0.0.1:__PORT__;
-  proxy_redirect    off;
-  proxy_set_header  Host $host;
-  proxy_set_header  X-Real-IP $remote_addr;
-  proxy_set_header  X-Forwarded-Proto $scheme;
-  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header  X-Forwarded-Host $server_name;
-
-  proxy_http_version 1.1;
-  proxy_set_header Connection "upgrade";
-  proxy_set_header Upgrade $http_upgrade;
+  proxy_pass       http://127.0.0.1:__PORT__;
+  proxy_set_header Host $host; 
+  proxy_set_header X-Real-IP $remote_addr; 
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
+  proxy_set_header X-Forwarded-Proto $scheme;
 }
 
 location /api/ws {
diff --git a/conf/systemd.service b/conf/systemd.service
index 7374759..9f40fd9 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -6,11 +6,41 @@ After=syslog.target network.target
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__
+WorkingDirectory=__FINALPATH__/
 Environment="NODE_ENV=production"
 #Environment="__YNH_NODE_LOAD_PATH__"
 ExecStart=__YNH_NODE__ __FINALPATH__/server/bin/prod.js
 Restart=always
 
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 247f831..77741ea 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -10,8 +10,7 @@
 nodejs_version=15
 
 # dependencies used by the app
-#pkg_dependencies="redis-server"
-
+pkg_dependencies="redis-server"
 
 #=================================================
 # PERSONAL HELPERS
@@ -24,3 +23,43 @@ nodejs_version=15
 #=================================================
 # FUTURE OFFICIAL HELPERS
 #=================================================
+
+#!/bin/bash
+
+# get the first available redis database
+#
+# usage: ynh_redis_get_free_db
+# | returns: the database number to use
+ynh_redis_get_free_db() {
+	local result max db
+	result=$(redis-cli INFO keyspace)
+
+	# get the num
+	max=$(cat /etc/redis/redis.conf | grep ^databases | grep -Eow "[0-9]+")
+
+	db=0
+	# default Debian setting is 15 databases
+	for i in $(seq 0 "$max")
+	do
+	 	if ! echo "$result" | grep -q "db$i"
+	 	then
+			db=$i
+	 		break 1
+ 		fi
+ 		db=-1
+	done
+
+	test "$db" -eq -1 && ynh_die --message="No available Redis databases..."
+
+	echo "$db"
+}
+
+# Create a master password and set up global settings
+# Please always call this script in install and restore scripts
+#
+# usage: ynh_redis_remove_db database
+# | arg: database - the database to erase
+ynh_redis_remove_db() {
+	local db=$1
+	redis-cli -n "$db" flushall
+}
diff --git a/scripts/change_url b/scripts/change_url
index 8607037..4480004 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
+redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
 
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@@ -106,6 +107,7 @@ fi
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=2
 
+domain=$new_domain
 ynh_add_config --template="../conf/config.js" --destination="$final_path/server/config.js"
 
 chmod 400 "$final_path/server/config.js"
diff --git a/scripts/install b/scripts/install
index dcc7542..4e7e32e 100644
--- a/scripts/install
+++ b/scripts/install
@@ -64,11 +64,20 @@ ynh_app_setting_set --app=$app --key=port --value=$port
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --weight=20
 
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
 
 # Install Nodejs
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 
+#=================================================
+# CREATE A REDIS DATABASE
+#=================================================
+ynh_script_progression --message="Creating a Redis database..." --weight=5
+
+# Configure redis
+redis_db=$(ynh_redis_get_free_db)
+ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
+
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
@@ -116,10 +125,16 @@ chown $app "$final_path/server/config.js"
 #==============================================
 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=20
 
+#pushd "$final_path"
+#	ynh_use_nodejs
+#	ynh_exec_warn_less ynh_npm install
+#	ynh_exec_warn_less ynh_npm run build
+#popd
+
 pushd "$final_path"
 	ynh_use_nodejs
-	ynh_exec_warn_less ynh_npm install
-	ynh_exec_warn_less ynh_npm run build
+	ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm install
+	ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm run build
 popd
 
 #=================================================
@@ -155,6 +170,8 @@ then
 	ynh_permission_update --permission "main" --add "visitors"
 fi
 
+ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index dc4d988..5506f14 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -47,10 +47,17 @@ ynh_remove_systemd_config
 ynh_script_progression --message="Removing dependencies..." --weight=1
 
 # Remove metapackage and its dependencies
-#ynh_remove_app_dependencies
+ynh_remove_app_dependencies
 
 ynh_remove_nodejs
 
+#=================================================
+# REMOVE THE REDIS DATABASE
+#=================================================
+ynh_script_progression --message="Removing the Redis database..." --weight=1
+
+ynh_redis_remove_db "$redis_db"
+
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 058b9ab..70bad0f 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -77,7 +77,7 @@ chmod +x "$final_path/server/bin/prod.js"
 ynh_script_progression --message="Reinstalling dependencies..." --weight=7
 
 # Define and install dependencies
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
 
 # Install Nodejs
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
diff --git a/scripts/upgrade b/scripts/upgrade
index 6910e29..977ed44 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -103,7 +103,7 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Upgrading dependencies..." --weight=18
 
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
 
 # Install Nodejs
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
@@ -118,11 +118,16 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=16
 
+	#pushd "$final_path"
+	#	ynh_use_nodejs
+	#	ynh_exec_warn_less ynh_npm install
+	#	ynh_exec_warn_less ynh_npm run build
+	#popd
 	pushd "$final_path"
-		ynh_use_nodejs
-		ynh_exec_warn_less ynh_npm install
-		ynh_exec_warn_less ynh_npm run build
-	popd
+	ynh_use_nodejs
+	ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm install
+	ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm run build
+popd
 fi
 
 #=================================================