diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 40da90f9..a15a9c19 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -74,6 +74,9 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
# TLS options
tls {
issuer acme {
+ profile shortlived
+ # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
+ # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
disable_http_challenge
}
}
diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile
index b31f0361..f9d80bb4 100644
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.13
+FROM elasticsearch:8.19.14
USER root
diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile
index 8ba9f244..dfd86505 100644
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM golang:1.26.1-alpine3.23 AS go
+FROM golang:1.26.2-alpine3.23 AS go
ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile
index 0b4dd878..3dd2c9a4 100644
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# Docker CLI is a requirement
-FROM docker:29.3.0-cli AS docker
+FROM docker:29.4.0-cli AS docker
ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
@@ -11,7 +11,7 @@ RUN set -ex; \
/usr/bin/caddy list-modules
# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.4-fpm-alpine3.23
+FROM php:8.5.5-fpm-alpine3.23
EXPOSE 80
EXPOSE 8080
diff --git a/Containers/mastercontainer/acme.Caddyfile b/Containers/mastercontainer/acme.Caddyfile
index d217481d..0d5e84fe 100644
--- a/Containers/mastercontainer/acme.Caddyfile
+++ b/Containers/mastercontainer/acme.Caddyfile
@@ -46,6 +46,7 @@ https://:8443 {
tls {
on_demand
issuer acme {
+ profile shortlived
disable_tlsalpn_challenge
}
}
diff --git a/Containers/mastercontainer/internal.Caddyfile b/Containers/mastercontainer/internal.Caddyfile
index 934458b5..e1809f55 100644
--- a/Containers/mastercontainer/internal.Caddyfile
+++ b/Containers/mastercontainer/internal.Caddyfile
@@ -1,8 +1,11 @@
{
admin off
+ # auto_https will be handled manually in acme.Caddyfile
+ auto_https disable_redirects
+
storage file_system {
- root /mnt/docker-aio-config/caddy/
+ root /mnt/docker-aio-config/caddy-internal/
}
log {
diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index d2420f24..aaec638c 100644
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -364,6 +364,7 @@ fi
mkdir -p /mnt/docker-aio-config/data/
mkdir -p /mnt/docker-aio-config/session/
mkdir -p /mnt/docker-aio-config/caddy/
+mkdir -p /mnt/docker-aio-config/caddy-internal/
# Adjust permissions for all instances
chmod 770 -R /mnt/docker-aio-config
@@ -371,6 +372,7 @@ chmod 777 /mnt/docker-aio-config
chown www-data:www-data -R /mnt/docker-aio-config/data/
chown www-data:www-data -R /mnt/docker-aio-config/session/
chown www-data:www-data -R /mnt/docker-aio-config/caddy/
+chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/
print_green "Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile
index 8e66ff4a..419f7647 100644
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
ENV REDIS_DB_INDEX=0
# AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.6
+ENV NEXTCLOUD_VERSION=32.0.8
ENV AIO_TOKEN=123456
ENV AIO_URL=localhost
# AIO settings end # Do not remove or change this line!
diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile
index 02e9a612..862a592c 100644
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
# syntax=docker/dockerfile:latest
# From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.1-alpine
+FROM redis:8.6.2-alpine
COPY --chmod=775 start.sh /start.sh
diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile
index 7c9454c5..ef1fdb9d 100644
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
# syntax=docker/dockerfile:latest
-FROM nats:2.12.5-scratch AS nats
+FROM nats:2.12.6-scratch AS nats
FROM eturnal/eturnal:1.12.2-alpine AS eturnal
FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
FROM alpine:3.23.3 AS janus
diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile
index fea7e60e..b9d1a5e6 100644
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,13 +1,13 @@
# syntax=docker/dockerfile:latest
-FROM golang:1.26.1-alpine3.23 AS go
+FROM golang:1.26.2-alpine3.23 AS go
-ENV WATCHTOWER_COMMIT_HASH=5a33e3c0aa3b2770c648a114b4a9d32e0a5b55ba
+ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3
RUN set -ex; \
apk upgrade --no-cache -a; \
apk add --no-cache \
build-base; \
- go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.4
+ go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.16.1
FROM alpine:3.23.3
diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md
index 3284decc..5ada3738 100644
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -16,7 +16,8 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
- If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
- If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
-- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
+- You can add your own Caddy configurations in the folder `nextcloud-aio-caddy/caddy-imports` in the files app of the default `admin` user. You need to create that folder manually. These will be imported on container startup.
+- You can alternatively add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server use the previous option or run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
- If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy
diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json
index e5bf74b8..5324af08 100644
--- a/community-containers/nextcloud-exporter/nextcloud-exporter.json
+++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json
@@ -5,7 +5,7 @@
"display_name": "Prometheus Nextcloud Exporter",
"documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter",
"image": "ghcr.io/xperimental/nextcloud-exporter",
- "image_tag": "0.9.0",
+ "image_tag": "0.9.1",
"internal_port": "9205",
"restart": "unless-stopped",
"ports": [
diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json
index d095eb7a..82a1edfa 100644
--- a/community-containers/smbserver/smbserver.json
+++ b/community-containers/smbserver/smbserver.json
@@ -54,6 +54,9 @@
"ui_secret": "SMBSERVER_PASSWORD",
"backup_volumes": [
"nextcloud_aio_smbserver"
+ ],
+ "nextcloud_exec_commands": [
+ "php /var/www/html/occ config:system:set filesystem_check_changes --value=1 --type=integer"
]
}
]
diff --git a/docker-rootless.md b/docker-rootless.md
index f77b4a54..95b2594a 100644
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
1. ⚠️ **Important:** Please read through all notes below!
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index 0c9f29a2..c6b81f16 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -249,8 +249,8 @@ services:
expose:
- "9980"
environment:
- - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973
- - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+ - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
+ - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- dictionaries=${COLLABORA_DICTIONARIES}
- TZ=${TIMEZONE}
- server_name=${NC_DOMAIN}
@@ -259,7 +259,6 @@ services:
profiles:
- collabora
cap_add:
- - MKNOD
- SYS_ADMIN
- SYS_CHROOT
- FOWNER
@@ -283,6 +282,8 @@ services:
- ${TALK_PORT}:${TALK_PORT}/udp
expose:
- "8081"
+ volumes:
+ - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
environment:
- NC_DOMAIN
- TALK_HOST=nextcloud-aio-talk
diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml
index ea90ecf6..6ac4bfc6 100755
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
name: nextcloud-aio-helm-chart
description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.8.0
+version: 12.9.2
apiVersion: v2
keywords:
- latest
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 1d3d43f3..2d768356 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -63,7 +63,7 @@ spec:
value: "{{ .Values.TIMEZONE }}"
- name: WHITEBOARD_HOST
value: nextcloud-aio-whiteboard
- image: ghcr.io/nextcloud-releases/aio-apache:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index 6fec4b18..fa7f0ede 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
{{- end }}
initContainers:
- name: init-subpath
- image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
command:
- mkdir
- "-p"
@@ -59,7 +59,7 @@ spec:
value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-clamav:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index 18529634..9d6a1fc1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -28,17 +28,17 @@ spec:
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- name: aliasgroup1
- value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973
+ value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
- name: dictionaries
value: "{{ .Values.COLLABORA_DICTIONARIES }}"
- name: extra_params
- value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+ value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
- name: server_name
value: "{{ .Values.NC_DOMAIN }}"
{{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
- image: ghcr.io/nextcloud-releases/aio-collabora-online:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
{{- else }}
- image: ghcr.io/nextcloud-releases/aio-collabora:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
{{- end }}
readinessProbe:
exec:
@@ -63,7 +63,6 @@ spec:
securityContext:
capabilities:
add:
- - MKNOD
- CAP_SYS_ADMIN
- SYS_CHROOT
- FOWNER
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
index a98758e9..31c036fc 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
{{- end }}
initContainers:
- name: init-subpath
- image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
command:
- mkdir
- "-p"
@@ -64,7 +64,7 @@ spec:
value: nextcloud
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-postgresql:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index ec8e00fa..f673e183 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
spec:
initContainers:
- name: init-volumes
- image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
command:
- chmod
- "777"
@@ -54,7 +54,7 @@ spec:
value: basic
- name: xpack.security.enabled
value: "false"
- image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index bb1368ae..baf4b7a0 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
value: "{{ .Values.IMAGINARY_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-imaginary:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index f3cb647b..1e502637 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
# AIO settings start # Do not remove or change this line!
initContainers:
- name: init-volumes
- image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
command:
- chmod
- "777"
@@ -190,7 +190,7 @@ spec:
value: "{{ .Values.WHITEBOARD_ENABLED }}"
- name: WHITEBOARD_SECRET
value: "{{ .Values.WHITEBOARD_SECRET }}"
- image: ghcr.io/nextcloud-releases/aio-nextcloud:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
{{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
securityContext:
# The items below only work in container context
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
index ff901710..9ae0e0f1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -39,7 +39,7 @@ spec:
value: nextcloud-aio-nextcloud
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-notify-push:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index a5d1e719..1ee11003 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
spec:
initContainers:
- name: init-volumes
- image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
command:
- chmod
- "777"
@@ -42,7 +42,7 @@ spec:
value: "{{ .Values.ONLYOFFICE_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 1733f31c..02fbb7b1 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
value: "{{ .Values.REDIS_PASSWORD }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-redis:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index f5dc967c..41082f80 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -13,6 +13,8 @@ spec:
selector:
matchLabels:
io.kompose.service: nextcloud-aio-talk
+ strategy:
+ type: Recreate
template:
metadata:
annotations:
@@ -52,7 +54,7 @@ spec:
value: "{{ .Values.TURN_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-talk:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
readinessProbe:
exec:
command:
@@ -84,4 +86,12 @@ spec:
{{- else }}
drop: ["NET_RAW"]
{{- end }}
+ volumeMounts:
+ - mountPath: /usr/local/share/ca-certificates
+ name: nextcloud-aio-nextcloud-trusted-cacerts
+ readOnly: true
+ volumes:
+ - name: nextcloud-aio-nextcloud-trusted-cacerts
+ persistentVolumeClaim:
+ claimName: nextcloud-aio-nextcloud-trusted-cacerts
{{- end }}
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
index 2fee7719..301a3b02 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
value: "{{ .Values.RECORDING_SECRET }}"
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-talk-recording:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
readinessProbe:
exec:
command:
diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
index 55646dd4..cfe316e6 100755
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -50,7 +50,7 @@ spec:
value: redis
- name: TZ
value: "{{ .Values.TIMEZONE }}"
- image: ghcr.io/nextcloud-releases/aio-whiteboard:20260306_081319
+ image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
readinessProbe:
exec:
command:
diff --git a/php/composer.lock b/php/composer.lock
index 978e89a8..3da2d703 100644
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -448,16 +448,16 @@
},
{
"name": "laravel/serializable-closure",
- "version": "v2.0.10",
+ "version": "v2.0.11",
"source": {
"type": "git",
"url": "https://github.com/laravel/serializable-closure.git",
- "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669"
+ "reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/870fc81d2f879903dfc5b60bf8a0f94a1609e669",
- "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669",
+ "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d1af40ac4a6ccc12bd062a7184f63c9995a63bdd",
+ "reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd",
"shasum": ""
},
"require": {
@@ -505,7 +505,7 @@
"issues": "https://github.com/laravel/serializable-closure/issues",
"source": "https://github.com/laravel/serializable-closure"
},
- "time": "2026-02-20T19:59:49+00:00"
+ "time": "2026-04-07T13:32:18+00:00"
},
{
"name": "nikic/fast-route",
@@ -2453,24 +2453,27 @@
},
{
"name": "amphp/serialization",
- "version": "v1.0.0",
+ "version": "v1.1.0",
"source": {
"type": "git",
"url": "https://github.com/amphp/serialization.git",
- "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1"
+ "reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/amphp/serialization/zipball/693e77b2fb0b266c3c7d622317f881de44ae94a1",
- "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1",
+ "url": "https://api.github.com/repos/amphp/serialization/zipball/fdf2834d78cebb0205fb2672676c1b1eb84371f0",
+ "reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0",
"shasum": ""
},
"require": {
- "php": ">=7.1"
+ "php": ">=7.4"
},
"require-dev": {
- "amphp/php-cs-fixer-config": "dev-master",
- "phpunit/phpunit": "^9 || ^8 || ^7"
+ "amphp/php-cs-fixer-config": "^2",
+ "ext-json": "*",
+ "ext-zlib": "*",
+ "phpunit/phpunit": "^9",
+ "psalm/phar": "6.16.1"
},
"type": "library",
"autoload": {
@@ -2505,9 +2508,15 @@
],
"support": {
"issues": "https://github.com/amphp/serialization/issues",
- "source": "https://github.com/amphp/serialization/tree/master"
+ "source": "https://github.com/amphp/serialization/tree/v1.1.0"
},
- "time": "2020-03-25T21:39:07+00:00"
+ "funding": [
+ {
+ "url": "https://github.com/amphp",
+ "type": "github"
+ }
+ ],
+ "time": "2026-04-05T15:59:53+00:00"
},
{
"name": "amphp/socket",
@@ -3834,16 +3843,16 @@
},
{
"name": "sebastian/diff",
- "version": "8.0.0",
+ "version": "8.1.0",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/diff.git",
- "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3"
+ "reference": "9c957d730257f49c873f3761674559bd90098a7d"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
- "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3",
+ "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
+ "reference": "9c957d730257f49c873f3761674559bd90098a7d",
"shasum": ""
},
"require": {
@@ -3856,7 +3865,7 @@
"type": "library",
"extra": {
"branch-alias": {
- "dev-main": "8.0-dev"
+ "dev-main": "8.1-dev"
}
},
"autoload": {
@@ -3889,7 +3898,7 @@
"support": {
"issues": "https://github.com/sebastianbergmann/diff/issues",
"security": "https://github.com/sebastianbergmann/diff/security/policy",
- "source": "https://github.com/sebastianbergmann/diff/tree/8.0.0"
+ "source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
},
"funding": [
{
@@ -3909,7 +3918,7 @@
"type": "tidelift"
}
],
- "time": "2026-02-06T04:42:27+00:00"
+ "time": "2026-04-05T12:02:33+00:00"
},
{
"name": "spatie/array-to-xml",
@@ -4039,16 +4048,16 @@
},
{
"name": "symfony/console",
- "version": "v6.4.35",
+ "version": "v6.4.36",
"source": {
"type": "git",
"url": "https://github.com/symfony/console.git",
- "reference": "49257c96304c508223815ee965c251e7c79e614e"
+ "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
- "reference": "49257c96304c508223815ee965c251e7c79e614e",
+ "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+ "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
"shasum": ""
},
"require": {
@@ -4113,7 +4122,7 @@
"terminal"
],
"support": {
- "source": "https://github.com/symfony/console/tree/v6.4.35"
+ "source": "https://github.com/symfony/console/tree/v6.4.36"
},
"funding": [
{
@@ -4133,20 +4142,20 @@
"type": "tidelift"
}
],
- "time": "2026-03-06T13:31:08+00:00"
+ "time": "2026-03-27T15:30:51+00:00"
},
{
"name": "symfony/filesystem",
- "version": "v8.0.6",
+ "version": "v8.0.8",
"source": {
"type": "git",
"url": "https://github.com/symfony/filesystem.git",
- "reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
+ "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
- "reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
+ "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
+ "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
"shasum": ""
},
"require": {
@@ -4183,7 +4192,7 @@
"description": "Provides basic utilities for the filesystem",
"homepage": "https://symfony.com",
"support": {
- "source": "https://github.com/symfony/filesystem/tree/v8.0.6"
+ "source": "https://github.com/symfony/filesystem/tree/v8.0.8"
},
"funding": [
{
@@ -4203,7 +4212,7 @@
"type": "tidelift"
}
],
- "time": "2026-02-25T16:59:43+00:00"
+ "time": "2026-03-30T15:14:47+00:00"
},
{
"name": "symfony/finder",
@@ -4609,16 +4618,16 @@
},
{
"name": "symfony/string",
- "version": "v7.4.6",
+ "version": "v7.4.8",
"source": {
"type": "git",
"url": "https://github.com/symfony/string.git",
- "reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
+ "reference": "114ac57257d75df748eda23dd003878080b8e688"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
- "reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
+ "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
+ "reference": "114ac57257d75df748eda23dd003878080b8e688",
"shasum": ""
},
"require": {
@@ -4676,7 +4685,7 @@
"utf8"
],
"support": {
- "source": "https://github.com/symfony/string/tree/v7.4.6"
+ "source": "https://github.com/symfony/string/tree/v7.4.8"
},
"funding": [
{
@@ -4696,7 +4705,7 @@
"type": "tidelift"
}
],
- "time": "2026-02-09T09:33:46+00:00"
+ "time": "2026-03-24T13:12:05+00:00"
},
{
"name": "vimeo/psalm",
@@ -4885,16 +4894,16 @@
},
{
"name": "webmozart/assert",
- "version": "2.1.6",
+ "version": "2.2.0",
"source": {
"type": "git",
"url": "https://github.com/webmozarts/assert.git",
- "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8"
+ "reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/webmozarts/assert/zipball/ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
- "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
+ "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b99650e7ffcad232624a260bc7fbdec2ffc407c",
+ "reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c",
"shasum": ""
},
"require": {
@@ -4941,9 +4950,9 @@
],
"support": {
"issues": "https://github.com/webmozarts/assert/issues",
- "source": "https://github.com/webmozarts/assert/tree/2.1.6"
+ "source": "https://github.com/webmozarts/assert/tree/2.2.0"
},
- "time": "2026-02-27T10:28:38+00:00"
+ "time": "2026-04-09T16:54:47+00:00"
}
],
"aliases": [],
diff --git a/php/public/automatic_reload.js b/php/public/automatic_reload.js
index 7b14a3c4..20a2bc32 100644
--- a/php/public/automatic_reload.js
+++ b/php/public/automatic_reload.js
@@ -1,4 +1,4 @@
-document.addEventListener("DOMContentLoaded", function(event) {
+window.addEventListener("load", function(event) {
if (document.hasFocus()) {
// hide reload button if the site reloads automatically
let list = document.getElementsByClassName("reload button");
@@ -9,7 +9,7 @@ document.addEventListener("DOMContentLoaded", function(event) {
// set timeout for reload
setTimeout(function(){
- window.location.reload(1);
+ window.location.reload(true);
}, 5000);
} else {
window.addEventListener("beforeunload", function() {
diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js
index 1c33c4f2..778430cb 100644
--- a/php/public/containers-form-submit.js
+++ b/php/public/containers-form-submit.js
@@ -121,10 +121,8 @@ document.addEventListener("DOMContentLoaded", function () {
function handleDockerSocketProxyWarning() {
if (document.getElementById("docker-socket-proxy").checked) {
- // TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included
- alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
- // alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
- // document.getElementById("docker-socket-proxy").checked = false
+ alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
+ document.getElementById("docker-socket-proxy").checked = false
}
}
diff --git a/php/public/forms.js b/php/public/forms.js
index 6b982b0d..46cde081 100644
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -36,11 +36,11 @@ function showPassword(id) {
showError("Server error. Please check the mastercontainer logs for details. This page will reload after 10s automatically. Then you can check the mastercontainer logs.");
// Reload after 10s since it is expected that the updated view is shown (e.g. after starting containers)
setTimeout(function(){
- window.location.reload(1);
+ window.location.reload(true);
}, 10000);
} else {
// If the responose is not one of the above, we should reload to show the latest content
- window.location.reload(1);
+ window.location.reload(true);
}
}
@@ -84,7 +84,7 @@ function showPassword(id) {
document.getElementById('overlay-log')?.classList.add('visible');
// Reload the page after the response was fully loaded into the iframe.
document.querySelector('iframe[name="overlay-log"]').addEventListener('load', () => {
- location.reload();
+ location.reload(true);
});
};
}
diff --git a/php/public/log-view.js b/php/public/log-view.js
index 992aa7dd..4814ea8e 100644
--- a/php/public/log-view.js
+++ b/php/public/log-view.js
@@ -96,7 +96,7 @@ class LogViewer {
}
scrollToBottom() {
- window.scrollTo(0, document.body.scrollHeight);
+ this.logElem.scrollTop = this.logElem.scrollHeight;
}
initAutoloadingControls() {
diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php
index c2c0c7ac..e2ff98dc 100644
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -26,6 +26,7 @@ readonly class AuthManager {
public function SetAuthState(bool $isLoggedIn) : void {
if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+ session_regenerate_id(true);
$date = new DateTime();
$dateTime = $date->getTimestamp();
$_SESSION['date_time'] = $dateTime;
diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index a90bde26..d37a2210 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -28,6 +28,9 @@ readonly class LoginController {
return $response->withHeader('Location', '.')->withStatus(201);
}
+ // Punish failed auth attempts with a delay, as a very simple means against bots.
+ sleep(5);
+
$response->getBody()->write("The password is incorrect.");
return $response->withHeader('Location', '.')->withStatus(422);
}
@@ -39,6 +42,9 @@ readonly class LoginController {
return $response->withHeader('Location', '../..')->withStatus(302);
}
+ // Punish failed auth attempts with a delay, as a very simple means against bots.
+ sleep(5);
+
return $response->withHeader('Location', '../..')->withStatus(302);
}
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 4b23f746..30bcff98 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -657,7 +657,7 @@ class ConfigurationManager
throw new InvalidSettingConfigurationException("Please enter your current password.");
}
- if ($currentPassword !== $this->password) {
+ if (!hash_equals($this->password, $currentPassword)) {
throw new InvalidSettingConfigurationException("The entered current password is not correct.");
}
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index a68ed9e3..e2bac690 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -27,7 +27,7 @@
{# js for optional containers and additional containers forms #}
-
+
{% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
@@ -636,7 +636,7 @@
{% endif %}
{% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
-
+
{% else %}
{% endif %}
diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig
index d581945c..9db21723 100644
--- a/php/templates/includes/aio-version.twig
+++ b/php/templates/includes/aio-version.twig
@@ -1 +1 @@
-12.9.0
+12.9.2
diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig
index 785cefe2..1bec7f17 100644
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -198,7 +198,6 @@
>
Docker Socket Proxy (needed for Nextcloud App API ) ⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!
-{#
HaRP (High-availability Reverse Proxy for Nextcloud ExApps)
-#}
diff --git a/readme.md b/readme.md
index a1c7e17b..771e1f1b 100644
--- a/readme.md
+++ b/readme.md
@@ -151,7 +151,7 @@ sudo docker run \
- `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.
- `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.
- `--restart always` — ensures the container restarts automatically with the Docker daemon.
- - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.
+ - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
- `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).
- `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.
- `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.
@@ -703,7 +703,7 @@ Simply run the following command: `sudo docker exec --user www-data nextcloud-ai
See [multiple-instances.md](./multiple-instances.md) for some documentation on this.
### Bruteforce protection FAQ
-Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
+Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html#security-commands-label for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
### How to switch the channel?
You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image.