From 387b39099f648c84da3d383ec1c902f4d7fd73ff Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Mon, 23 Mar 2026 13:37:43 +0100 Subject: [PATCH 01/39] Fix log viewer on small screens Previously it showed a lot of white space at the bottom, and the floating box didn't stick. Both is now fixed. AI-assistant: Copilot v1.0.7 (Claude Sonnet 4.6) Signed-off-by: Pablo Zmdl --- php/public/log-view.js | 2 +- php/templates/log.twig | 18 ++++++++++++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/php/public/log-view.js b/php/public/log-view.js index 992aa7dd..4814ea8e 100644 --- a/php/public/log-view.js +++ b/php/public/log-view.js @@ -96,7 +96,7 @@ class LogViewer { } scrollToBottom() { - window.scrollTo(0, document.body.scrollHeight); + this.logElem.scrollTop = this.logElem.scrollHeight; } initAutoloadingControls() { diff --git a/php/templates/log.twig b/php/templates/log.twig index 2fe3b1ce..d1d3f787 100644 --- a/php/templates/log.twig +++ b/php/templates/log.twig @@ -3,15 +3,25 @@ - +
From ee41f1814f2c3d06de2bc9b1e2da3ede0e2bb3d0 Mon Sep 17 00:00:00 2001 From: Daniel Hartmann <60435198+hartmann-daniel@users.noreply.github.com> Date: Tue, 24 Mar 2026 23:18:02 +0100 Subject: [PATCH 03/39] Update smbserver.json Activate filesystem_check_changes https://github.com/szaimen/aio-smbserver/issues/27 Signed-off-by: Daniel Hartmann <60435198+hartmann-daniel@users.noreply.github.com> --- community-containers/smbserver/smbserver.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/community-containers/smbserver/smbserver.json b/community-containers/smbserver/smbserver.json index d095eb7a..82a1edfa 100644 --- a/community-containers/smbserver/smbserver.json +++ b/community-containers/smbserver/smbserver.json @@ -54,6 +54,9 @@ "ui_secret": "SMBSERVER_PASSWORD", "backup_volumes": [ "nextcloud_aio_smbserver" + ], + "nextcloud_exec_commands": [ + "php /var/www/html/occ config:system:set filesystem_check_changes --value=1 --type=integer" ] } ] From 188f0f89a04d45e71ba8b1a45f98d5aa96b1225e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 04:07:47 +0000 Subject: [PATCH 04/39] build(deps): bump redis in /Containers/redis Bumps redis from 8.6.1-alpine to 8.6.2-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 8.6.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/redis/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/redis/Dockerfile b/Containers/redis/Dockerfile index 02e9a612..862a592c 100644 --- a/Containers/redis/Dockerfile +++ b/Containers/redis/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile -FROM redis:8.6.1-alpine +FROM redis:8.6.2-alpine COPY --chmod=775 start.sh /start.sh From 3838c498348aa0c013e980475bb82afbb9c548ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 04:08:02 +0000 Subject: [PATCH 05/39] build(deps): bump nats in /Containers/talk Bumps nats from 2.12.5-scratch to 2.12.6-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.6-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/talk/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/talk/Dockerfile b/Containers/talk/Dockerfile index 7c9454c5..ef1fdb9d 100644 --- a/Containers/talk/Dockerfile +++ b/Containers/talk/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM nats:2.12.5-scratch AS nats +FROM nats:2.12.6-scratch AS nats FROM eturnal/eturnal:1.12.2-alpine AS eturnal FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling FROM alpine:3.23.3 AS janus From cfea3ef7e64c161655c5b6c618c4712ca3421ddf Mon Sep 17 00:00:00 2001 From: SomeMichael <43578183+SomeMichael@users.noreply.github.com> Date: Wed, 25 Mar 2026 19:43:22 +0100 Subject: [PATCH 06/39] Update Docker rootless documentation Updated exposing privileged ports link Signed-off-by: SomeMichael <43578183+SomeMichael@users.noreply.github.com> --- docker-rootless.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-rootless.md b/docker-rootless.md index f77b4a54..95b2594a 100644 --- a/docker-rootless.md +++ b/docker-rootless.md @@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below. 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md. 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown! 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot. -1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver). +1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver). 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`. 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3. 1. ⚠️ **Important:** Please read through all notes below! From 4ac496b89c5b97697b68c9adb7d50396857784f5 Mon Sep 17 00:00:00 2001 From: Zoey Date: Wed, 25 Mar 2026 20:48:21 +0100 Subject: [PATCH 07/39] change default acme profile (1/2) Signed-off-by: Zoey --- Containers/apache/Caddyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index 40da90f9..d1261268 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -74,6 +74,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req # TLS options tls { issuer acme { + profile shortlived disable_http_challenge } } From b578322d160042ae8f1b38ac49b32755b7868333 Mon Sep 17 00:00:00 2001 From: Zoey Date: Wed, 25 Mar 2026 20:49:05 +0100 Subject: [PATCH 08/39] change default acme profile (2/2) Signed-off-by: Zoey --- Containers/mastercontainer/acme.Caddyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/mastercontainer/acme.Caddyfile b/Containers/mastercontainer/acme.Caddyfile index d217481d..0d5e84fe 100644 --- a/Containers/mastercontainer/acme.Caddyfile +++ b/Containers/mastercontainer/acme.Caddyfile @@ -46,6 +46,7 @@ https://:8443 { tls { on_demand issuer acme { + profile shortlived disable_tlsalpn_challenge } } From bc9817873c0c059bc4847f966901900e14532e31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Mar 2026 04:07:17 +0000 Subject: [PATCH 09/39] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.3.0-cli to 29.3.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.3.1-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 0b4dd878..90e615e4 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.3.0-cli AS docker +FROM docker:29.3.1-cli AS docker ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276 From 960fe801df555aafc320b66beafa65849cfd50c0 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 27 Mar 2026 12:16:30 +0000 Subject: [PATCH 10/39] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 8e66ff4a..716af3b6 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=32.0.6 +ENV NEXTCLOUD_VERSION=32.0.7 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 75e18bb40a7f8c89cb2600a7104cb249cdd4a232 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Fri, 27 Mar 2026 13:20:11 +0100 Subject: [PATCH 11/39] aio-interface: make Harp visible again Signed-off-by: Simon L. --- php/public/containers-form-submit.js | 6 ++---- php/templates/containers.twig | 2 +- php/templates/includes/optional-containers.twig | 2 -- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/php/public/containers-form-submit.js b/php/public/containers-form-submit.js index 1c33c4f2..778430cb 100644 --- a/php/public/containers-form-submit.js +++ b/php/public/containers-form-submit.js @@ -121,10 +121,8 @@ document.addEventListener("DOMContentLoaded", function () { function handleDockerSocketProxyWarning() { if (document.getElementById("docker-socket-proxy").checked) { - // TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included - alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!'); - // alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!'); - // document.getElementById("docker-socket-proxy").checked = false + alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!'); + document.getElementById("docker-socket-proxy").checked = false } } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 4aa6c48f..eb6120d1 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -27,7 +27,7 @@ {# js for optional containers and additional containers forms #} - + {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %} {% set isAnyRunning = false %} diff --git a/php/templates/includes/optional-containers.twig b/php/templates/includes/optional-containers.twig index 980d8d0b..08f98634 100644 --- a/php/templates/includes/optional-containers.twig +++ b/php/templates/includes/optional-containers.twig @@ -198,7 +198,6 @@ >

-{#

-#}

Date: Fri, 27 Mar 2026 13:32:11 +0100 Subject: [PATCH 12/39] increase to 12.9.1 Signed-off-by: Simon L. --- php/templates/includes/aio-version.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index d581945c..791e0253 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1 @@ -12.9.0 +12.9.1 From f9e6339044f43e404516080af2186d9f1f48f28d Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 31 Mar 2026 23:54:56 +0200 Subject: [PATCH 13/39] Regenerate session id on login to avoid session fixation attacks AI-assistant: Copilot v1.0.7 (Claude Opus 4.6) Signed-off-by: Pablo Zmdl --- php/src/Auth/AuthManager.php | 1 + 1 file changed, 1 insertion(+) diff --git a/php/src/Auth/AuthManager.php b/php/src/Auth/AuthManager.php index c2c0c7ac..e2ff98dc 100644 --- a/php/src/Auth/AuthManager.php +++ b/php/src/Auth/AuthManager.php @@ -26,6 +26,7 @@ readonly class AuthManager { public function SetAuthState(bool $isLoggedIn) : void { if (!$this->IsAuthenticated() && $isLoggedIn === true) { + session_regenerate_id(true); $date = new DateTime(); $dateTime = $date->getTimestamp(); $_SESSION['date_time'] = $dateTime; From 2a7c68624724143884cc949338cacb95d238e317 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 31 Mar 2026 23:56:03 +0200 Subject: [PATCH 14/39] Use timeing-safe password comparison AI-assistant: Copilot v1.0.7 (Claude Opus 4.6) Signed-off-by: Pablo Zmdl --- php/src/Data/ConfigurationManager.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index 4b23f746..30bcff98 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -657,7 +657,7 @@ class ConfigurationManager throw new InvalidSettingConfigurationException("Please enter your current password."); } - if ($currentPassword !== $this->password) { + if (!hash_equals($this->password, $currentPassword)) { throw new InvalidSettingConfigurationException("The entered current password is not correct."); } From 3586dbedb0e4f9f7b48b928691161a149e474314 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 1 Apr 2026 12:14:25 +0000 Subject: [PATCH 15/39] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index 978e89a8..c32b4a9d 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4039,16 +4039,16 @@ }, { "name": "symfony/console", - "version": "v6.4.35", + "version": "v6.4.36", "source": { "type": "git", "url": "https://github.com/symfony/console.git", - "reference": "49257c96304c508223815ee965c251e7c79e614e" + "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e", - "reference": "49257c96304c508223815ee965c251e7c79e614e", + "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5", + "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5", "shasum": "" }, "require": { @@ -4113,7 +4113,7 @@ "terminal" ], "support": { - "source": "https://github.com/symfony/console/tree/v6.4.35" + "source": "https://github.com/symfony/console/tree/v6.4.36" }, "funding": [ { @@ -4133,20 +4133,20 @@ "type": "tidelift" } ], - "time": "2026-03-06T13:31:08+00:00" + "time": "2026-03-27T15:30:51+00:00" }, { "name": "symfony/filesystem", - "version": "v8.0.6", + "version": "v8.0.8", "source": { "type": "git", "url": "https://github.com/symfony/filesystem.git", - "reference": "7bf9162d7a0dff98d079b72948508fa48018a770" + "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770", - "reference": "7bf9162d7a0dff98d079b72948508fa48018a770", + "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a", + "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a", "shasum": "" }, "require": { @@ -4183,7 +4183,7 @@ "description": "Provides basic utilities for the filesystem", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/filesystem/tree/v8.0.6" + "source": "https://github.com/symfony/filesystem/tree/v8.0.8" }, "funding": [ { @@ -4203,7 +4203,7 @@ "type": "tidelift" } ], - "time": "2026-02-25T16:59:43+00:00" + "time": "2026-03-30T15:14:47+00:00" }, { "name": "symfony/finder", @@ -4609,16 +4609,16 @@ }, { "name": "symfony/string", - "version": "v7.4.6", + "version": "v7.4.8", "source": { "type": "git", "url": "https://github.com/symfony/string.git", - "reference": "9f209231affa85aa930a5e46e6eb03381424b30b" + "reference": "114ac57257d75df748eda23dd003878080b8e688" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b", - "reference": "9f209231affa85aa930a5e46e6eb03381424b30b", + "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688", + "reference": "114ac57257d75df748eda23dd003878080b8e688", "shasum": "" }, "require": { @@ -4676,7 +4676,7 @@ "utf8" ], "support": { - "source": "https://github.com/symfony/string/tree/v7.4.6" + "source": "https://github.com/symfony/string/tree/v7.4.8" }, "funding": [ { @@ -4696,7 +4696,7 @@ "type": "tidelift" } ], - "time": "2026-02-09T09:33:46+00:00" + "time": "2026-03-24T13:12:05+00:00" }, { "name": "vimeo/psalm", From 1d2149241d185f33a19ba39a77111555b6faf71f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 2 Apr 2026 09:45:31 +0200 Subject: [PATCH 16/39] readme: clarify for which use case port 80 is used Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index a1c7e17b..26b66291 100644 --- a/readme.md +++ b/readme.md @@ -151,7 +151,7 @@ sudo docker run \ - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container. - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it. - `--restart always` — ensures the container restarts automatically with the Docker daemon. - - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy. + - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy. - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`). - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy. - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it. From af9e983b049856308f6ea8a41c2542c209d27081 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 2 Apr 2026 10:01:03 +0200 Subject: [PATCH 17/39] caddy-internal: adjust to different root path to separate from the acme caddy Signed-off-by: Simon L. --- Containers/mastercontainer/internal.Caddyfile | 2 +- Containers/mastercontainer/start.sh | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Containers/mastercontainer/internal.Caddyfile b/Containers/mastercontainer/internal.Caddyfile index 934458b5..c96b244c 100644 --- a/Containers/mastercontainer/internal.Caddyfile +++ b/Containers/mastercontainer/internal.Caddyfile @@ -2,7 +2,7 @@ admin off storage file_system { - root /mnt/docker-aio-config/caddy/ + root /mnt/docker-aio-config/caddy-internal/ } log { diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index d2420f24..aaec638c 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -364,6 +364,7 @@ fi mkdir -p /mnt/docker-aio-config/data/ mkdir -p /mnt/docker-aio-config/session/ mkdir -p /mnt/docker-aio-config/caddy/ +mkdir -p /mnt/docker-aio-config/caddy-internal/ # Adjust permissions for all instances chmod 770 -R /mnt/docker-aio-config @@ -371,6 +372,7 @@ chmod 777 /mnt/docker-aio-config chown www-data:www-data -R /mnt/docker-aio-config/data/ chown www-data:www-data -R /mnt/docker-aio-config/session/ chown www-data:www-data -R /mnt/docker-aio-config/caddy/ +chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/ print_green "Initial startup of Nextcloud All-in-One complete! You should be able to open the Nextcloud AIO Interface now on port 8080 of this server! From a85641ceb9c1f2b515899a3a41d9bb48cd3bb156 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 2 Apr 2026 11:19:39 +0000 Subject: [PATCH 18/39] nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/nextcloud/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/nextcloud/Dockerfile b/Containers/nextcloud/Dockerfile index 716af3b6..419f7647 100644 --- a/Containers/nextcloud/Dockerfile +++ b/Containers/nextcloud/Dockerfile @@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud ENV REDIS_DB_INDEX=0 # AIO settings start # Do not remove or change this line! -ENV NEXTCLOUD_VERSION=32.0.7 +ENV NEXTCLOUD_VERSION=32.0.8 ENV AIO_TOKEN=123456 ENV AIO_URL=localhost # AIO settings end # Do not remove or change this line! From 41c677abd95488634468e75e3f9eb179dd742286 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 2 Apr 2026 13:50:47 +0200 Subject: [PATCH 19/39] internal.Caddyfile: disable auto redirects Signed-off-by: Simon L. --- Containers/mastercontainer/internal.Caddyfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Containers/mastercontainer/internal.Caddyfile b/Containers/mastercontainer/internal.Caddyfile index c96b244c..e1809f55 100644 --- a/Containers/mastercontainer/internal.Caddyfile +++ b/Containers/mastercontainer/internal.Caddyfile @@ -1,6 +1,9 @@ { admin off + # auto_https will be handled manually in acme.Caddyfile + auto_https disable_redirects + storage file_system { root /mnt/docker-aio-config/caddy-internal/ } From 7a9bab57766d66e40b9cb891532f195ea25aa55f Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Thu, 2 Apr 2026 14:06:39 +0200 Subject: [PATCH 20/39] aio-interface: fix page not automatic reloading after container starting progress spinner Signed-off-by: Simon L. --- php/public/automatic_reload.js | 2 +- php/templates/containers.twig | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/php/public/automatic_reload.js b/php/public/automatic_reload.js index 7b14a3c4..0381345d 100644 --- a/php/public/automatic_reload.js +++ b/php/public/automatic_reload.js @@ -1,4 +1,4 @@ -document.addEventListener("DOMContentLoaded", function(event) { +window.addEventListener("load", function(event) { if (document.hasFocus()) { // hide reload button if the site reloads automatically let list = document.getElementsByClassName("reload button"); diff --git a/php/templates/containers.twig b/php/templates/containers.twig index eb6120d1..169c5fb5 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -635,7 +635,7 @@ {% endif %} {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %} - + {% else %} {% endif %} From 0bad0849c194b623c16caa0651d42182cda1354a Mon Sep 17 00:00:00 2001 From: Alan Savage <3028205+asavageiv@users.noreply.github.com> Date: Thu, 2 Apr 2026 10:28:18 -0700 Subject: [PATCH 21/39] Avoid `Resend` popups on Firefox on start/stop containers Use `location.reload(true)` instead of `reload` or `reload(1)` to ensure we use a GET request. See also: https://stackoverflow.com/a/41122753 https://developer.mozilla.org/en-US/docs/Web/API/Location/reload#forceget Fixes #7850 Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com> --- php/public/automatic_reload.js | 2 +- php/public/forms.js | 6 +++--- php/templates/containers.twig | 2 +- php/templates/layout.twig | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/php/public/automatic_reload.js b/php/public/automatic_reload.js index 0381345d..20a2bc32 100644 --- a/php/public/automatic_reload.js +++ b/php/public/automatic_reload.js @@ -9,7 +9,7 @@ window.addEventListener("load", function(event) { // set timeout for reload setTimeout(function(){ - window.location.reload(1); + window.location.reload(true); }, 5000); } else { window.addEventListener("beforeunload", function() { diff --git a/php/public/forms.js b/php/public/forms.js index 6b982b0d..46cde081 100644 --- a/php/public/forms.js +++ b/php/public/forms.js @@ -36,11 +36,11 @@ function showPassword(id) { showError("Server error. Please check the mastercontainer logs for details. This page will reload after 10s automatically. Then you can check the mastercontainer logs."); // Reload after 10s since it is expected that the updated view is shown (e.g. after starting containers) setTimeout(function(){ - window.location.reload(1); + window.location.reload(true); }, 10000); } else { // If the responose is not one of the above, we should reload to show the latest content - window.location.reload(1); + window.location.reload(true); } } @@ -84,7 +84,7 @@ function showPassword(id) { document.getElementById('overlay-log')?.classList.add('visible'); // Reload the page after the response was fully loaded into the iframe. document.querySelector('iframe[name="overlay-log"]').addEventListener('load', () => { - location.reload(); + location.reload(true); }); }; } diff --git a/php/templates/containers.twig b/php/templates/containers.twig index 169c5fb5..73c3446d 100644 --- a/php/templates/containers.twig +++ b/php/templates/containers.twig @@ -635,7 +635,7 @@ {% endif %} {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %} - + {% else %} {% endif %} diff --git a/php/templates/layout.twig b/php/templates/layout.twig index 39f8f45b..ab3095c4 100644 --- a/php/templates/layout.twig +++ b/php/templates/layout.twig @@ -3,7 +3,7 @@ AIO - + From b9b622755bbfa3e8ef9959d325359638cf535303 Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Tue, 7 Apr 2026 11:37:52 +0200 Subject: [PATCH 22/39] increase to 12.9.2 Signed-off-by: Simon L. --- php/templates/includes/aio-version.twig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/templates/includes/aio-version.twig b/php/templates/includes/aio-version.twig index 791e0253..9db21723 100644 --- a/php/templates/includes/aio-version.twig +++ b/php/templates/includes/aio-version.twig @@ -1 +1 @@ -12.9.1 +12.9.2 From bc968d18e686d694d7bc80aa072f3e3eb364a821 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 7 Apr 2026 14:51:32 +0200 Subject: [PATCH 23/39] Punish failed login attempts with a delay This is a very simple means against bots, until we find the time to discuss and implement something better. Signed-off-by: Pablo Zmdl --- php/src/Controller/LoginController.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php index a90bde26..b3c74b30 100644 --- a/php/src/Controller/LoginController.php +++ b/php/src/Controller/LoginController.php @@ -28,6 +28,9 @@ readonly class LoginController { return $response->withHeader('Location', '.')->withStatus(201); } + // Punish failed auth attempts with a delay, as a very simple means against bots. + sleep(5); + $response->getBody()->write("The password is incorrect."); return $response->withHeader('Location', '.')->withStatus(422); } From b67b3bbe1549f847e9830ae41ab1d9629300083c Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Tue, 7 Apr 2026 15:08:01 +0200 Subject: [PATCH 24/39] Also punish failed logins via GET and URL-token Signed-off-by: Pablo Zmdl --- php/src/Controller/LoginController.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php index b3c74b30..d37a2210 100644 --- a/php/src/Controller/LoginController.php +++ b/php/src/Controller/LoginController.php @@ -42,6 +42,9 @@ readonly class LoginController { return $response->withHeader('Location', '../..')->withStatus(302); } + // Punish failed auth attempts with a delay, as a very simple means against bots. + sleep(5); + return $response->withHeader('Location', '../..')->withStatus(302); } From f57d0becd04cf564bab65b970a848fd442b35ac6 Mon Sep 17 00:00:00 2001 From: Michael Keck Date: Tue, 7 Apr 2026 21:25:51 +0200 Subject: [PATCH 25/39] Readme: Fix broken OCC security link Signed-off-by: Michael Keck --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 26b66291..771e1f1b 100644 --- a/readme.md +++ b/readme.md @@ -703,7 +703,7 @@ Simply run the following command: `sudo docker exec --user www-data nextcloud-ai See [multiple-instances.md](./multiple-instances.md) for some documentation on this. ### Bruteforce protection FAQ -Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management +Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset ` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable `. See https://docs.nextcloud.com/server/latest/admin_manual/occ_command.html#security-commands-label for further information. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management ### How to switch the channel? You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa. ⚠️ In some rare occurrences, you might need to run `docker pull ghcr.io/nextcloud-releases/all-in-one:latest` or `docker pull ghcr.io/nextcloud-releases/all-in-one:beta` first before being able to use the image. From 67515899e26c3e6a542036345b97bcf54bbf1c4d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 04:16:54 +0000 Subject: [PATCH 26/39] build(deps): bump golang in /Containers/imaginary Bumps golang from 1.26.1-alpine3.23 to 1.26.2-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.2-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/imaginary/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/imaginary/Dockerfile b/Containers/imaginary/Dockerfile index 8ba9f244..dfd86505 100644 --- a/Containers/imaginary/Dockerfile +++ b/Containers/imaginary/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.26.1-alpine3.23 AS go +FROM golang:1.26.2-alpine3.23 AS go ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee From 83a77ae6254a6784229217fda03745c32d1b0e3d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 04:17:00 +0000 Subject: [PATCH 27/39] build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.3.1-cli to 29.4.0-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.4.0-cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 90e615e4..108e7457 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Docker CLI is a requirement -FROM docker:29.3.1-cli AS docker +FROM docker:29.4.0-cli AS docker ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276 From a2531182d1dee79e8f24e8e28997443e7117461d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 04:17:54 +0000 Subject: [PATCH 28/39] build(deps): bump golang in /Containers/watchtower Bumps golang from 1.26.1-alpine3.23 to 1.26.2-alpine3.23. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26.2-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/watchtower/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index fea7e60e..971188a3 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:latest -FROM golang:1.26.1-alpine3.23 AS go +FROM golang:1.26.2-alpine3.23 AS go ENV WATCHTOWER_COMMIT_HASH=5a33e3c0aa3b2770c648a114b4a9d32e0a5b55ba From fc9a7769b47ac99aac12077ccc502717470eb4f5 Mon Sep 17 00:00:00 2001 From: Benjamin Brahmer Date: Wed, 8 Apr 2026 09:23:17 +0200 Subject: [PATCH 29/39] Update Prometheus Nextcloud Exporter to 0.9.1 Signed-off-by: Benjamin Brahmer --- community-containers/nextcloud-exporter/nextcloud-exporter.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community-containers/nextcloud-exporter/nextcloud-exporter.json b/community-containers/nextcloud-exporter/nextcloud-exporter.json index e5bf74b8..5324af08 100644 --- a/community-containers/nextcloud-exporter/nextcloud-exporter.json +++ b/community-containers/nextcloud-exporter/nextcloud-exporter.json @@ -5,7 +5,7 @@ "display_name": "Prometheus Nextcloud Exporter", "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter", "image": "ghcr.io/xperimental/nextcloud-exporter", - "image_tag": "0.9.0", + "image_tag": "0.9.1", "internal_port": "9205", "restart": "unless-stopped", "ports": [ From 7256f96dcd0ea7e0022ed2c124c43320ab275251 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 8 Apr 2026 12:15:49 +0000 Subject: [PATCH 30/39] Yaml updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- manual-install/latest.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/manual-install/latest.yml b/manual-install/latest.yml index 0c9f29a2..c6b81f16 100644 --- a/manual-install/latest.yml +++ b/manual-install/latest.yml @@ -249,8 +249,8 @@ services: expose: - "9980" environment: - - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache:23973 - - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973 + - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - dictionaries=${COLLABORA_DICTIONARIES} - TZ=${TIMEZONE} - server_name=${NC_DOMAIN} @@ -259,7 +259,6 @@ services: profiles: - collabora cap_add: - - MKNOD - SYS_ADMIN - SYS_CHROOT - FOWNER @@ -283,6 +282,8 @@ services: - ${TALK_PORT}:${TALK_PORT}/udp expose: - "8081" + volumes: + - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro environment: - NC_DOMAIN - TALK_HOST=nextcloud-aio-talk From ccd94dfaf79932a53a5ca4c9cef671a84529caea Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Wed, 8 Apr 2026 12:25:55 +0000 Subject: [PATCH 31/39] watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- Containers/watchtower/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Containers/watchtower/Dockerfile b/Containers/watchtower/Dockerfile index fea7e60e..2609c4ac 100644 --- a/Containers/watchtower/Dockerfile +++ b/Containers/watchtower/Dockerfile @@ -1,13 +1,13 @@ # syntax=docker/dockerfile:latest FROM golang:1.26.1-alpine3.23 AS go -ENV WATCHTOWER_COMMIT_HASH=5a33e3c0aa3b2770c648a114b4a9d32e0a5b55ba +ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3 RUN set -ex; \ apk upgrade --no-cache -a; \ apk add --no-cache \ build-base; \ - go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.4 + go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.16.1 FROM alpine:3.23.3 From 088cfce5f3e15cf587dafa478b9736f88345ae8b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 04:16:17 +0000 Subject: [PATCH 32/39] build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 8.19.13 to 8.19.14. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 8.19.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/fulltextsearch/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/fulltextsearch/Dockerfile b/Containers/fulltextsearch/Dockerfile index b31f0361..f9d80bb4 100644 --- a/Containers/fulltextsearch/Dockerfile +++ b/Containers/fulltextsearch/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:latest # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile -FROM elasticsearch:8.19.13 +FROM elasticsearch:8.19.14 USER root From e73e5abb4c65fb40aa8a874d7f3d382efb53e28f Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 9 Apr 2026 09:55:16 +0000 Subject: [PATCH 33/39] Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- nextcloud-aio-helm-chart/Chart.yaml | 2 +- .../templates/nextcloud-aio-apache-deployment.yaml | 2 +- .../templates/nextcloud-aio-clamav-deployment.yaml | 4 ++-- .../nextcloud-aio-collabora-deployment.yaml | 9 ++++----- .../templates/nextcloud-aio-database-deployment.yaml | 4 ++-- .../nextcloud-aio-fulltextsearch-deployment.yaml | 4 ++-- .../nextcloud-aio-imaginary-deployment.yaml | 2 +- .../nextcloud-aio-nextcloud-deployment.yaml | 4 ++-- .../nextcloud-aio-notify-push-deployment.yaml | 2 +- .../nextcloud-aio-onlyoffice-deployment.yaml | 4 ++-- .../templates/nextcloud-aio-redis-deployment.yaml | 2 +- .../templates/nextcloud-aio-talk-deployment.yaml | 12 +++++++++++- .../nextcloud-aio-talk-recording-deployment.yaml | 2 +- .../nextcloud-aio-whiteboard-deployment.yaml | 2 +- 14 files changed, 32 insertions(+), 23 deletions(-) diff --git a/nextcloud-aio-helm-chart/Chart.yaml b/nextcloud-aio-helm-chart/Chart.yaml index ea90ecf6..6ac4bfc6 100755 --- a/nextcloud-aio-helm-chart/Chart.yaml +++ b/nextcloud-aio-helm-chart/Chart.yaml @@ -1,6 +1,6 @@ name: nextcloud-aio-helm-chart description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose -version: 12.8.0 +version: 12.9.2 apiVersion: v2 keywords: - latest diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml index 1d3d43f3..2d768356 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml @@ -63,7 +63,7 @@ spec: value: "{{ .Values.TIMEZONE }}" - name: WHITEBOARD_HOST value: nextcloud-aio-whiteboard - image: ghcr.io/nextcloud-releases/aio-apache:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml index 6fec4b18..fa7f0ede 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml @@ -36,7 +36,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910 command: - mkdir - "-p" @@ -59,7 +59,7 @@ spec: value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-clamav:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml index 18529634..9d6a1fc1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml @@ -28,17 +28,17 @@ spec: - name: TZ value: "{{ .Values.TIMEZONE }}" - name: aliasgroup1 - value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache:23973 + value: https://{{ .Values.NC_DOMAIN }}:443,http://nextcloud-aio-apache.nextcloud-aio:23973 - name: dictionaries value: "{{ .Values.COLLABORA_DICTIONARIES }}" - name: extra_params - value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ + value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+ - name: server_name value: "{{ .Values.NC_DOMAIN }}" {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }} - image: ghcr.io/nextcloud-releases/aio-collabora-online:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910 {{- else }} - image: ghcr.io/nextcloud-releases/aio-collabora:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910 {{- end }} readinessProbe: exec: @@ -63,7 +63,6 @@ spec: securityContext: capabilities: add: - - MKNOD - CAP_SYS_ADMIN - SYS_CHROOT - FOWNER diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml index a98758e9..31c036fc 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml @@ -35,7 +35,7 @@ spec: {{- end }} initContainers: - name: init-subpath - image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910 command: - mkdir - "-p" @@ -64,7 +64,7 @@ spec: value: nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-postgresql:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml index ec8e00fa..f673e183 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910 command: - chmod - "777" @@ -54,7 +54,7 @@ spec: value: basic - name: xpack.security.enabled value: "false" - image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml index bb1368ae..baf4b7a0 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml @@ -38,7 +38,7 @@ spec: value: "{{ .Values.IMAGINARY_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-imaginary:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml index f3cb647b..1e502637 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml @@ -38,7 +38,7 @@ spec: # AIO settings start # Do not remove or change this line! initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910 command: - chmod - "777" @@ -190,7 +190,7 @@ spec: value: "{{ .Values.WHITEBOARD_ENABLED }}" - name: WHITEBOARD_SECRET value: "{{ .Values.WHITEBOARD_SECRET }}" - image: ghcr.io/nextcloud-releases/aio-nextcloud:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910 {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment! securityContext: # The items below only work in container context diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml index ff901710..9ae0e0f1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml @@ -39,7 +39,7 @@ spec: value: nextcloud-aio-nextcloud - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-notify-push:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml index a5d1e719..1ee11003 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml @@ -24,7 +24,7 @@ spec: spec: initContainers: - name: init-volumes - image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910 command: - chmod - "777" @@ -42,7 +42,7 @@ spec: value: "{{ .Values.ONLYOFFICE_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml index 1733f31c..02fbb7b1 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml @@ -39,7 +39,7 @@ spec: value: "{{ .Values.REDIS_PASSWORD }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-redis:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml index f5dc967c..41082f80 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml @@ -13,6 +13,8 @@ spec: selector: matchLabels: io.kompose.service: nextcloud-aio-talk + strategy: + type: Recreate template: metadata: annotations: @@ -52,7 +54,7 @@ spec: value: "{{ .Values.TURN_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910 readinessProbe: exec: command: @@ -84,4 +86,12 @@ spec: {{- else }} drop: ["NET_RAW"] {{- end }} + volumeMounts: + - mountPath: /usr/local/share/ca-certificates + name: nextcloud-aio-nextcloud-trusted-cacerts + readOnly: true + volumes: + - name: nextcloud-aio-nextcloud-trusted-cacerts + persistentVolumeClaim: + claimName: nextcloud-aio-nextcloud-trusted-cacerts {{- end }} diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml index 2fee7719..301a3b02 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml @@ -44,7 +44,7 @@ spec: value: "{{ .Values.RECORDING_SECRET }}" - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-talk-recording:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910 readinessProbe: exec: command: diff --git a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml index 55646dd4..cfe316e6 100755 --- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml +++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml @@ -50,7 +50,7 @@ spec: value: redis - name: TZ value: "{{ .Values.TIMEZONE }}" - image: ghcr.io/nextcloud-releases/aio-whiteboard:20260306_081319 + image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910 readinessProbe: exec: command: From dd707478d0b8856ea1879b4e7479f1c5db2deb3f Mon Sep 17 00:00:00 2001 From: derStephan Date: Thu, 9 Apr 2026 12:50:13 +0200 Subject: [PATCH 34/39] aio-caddy: add description of new feature how to add caddy imports via Nextcloud (#7835) Signed-off-by: derStephan Co-authored-by: Simon L. --- community-containers/caddy/readme.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md index 3284decc..5ada3738 100644 --- a/community-containers/caddy/readme.md +++ b/community-containers/caddy/readme.md @@ -16,7 +16,8 @@ This container bundles caddy and auto-configures it for you. It also covers [vau - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter. - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI. - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! -- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management +- You can add your own Caddy configurations in the folder `nextcloud-aio-caddy/caddy-imports` in the files app of the default `admin` user. You need to create that folder manually. These will be imported on container startup. +- You can alternatively add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server use the previous option or run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack - If you want to remove the container again and revert back to the default, you need to disable the container via the AIO-interface and follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#8-removing-the-reverse-proxy From e9e22cd3c5f56adc1aad8934f71aac417584d5b8 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Thu, 9 Apr 2026 12:16:06 +0000 Subject: [PATCH 35/39] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 51 ++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index c32b4a9d..f54f4c2e 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -448,16 +448,16 @@ }, { "name": "laravel/serializable-closure", - "version": "v2.0.10", + "version": "v2.0.11", "source": { "type": "git", "url": "https://github.com/laravel/serializable-closure.git", - "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669" + "reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/870fc81d2f879903dfc5b60bf8a0f94a1609e669", - "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669", + "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d1af40ac4a6ccc12bd062a7184f63c9995a63bdd", + "reference": "d1af40ac4a6ccc12bd062a7184f63c9995a63bdd", "shasum": "" }, "require": { @@ -505,7 +505,7 @@ "issues": "https://github.com/laravel/serializable-closure/issues", "source": "https://github.com/laravel/serializable-closure" }, - "time": "2026-02-20T19:59:49+00:00" + "time": "2026-04-07T13:32:18+00:00" }, { "name": "nikic/fast-route", @@ -2453,24 +2453,27 @@ }, { "name": "amphp/serialization", - "version": "v1.0.0", + "version": "v1.1.0", "source": { "type": "git", "url": "https://github.com/amphp/serialization.git", - "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1" + "reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/amphp/serialization/zipball/693e77b2fb0b266c3c7d622317f881de44ae94a1", - "reference": "693e77b2fb0b266c3c7d622317f881de44ae94a1", + "url": "https://api.github.com/repos/amphp/serialization/zipball/fdf2834d78cebb0205fb2672676c1b1eb84371f0", + "reference": "fdf2834d78cebb0205fb2672676c1b1eb84371f0", "shasum": "" }, "require": { - "php": ">=7.1" + "php": ">=7.4" }, "require-dev": { - "amphp/php-cs-fixer-config": "dev-master", - "phpunit/phpunit": "^9 || ^8 || ^7" + "amphp/php-cs-fixer-config": "^2", + "ext-json": "*", + "ext-zlib": "*", + "phpunit/phpunit": "^9", + "psalm/phar": "6.16.1" }, "type": "library", "autoload": { @@ -2505,9 +2508,15 @@ ], "support": { "issues": "https://github.com/amphp/serialization/issues", - "source": "https://github.com/amphp/serialization/tree/master" + "source": "https://github.com/amphp/serialization/tree/v1.1.0" }, - "time": "2020-03-25T21:39:07+00:00" + "funding": [ + { + "url": "https://github.com/amphp", + "type": "github" + } + ], + "time": "2026-04-05T15:59:53+00:00" }, { "name": "amphp/socket", @@ -3834,16 +3843,16 @@ }, { "name": "sebastian/diff", - "version": "8.0.0", + "version": "8.1.0", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/diff.git", - "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3" + "reference": "9c957d730257f49c873f3761674559bd90098a7d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/a2b6d09d7729ee87d605a439469f9dcc39be5ea3", - "reference": "a2b6d09d7729ee87d605a439469f9dcc39be5ea3", + "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d", + "reference": "9c957d730257f49c873f3761674559bd90098a7d", "shasum": "" }, "require": { @@ -3856,7 +3865,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "8.0-dev" + "dev-main": "8.1-dev" } }, "autoload": { @@ -3889,7 +3898,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/diff/issues", "security": "https://github.com/sebastianbergmann/diff/security/policy", - "source": "https://github.com/sebastianbergmann/diff/tree/8.0.0" + "source": "https://github.com/sebastianbergmann/diff/tree/8.1.0" }, "funding": [ { @@ -3909,7 +3918,7 @@ "type": "tidelift" } ], - "time": "2026-02-06T04:42:27+00:00" + "time": "2026-04-05T12:02:33+00:00" }, { "name": "spatie/array-to-xml", From c2fd040d06ca474af91f2af2b49622d48989c822 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 10 Apr 2026 04:17:04 +0000 Subject: [PATCH 36/39] build(deps): bump php in /Containers/mastercontainer Bumps php from 8.5.4-fpm-alpine3.23 to 8.5.5-fpm-alpine3.23. --- updated-dependencies: - dependency-name: php dependency-version: 8.5.5-fpm-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Containers/mastercontainer/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Containers/mastercontainer/Dockerfile b/Containers/mastercontainer/Dockerfile index 108e7457..3dd2c9a4 100644 --- a/Containers/mastercontainer/Dockerfile +++ b/Containers/mastercontainer/Dockerfile @@ -11,7 +11,7 @@ RUN set -ex; \ /usr/bin/caddy list-modules # From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile -FROM php:8.5.4-fpm-alpine3.23 +FROM php:8.5.5-fpm-alpine3.23 EXPOSE 80 EXPOSE 8080 From 13c194716dacc5868b8e24de2bfe2f31d62abc09 Mon Sep 17 00:00:00 2001 From: szaimen <42591237+szaimen@users.noreply.github.com> Date: Fri, 10 Apr 2026 12:13:21 +0000 Subject: [PATCH 37/39] php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- php/composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/php/composer.lock b/php/composer.lock index f54f4c2e..3da2d703 100644 --- a/php/composer.lock +++ b/php/composer.lock @@ -4894,16 +4894,16 @@ }, { "name": "webmozart/assert", - "version": "2.1.6", + "version": "2.2.0", "source": { "type": "git", "url": "https://github.com/webmozarts/assert.git", - "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8" + "reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/webmozarts/assert/zipball/ff31ad6efc62e66e518fbab1cde3453d389bcdc8", - "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8", + "url": "https://api.github.com/repos/webmozarts/assert/zipball/1b99650e7ffcad232624a260bc7fbdec2ffc407c", + "reference": "1b99650e7ffcad232624a260bc7fbdec2ffc407c", "shasum": "" }, "require": { @@ -4950,9 +4950,9 @@ ], "support": { "issues": "https://github.com/webmozarts/assert/issues", - "source": "https://github.com/webmozarts/assert/tree/2.1.6" + "source": "https://github.com/webmozarts/assert/tree/2.2.0" }, - "time": "2026-02-27T10:28:38+00:00" + "time": "2026-04-09T16:54:47+00:00" } ], "aliases": [], From 0a96759c72f314371db9894650f474c46fb0c897 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl Date: Fri, 10 Apr 2026 14:51:51 +0200 Subject: [PATCH 38/39] Add an explanation why we disable the HTTP challenge in that Caddy instance Signed-off-by: Pablo Zmdl --- Containers/apache/Caddyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index d1261268..df7bf0ea 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -75,6 +75,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req tls { issuer acme { profile shortlived + # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer). disable_http_challenge } } From 3f11a48657ff1ef37a4641c01fcade885d677b71 Mon Sep 17 00:00:00 2001 From: Pablo Zmdl <57864086+pabzm@users.noreply.github.com> Date: Fri, 10 Apr 2026 14:56:44 +0200 Subject: [PATCH 39/39] Update Containers/apache/Caddyfile Co-authored-by: Simon L. Signed-off-by: Pablo Zmdl <57864086+pabzm@users.noreply.github.com> --- Containers/apache/Caddyfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index df7bf0ea..a15a9c19 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -76,6 +76,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req issuer acme { profile shortlived # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer). + # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT. disable_http_challenge } }