Run playwright tests via compose setup

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
Enable running playwright tests locally
2026-06-10 08:37:02 +00:00 · 2026-06-03 16:18:54 +02:00 · 2026-06-03 16:18:54 +02:00 · 2026-06-03 11:05:53 +02:00 · 2026-06-02 17:11:46 +02:00 · 2026-06-02 17:09:45 +02:00
102 changed files with 1086 additions and 819 deletions
@@ -0,0 +1,20 @@
+# https://editorconfig.org
+
+# Tip: to find files violating the rules set out here, run `docker run --rm --volume=$PWD:/check mstruebing/editorconfig-checker`
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.yaml]
+indent_size = 2
+
+
+[*.yml]
+indent_size = 2
@@ -3,3 +3,8 @@
  -
  - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
 -->
+
+<!-- Please check the below checkmarks if applicable -->
+
+- [ ] The PR was tested and verified that it works locally
+- [ ] The PR was completely or partially created with AI
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5
+      - uses: dessant/lock-threads@89ae32b08ed1a541efecbab17912962a5e38981c # v5
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
@@ -30,99 +30,11 @@ jobs:
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version: lts/*
-
-      - name: Install dependencies
-        run: cd php/tests && npm ci
-
-      - name: Install Playwright Browsers
-        run: cd php/tests && npx playwright install --with-deps chromium
-
-      - name: Set up php 8.5
-        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
-        with:
-          extensions: apcu
-          php-version: 8.5
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Adjust some things and fix permissions
-        run: |
-          cd php
-          rm -r ./data
-          rm -r ./session
-          composer install --no-dev
-          composer clear-cache
-          sudo chmod 777 -R ../
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume ./php:/var/www/docker-aio/php \
-            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
-            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
-            --volume ./Containers/mastercontainer/start.sh:/start.sh \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=true \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
-
      - name: Run Playwright tests for initial setup
-        run: |
-          cd php/tests
-          export DEBUG=pw:api
-          if ! npx playwright test tests/initial-setup.spec.js; then
-            docker logs nextcloud-aio-mastercontainer
-            docker logs nextcloud-aio-borgbackup
-            exit 1
-          fi
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume ./php:/var/www/docker-aio/php \
-            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
-            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
-            --volume ./Containers/mastercontainer/start.sh:/start.sh \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=false \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
+        run: ./php/tests/run.sh ./tests/initial-setup.spec.js

      - name: Run Playwright tests for backup restore
-        run: |
-          cd php/tests 
-          export DEBUG=pw:api
-          if ! npx playwright test tests/restore-instance.spec.js; then
-            docker logs nextcloud-aio-mastercontainer
-            docker logs nextcloud-aio-borgbackup
-            exit 1
-          fi
+        run: ./php/tests/run.sh ./tests/restore-instance.spec.js

      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: ${{ !cancelled() }}
@@ -15,72 +15,15 @@ jobs:
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version: lts/*
-
-      - name: Install dependencies
-        run: cd php/tests && npm ci
-
-      - name: Install Playwright Browsers
-        run: cd php/tests && npx playwright install --with-deps chromium
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=true \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
-
      - name: Run Playwright tests for initial setup
-        run: |
-          cd php/tests
-          export DEBUG=pw:api
-          if ! npx playwright test tests/initial-setup.spec.js; then
-            docker logs nextcloud-aio-mastercontainer
-            docker logs nextcloud-aio-borgbackup
-            exit 1
-          fi
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=false \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
+        env:
+          TEST_CODE_FROM_IMAGE: yes
+        run: ./run.sh ./tests/initial-setup.spec.js

      - name: Run Playwright tests for backup restore
-        run: |
-          cd php/tests 
-          export DEBUG=pw:api
-          if ! npx playwright test tests/restore-instance.spec.js; then
-            docker logs nextcloud-aio-mastercontainer
-            docker logs nextcloud-aio-borgbackup
-            exit 1
-          fi
+        env:
+          TEST_CODE_FROM_IMAGE: yes
+        run: ./php/tests/run.sh ./tests/restore-instance.spec.js

      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        if: ${{ !cancelled() }}
@@ -88,4 +31,4 @@ jobs:
          name: playwright-report
          path: php/tests/playwright-report/
          retention-days: 14
-          overwrite: true
+          overwrite: true
@@ -78,7 +78,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
    # TLS options
    tls {
        issuer acme {
-            profile shortlived
+            profile tlsserver
            # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
            # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
            disable_http_challenge
@@ -103,6 +103,7 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Apache and Caddy for Nextcloud AIO" \
    org.opencontainers.image.description="Apache HTTP server with Caddy for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -25,6 +25,7 @@ USER root

 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Borgbackup for Nextcloud AIO" \
    org.opencontainers.image.description="BorgBackup-based backup service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -43,6 +43,7 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="ClamAV for Nextcloud AIO" \
    org.opencontainers.image.description="ClamAV antivirus scanner for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -13,6 +13,7 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Collabora Online for Nextcloud AIO" \
    org.opencontainers.image.description="Collabora Online document editor from upstream for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.9.4.1
+FROM collabora/code:25.04.10.3.1

 USER root
 ARG DEBIAN_FRONTEND=noninteractive
@@ -13,6 +13,7 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Collabora for Nextcloud AIO" \
    org.opencontainers.image.description="Collabora CODE document editor for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -20,6 +20,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Docker Socket Proxy for Nextcloud AIO" \
    org.opencontainers.image.description="HAProxy-based Docker socket proxy for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -19,6 +19,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Domain Check for Nextcloud AIO" \
    org.opencontainers.image.description="Domain validation service for Nextcloud All-in-One setup" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:9.4.1
+FROM elasticsearch:9.4.2

 USER root

@@ -21,6 +21,7 @@ USER 1000:0
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Full Text Search for Nextcloud AIO" \
    org.opencontainers.image.description="Elasticsearch-based full-text search for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi

-curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
+curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
@@ -45,6 +45,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Imaginary for Nextcloud AIO" \
    org.opencontainers.image.description="High-performance image processing service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.5.0-cli AS docker
+FROM docker:29.5.2-cli AS docker

 ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3

@@ -107,6 +107,7 @@ LABEL org.opencontainers.image.title="Nextcloud All-in-One Mastercontainer" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md" \
    wud.watch="false" \
+    dockhand.update="false" \
    com.docker.compose.project="nextcloud-aio"

 # hadolint ignore=DL3002
@@ -54,7 +54,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
-user=root
+user=www-data

 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0

 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.3
+ENV NEXTCLOUD_VERSION=33.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -286,6 +286,7 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Nextcloud for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud server with all required PHP extensions for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,4 +1,4 @@
 <?php
 $CONFIG = array (
-  'serverid' => crc32(gethostname()) % 512,
+  'serverid' => hexdec(hash('xxh32', gethostname())) & 0x1FF,
 );
@@ -23,6 +23,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Notify Push for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud notify_push high-performance backend for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -42,6 +42,15 @@ if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] &&
    exit 1
 fi

+# Logic for ipv6 disabled servers
+BIND="::"
+if grep -q "1" /sys/module/ipv6/parameters/disable \
+|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
+|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
+    BIND="0.0.0.0"
+fi
+export BIND
+
 echo "notify-push was started"


@@ -9,6 +9,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="OnlyOffice for Nextcloud AIO" \
    org.opencontainers.image.description="OnlyOffice Document Server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -49,6 +49,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="PostgreSQL for Nextcloud AIO" \
    org.opencontainers.image.description="PostgreSQL database for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -23,6 +23,7 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Redis for Nextcloud AIO" \
    org.opencontainers.image.description="Redis cache server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -67,6 +67,7 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Talk Recording for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud Talk recording service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi

-nc -z 127.0.0.1 1234 || exit 1
+nc -z 127.0.0.1 1234 || nc -z ::1 1234 || exit 1
@@ -58,13 +58,21 @@ extensionaudio = .m4a
 extensionvideo = .mp4"
 fi

+# Detect IPv6 availability to choose the right listen address
+RECORDING_LISTEN="0.0.0.0:1234"
+if ! grep -q "1" /sys/module/ipv6/parameters/disable 2>/dev/null \
+&& ! grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
+&& ! grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6 2>/dev/null; then
+    RECORDING_LISTEN="[::]:1234"
+fi
+
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
 level = ${TALK_RECORDING_LOG_LEVEL}

 [http]
-listen = 0.0.0.0:1234
+listen = ${RECORDING_LISTEN}

 [backend]
 allowall = ${ALLOW_ALL}
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.14.0-scratch AS nats
+FROM nats:2.14.1-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus
@@ -112,6 +112,7 @@ CMD ["supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Talk for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud Talk with NATS, Janus, eturnal, and signaling server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -4,11 +4,13 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi

-nc -z 127.0.0.1 8081 || exit 1
+nc -z 127.0.0.1 8081 || nc -z ::1 8081 || exit 1
 nc -z 127.0.0.1 8188 || exit 1
 nc -z 127.0.0.1 4222 || exit 1
-nc -z 127.0.0.1 "$TALK_PORT" || exit 1
+nc -z 127.0.0.1 "$TALK_PORT" || nc -z ::1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
 # Verify that the signaling server is actually serving requests, not just
 # listening on the TCP port (which nc -z above only tests for open port).
-wget -q -O /dev/null http://127.0.0.1:8081/api/v1/stats || exit 1
+# SC2102: [::1] is an IPv6 address literal in a URL, not a character-range glob.
+# shellcheck disable=SC2102
+wget -q -O /dev/null http://127.0.0.1:8081/api/v1/stats || wget -q -O /dev/null http://[::1]:8081/api/v1/stats || exit 1
@@ -75,6 +75,13 @@ if grep -q "1" /sys/module/ipv6/parameters/disable \
 || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
    IP_BINDING="0.0.0.0"
 fi
+# Build a listen address suitable for the signaling server's "ip:port" format.
+# IPv6 needs bracket notation: [::]:8081; IPv4 keeps the plain form: 0.0.0.0:8081
+if [ "$IP_BINDING" = "::" ]; then
+    SIGNALING_LISTEN="[::]:8081"
+else
+    SIGNALING_LISTEN="$IP_BINDING:8081"
+fi
 if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
@@ -118,7 +125,7 @@ fi
 # Signaling
 cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
-listen = 0.0.0.0:8081
+listen = ${SIGNALING_LISTEN}
 readtimeout = 15
 writetimeout = 30

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.26.3-alpine3.23 AS go

-ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3	
+ENV WATCHTOWER_COMMIT_HASH=9d0048403a7242943084bede951f6f966f7691ba	

 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache \
        build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.16.1
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.17.2

 FROM alpine:3.23.4

@@ -27,6 +27,7 @@ ENV AIO_LOG_LEVEL="warn"
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Watchtower for Nextcloud AIO" \
    org.opencontainers.image.description="Watchtower auto-update service for Nextcloud All-in-One containers" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.8
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.9

 USER root
 RUN set -ex; \
@@ -24,6 +24,7 @@ ENTRYPOINT ["/start.sh"]

 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
+    dockhand.update="false" \
    org.opencontainers.image.title="Whiteboard for Nextcloud AIO" \
    org.opencontainers.image.description="Collaborative whiteboard service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,19 +1,12 @@
 # https://editorconfig.org

+# note: the files in ./composer actually use 4 spaces instead of tabs
+
 root = true

 [*]
 charset = utf-8
 end_of_line = lf
-indent_size = 4
 indent_style = tab
 insert_final_newline = true
 trim_trailing_whitespace = true
-
-[*.feature]
-indent_size = 2
-indent_style = space
-
-[*.yml]
-indent_size = 2
-indent_style = space
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="32" max-version="33"/>
+		<nextcloud min-version="33" max-version="34"/>
 	</dependencies>

 	<settings>
@@ -1,7 +1,10 @@
+# AIO app for Nextcloud
+
+This folder contains a Nextcloud app, which will be automatically installed within the Nextcloud instance.
+It adds a link to the admin settings page that gives access to the AIO interface.
+
 ## How to develop the app?

-Please note that in order to check if an app is already downloaded
-Nextcloud will look for a folder with the same name as the app.
+Please note that in order to check if an app is already downloaded Nextcloud will look for a folder with the same name as the app.

-Therefore you need to add the app to one of the app directories
-naming the directory `nextcloud-aio`.
+Therefore you need to add the app to one of the app directories naming the directory `nextcloud-aio`.
@@ -1,5 +1,5 @@
 ## Borgbackup Viewer
-This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
+This container allows to view the local borg backups repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.

 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
@@ -14,4 +14,3 @@ https://github.com/szaimen/aio-borgbackup-viewer

 ### Maintainer
 https://github.com/szaimen
-
@@ -1,5 +1,13 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles [caddy](https://caddyserver.com/) and auto-configures it for you as a reverse proxy. 
+It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. 
+It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. 
+It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. 
+It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. 
+It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. 
+It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. 
+It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. 
+It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.

 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## calcardbackup  
-This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
+This container packages [calcardbackup](https://codeberg.org/BernieO/calcardbackup), a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
  
 ### Notes  
 - Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
@@ -12,4 +12,3 @@ https://github.com/waja/docker-calcardbackup

 ### Maintainer
 https://github.com/pailloM
-  
@@ -1,11 +1,11 @@
 ## Container-Management
-This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
+This container allows to manage other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.

 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5804` in order to log in with the user `container-management` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There you can use any docker command. ⚠️ Be very carefully while doing that as can break your instance!
- There are also some pre-made scripts that make configuring some of the community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- There are also some pre-made scripts that make configuring some community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
+- ⚠️ After you are done doing your operations, remove the container from the stack for better security: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

 ### Repository
@@ -1,8 +1,8 @@
 ## DLNA server
-This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
+This container bundles a DLNA multimedia streaming server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.

 ### Notes
- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
+- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on public servers.
 - If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

@@ -11,4 +11,3 @@ https://github.com/thanek/nextcloud-dlna

 ### Maintainer
 https://github.com/thanek
-
@@ -1,5 +1,5 @@
 ## Facerecognition
-This container bundles the external model of facerecognition and auto-configures it for you.
+This container bundles a basic facial recognition system and auto-configures it for you.

 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
@@ -1,5 +1,6 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
+This container bundles [fail2ban](https://github.com/fail2ban/fail2ban) and auto-configures it for you in order to block ip-addresses automatically.
+It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.

 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
@@ -1,5 +1,5 @@
 ## Glances
-This container starts Glances, a web-based info-board, and auto-configures it for you.
+This container starts [Glances](https://nicolargo.github.io/glances/), a web-based system monitoring dashboard, and auto-configures it for you.

 > [!CAUTION]
 > This container mounts the docker-socket from the host-system.
@@ -1,11 +1,13 @@
 ## Home Assistant
-This container bundles Home Assistant and auto-configures it for you.
+This container bundles [Home Assistant](https://www.home-assistant.io/) and auto-configures it for you.

 ### Notes
 - This container should only be run in home networks since Home Assistant is designed for local home automation.
 - After adding and starting the container, you can visit `http://ip.address.of.this.server:8123` in order to set up your Home Assistant instance.
 - The data of Home Assistant will be automatically included in AIOs backup solution!
 - In order to access your Home Assistant outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
+- And to allow the traffic from the reverse proxy to be accepted by Home Assistant, follow [these instructions](https://www.home-assistant.io/integrations/http/#reverse-proxies) from the Home Assistant documentation. 
+- Or, to use the Caddy with geoblocking community container, follow the following instruction to add your own Caddyfile, to use it for Home Assistant: https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy#notes
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

 ### Repository
@@ -1,5 +1,5 @@
 ## Jellyfin
-This container bundles Jellyfin and auto-configures it for you.
+This container bundles [Jellyfin](https://jellyfin.org/) and auto-configures it for you.

 ### Notes
 - This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Seerr
-This container bundles Seerr and auto-configures it for you.
+This container bundles [Seerr](https://seerr.dev/) request management and media discovery tool and auto-configures it for you.

 ### Notes
 - **Migration from Jellyseerr**: Jellyseer previously ran as the root user. With the migration to Seerr, the container now runs rootless with userid 1000, meaning that if you previously used Jellyseerr, Seerr will not be able to access the config files generated by the old Jellyseerr container. To migrate, execute the following steps: 1. stop all containers using the AIO-interface, 2. run `sudo docker run --rm -v nextcloud_aio_jellyseerr:/data alpine chown -R 1000:1000 /data`
@@ -1,5 +1,5 @@
 ## LanguageTool for Nextcloud Office
-This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
+This container bundles [LanguageTool](https://github.com/languagetool-org/languagetool) for Nextcloud Office which adds spell checking functionality to Nextcloud Office.

 ### Notes
 - Make sure to have Nextcloud Office enabled via the AIO interface
@@ -1,5 +1,5 @@
 ## LibreTranslate
-This container bundles LibreTranslate and auto-configures it for you.
+This container bundles [LibreTranslate](https://github.com/LibreTranslate/LibreTranslate) and auto-configures it for you.

 > [!WARNING]
 > The LibreTranslate container and app is deprecated!
@@ -1,5 +1,5 @@
 ## Light LDAP server
-This container bundles LLDAP server and auto-configures your Nextcloud instance for you.
+This container bundles an [LLDAP](https://github.com/lldap/lldap) LDAP server and auto-configures your Nextcloud instance for you.

 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
@@ -1,5 +1,5 @@
 ## Local AI
-This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan.
+This container bundles [Local AI](https://localai.io/) and auto-configures it for you. It support hardware acceleration with Vulkan.

 ### Notes
 Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback!
@@ -1,5 +1,5 @@
 ## MakeMKV
-This container bundles MakeMKV and auto-configures it for you.
+This container bundles the [MakeMKV](https://www.makemkv.com/) video converter and auto-configures it for you.

 ### Notes
 - This container should only be run in home networks
@@ -1,5 +1,5 @@
 ## Minio
-This container bundles minio s3 storage and auto-configures it for you.
+This container bundles [minio](https://github.com/minio/minio) s3 storage and auto-configures it for you.

 > [!CAUTION]
 > The Minio upstream project is no longer maintained. The container should still work in its current form...
@@ -14,7 +14,7 @@
 > - See more here https://github.com/nextcloud/tables/issues/103 

 ## NocoDb server
-This container bundles NocoDb without synchronization with Nextcloud.
+This container bundles [NocoDb](https://github.com/nocodb/nocodb), an online no-code database solution, without synchronization with Nextcloud.

 This is an alternative of **Airtable**.

@@ -1,5 +1,5 @@
 ## NPMplus
-This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
+This container contains a fork of [Nginx Proxy Manager](https://nginxproxymanager.com/), which is a WebUI for nginx. It will also automatically create a config and cert for AIO.

 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Pi-hole
-This container bundles pi-hole and auto-configures it for you.
+This container bundles the [pi-hole](https://pi-hole.net/) ad blocker and auto-configures it for you.

 ### Notes
 - You should not run this container on a public VPS! It is only intended to run in home networks!
@@ -1,5 +1,5 @@
 ## Plex
-This container bundles Plex and auto-configures it for you.
+This container bundles the [Plex Media Server](https://www.plex.tv/en-gb/personal-media-server/) and auto-configures it for you.

 ### Notes
 - This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Scrutiny
-This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you.
+This container bundles [Scrutiny](https://github.com/analogj/scrutiny), a web frontend for SMART stats, and auto-configures it for you.

 ### Notes
 - This container should only be run in home networks
@@ -4,7 +4,7 @@
 > Do not use this feature as a main mail server or without a redundancy system and without knowledge.

 ## Stalwart mail server
-This container bundles stalwart mail server and auto-configures it for you.
+This container bundles the [Stalwart](https://stalw.art/) mail server and auto-configures it for you.

 ### Notes
 Documentation is available on the container repository.
@@ -1,5 +1,5 @@
 ## Vaultwarden
-This container bundles vaultwarden and auto-configures it for you.
+This container bundles the [VaultWarden](https://www.vaultwarden.net/) password manager and auto-configures it for you.

 ### Notes
 - You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
@@ -1,37 +1,37 @@
-# Docker rootless
-
-You can run AIO with docker rootless by following the steps below.
-
-0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
-1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
-1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
-1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
-1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
-1. ⚠️ **Important:** Please read through all notes below!
-
-### Note regarding sudo in the documentation
-Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
-
-### Note regarding permissions
-All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
-
-
-### Note regarding docker network driver
-By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
-As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
-* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
-* Run `sudo sysctl --system` to propagate the change.
-* Create `~/.config/systemd/user/docker.service.d/override.conf`
-  with the following content:
-  ```
-  [Service]
-  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
-  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
-  ```
-* Restart the docker daemon
-  ```
-  systemctl --user restart docker
-  ```
+# Docker rootless
+
+You can run AIO with docker rootless by following the steps below.
+
+0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
+1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
+1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
+1. ⚠️ **Important:** Please read through all notes below!
+
+### Note regarding sudo in the documentation
+Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
+
+### Note regarding permissions
+All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+
+
+### Note regarding docker network driver
+By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
+As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
+* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
+* Run `sudo sysctl --system` to propagate the change.
+* Create `~/.config/systemd/user/docker.service.d/override.conf`
+  with the following content:
+  ```
+  [Service]
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
+  ```
+* Restart the docker daemon
+  ```
+  systemctl --user restart docker
+  ```
@@ -1,40 +1,40 @@
-# Local instance
-It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
-
-### Content
- [1. Tailscale](#1-tailscale)
- [2. Pangolin](#2-pangolin)
- [3. The normal way](#3-the-normal-way)
- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
- [5. Use Cloudflare](#5-use-cloudflare)
- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
-
-## 1. Tailscale
-This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
-
-## 2. Pangolin
-[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
-
-You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
-
-For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
-
-## 3. The normal way
-The normal way is the following:
-1. Set up your domain correctly to point to your home network
-1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
-1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
-1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
-1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
-
-**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
-
-## 4. Use the ACME DNS-challenge
-You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
-
-## 5. Use Cloudflare
-If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
-
-## 6. Buy a certificate and use that
-If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
-
+# Local instance
+It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
+
+### Content
+- [1. Tailscale](#1-tailscale)
+- [2. Pangolin](#2-pangolin)
+- [3. The normal way](#3-the-normal-way)
+- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
+- [5. Use Cloudflare](#5-use-cloudflare)
+- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
+
+## 1. Tailscale
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
+
+## 2. Pangolin
+[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
+
+You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
+
+For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
+
+## 3. The normal way
+The normal way is the following:
+1. Set up your domain correctly to point to your home network
+1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
+
+**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
+
+## 4. Use the ACME DNS-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+
+## 5. Use Cloudflare
+If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
+
+## 6. Buy a certificate and use that
+If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+
@@ -1,122 +1,122 @@
-# Manual upgrade
-
-If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
-There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
-
-The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
-
---
-
-## Method 1 using `assaflavie/runlike`
-
-> [!Warning]
-> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10
-> So please refer to method 2 using Portainer.
-
-1. Start all containers from the AIO interface 
-    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
-    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
-2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
-    - There you will find information about the max. supported PHP version
-    - **Make a mental note of this**
-3. Stop the Nextcloud container and the Apache container by running 
-    ```bash
-        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
-    ```
-4. Run the following commands in order to reverse engineer the Nextcloud container:
-    ```bash
-        sudo docker pull assaflavie/runlike
-        echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
-        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
-        sudo chown root:root /tmp/nextcloud-aio-nextcloud
-    ```
-5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
-
-
-| To change                              | Replace with                                        |
-|----------------------------------------|-----------------------------------------------------|
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
-
-
-
- - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
- - Using nano and the arrow keys to navigate:
-  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
-6. Next, stop and remove the current container: 
-    ```bash
-        sudo docker stop nextcloud-aio-nextcloud
-        sudo docker rm nextcloud-aio-nextcloud
-    ```
-7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
-**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
-8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
-9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
-10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
-11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
-
---
-
-## Method 2 using Portainer
-#### *Approach using portainer if method 1 does not work for you*
-
-Prerequisite: have all containers from AIO interface running.
-
-##### 1. Install portainer if not installed:
-```bash
-docker volume create portainer_data
-docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
-```
- If you have a reverse proxy
-    - you can setup and navigate using a domain name.
- For the **standard** AIO install
-    - Open port 9443 on your firewall
-    - navigate to `https://<server-ip>:9443`
- Accept the insecure self-signed certificate and set an admin password
- If prompted to add an environment
-    - add local
-
-##### 2. Within the local portainer environment navigate to the **containers** tab 
- Here you should see all the various containers running
-
-##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
-
-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
-    - or you can click into individual containers and stop them there
-
-##### 4. Find the version of PHP compatible with the running nextcloud container
- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
-```logs
-This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
-```
-Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
- - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
-
-##### 5. Find the correct container version
-In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
-
-##### 6. Replace the container
- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
- Click ```Duplicate/Edit```
- Within image, change this to the correct version from Step 5
- Click ```Deploy the container```
-    - if you are prompted to force repull the image click the slider and press pull image
-
-*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
-
-Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
-
-#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
-
---
-
-##### 7. Last Step is removing portainer if you don't want to keep it
-
-```bash
-docker stop portainer
-docker rm portainer
-docker volume rm portainer_data
-```
- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
+# Manual upgrade
+
+If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
+There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
+
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
+
+---
+
+## Method 1 using `assaflavie/runlike`
+
+> [!Warning]
+> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10
+> So please refer to method 2 using Portainer.
+
+1. Start all containers from the AIO interface 
+    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
+    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
+2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
+    - There you will find information about the max. supported PHP version
+    - **Make a mental note of this**
+3. Stop the Nextcloud container and the Apache container by running 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
+    ```
+4. Run the following commands in order to reverse engineer the Nextcloud container:
+    ```bash
+        sudo docker pull assaflavie/runlike
+        echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
+        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
+        sudo chown root:root /tmp/nextcloud-aio-nextcloud
+    ```
+5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
+
+
+| To change                              | Replace with                                        |
+|----------------------------------------|-----------------------------------------------------|
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
+
+
+
+ - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
+ - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+ - Using nano and the arrow keys to navigate:
+  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
+6. Next, stop and remove the current container: 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud
+        sudo docker rm nextcloud-aio-nextcloud
+    ```
+7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
+8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
+
+---
+
+## Method 2 using Portainer
+#### *Approach using portainer if method 1 does not work for you*
+
+Prerequisite: have all containers from AIO interface running.
+
+##### 1. Install portainer if not installed:
+```bash
+docker volume create portainer_data
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro -v portainer_data:/data portainer/portainer-ce:latest
+```
+- If you have a reverse proxy
+    - you can setup and navigate using a domain name.
+- For the **standard** AIO install
+    - Open port 9443 on your firewall
+    - navigate to `https://<server-ip>:9443`
+- Accept the insecure self-signed certificate and set an admin password
+- If prompted to add an environment
+    - add local
+
+##### 2. Within the local portainer environment navigate to the **containers** tab 
+- Here you should see all the various containers running
+
+##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
+
+-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
+    - or you can click into individual containers and stop them there
+
+##### 4. Find the version of PHP compatible with the running nextcloud container
+- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
+```logs
+This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
+```
+Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
+ - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
+
+##### 5. Find the correct container version
+In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+
+##### 6. Replace the container
+- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
+- Click ```Duplicate/Edit```
+- Within image, change this to the correct version from Step 5
+- Click ```Deploy the container```
+    - if you are prompted to force repull the image click the slider and press pull image
+
+*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
+
+Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
+
+#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
+
+---
+
+##### 7. Last Step is removing portainer if you don't want to keep it
+
+```bash
+docker stop portainer
+docker rm portainer
+docker volume rm portainer_data
+```
+- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
@@ -1,228 +1,228 @@
-# Multiple AIO instances
-It is possible to run multiple instances of AIO on one server.
-
-There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
-
-
-## Run multiple AIO instances on the same server with docker rootless
-1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
-1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
-1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
-**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
-1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
-1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
-1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
-1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
-1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly!
-
-Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
-
-
-## Run multiple AIO instances on the same server inside their own virtual machines
-This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root.
-
-<details><summary><strong>PLEASE READ: A few expectations about your network</strong></summary>
-This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of <a href="https://nextcloud.com/providers/">Nextcloud's trusted providers.</a>
-</details>
-
-<details><summary><strong>A note for VPS users</strong></summary>
-If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along.
-</details>
-
-**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use.
-If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation.
-
-**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**):
-<!--
-```shell
-# For host machines running Ubuntu Server:
-apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils
-```
-```shell
-# For host machines running Debian:
-apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
-```
-->
-```shell
-# For host machines running Ubuntu Server or Debian:
-apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
-```
-
-**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1).
-
-**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.**
-
-1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it.
-2. Choose the distribution you'd like to install within the VM:
-   <details><summary><strong>Ubuntu Server 22.04.4 LTS</strong></summary>
-       <h4>Downloading the .ISO image</h4>
-       You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image.
-       <!-- This step is required because Ubuntu no longer hosts their "Legacy Ubuntu Server Installer" images, meaning we can no longer pass a URL to virt-install to use as a location. -->
-       <pre><code># Skip this part if you've already downloaded this image
-   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
-   </code></pre>
-       <em>Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail.</em>
-       <h4>Creating the VM</h4>
-       Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]):
-       <pre><code>virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
-   --os-variant ubuntujammy \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-   </code></pre>
-       <h4>Using a different version of Ubuntu Server</h4>
-       To use a different Ubuntu Server release, visit <a href="https://releases.ubuntu.com">this page</a> and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly.
-   </details>
-   <details><summary><strong>Debian 11</strong></summary>
-       <h4>Creating the VM</h4>
-       Create the Debian VM (Don't forget to replace [VM_NAME]):
-       <pre><code>virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
-   --os-variant debian11 \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-   </code></pre>
-   </details>
-   <details><summary><strong>Debian 12</strong></summary>
-       <h4>Creating the VM</h4>
-       Create the Debian VM (Don't forget to replace [VM_NAME]):
-       <pre><code># If the os-variant "debian12" is unknown, try "debiantesting" instead
-   virt-install \
-   --name [VM_NAME] \
-   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
-   --os-variant debian12 \
-   --disk size=32 \
-   --memory 2048 \
-   --graphics none \
-   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
-   --autostart \
-   --boot uefi
-   </code></pre>
-   </details>
-   <!--To learn more about virt-install or automating this process, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_installation_overview-creating_guests_with_virt_install">this guide</a>.-->
-3. Navigate through the text-based installer. Most options can remain as default, but here are some tips:
-   <details><summary><strong>For the Ubuntu Server installer</strong></summary>
-   When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do <strong>not</strong> want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return.
-   </details>
-   <details><summary><strong>For the Debian installer</strong></summary>
-   When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device.
-   </details>
-4. Configure your new VM:
-
-   After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges.
-
-   We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them.
-
-   **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.**
-
-   Run these commands (**on the VM**):
-   ```shell
-   apt install -y curl
-   
-   curl -fsSL https://get.docker.com | sh
-
-   # Make sure you increment the TALK_PORT value every time you run this!
-   docker run \
-   --init \
-   --sig-proxy=false \
-   --name nextcloud-aio-mastercontainer \
-   --restart always \
-   --publish 8080:8080 \
-   --env APACHE_PORT=11000 \
-   --env APACHE_IP_BINDING=0.0.0.0 \
-   --env TALK_PORT=3478 \
-   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-   ghcr.io/nextcloud-releases/all-in-one:latest
-   ```
-   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
-
-   
-   ---
-6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)*
-7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**):
-   ```shell
-   apt update -y
-   apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
-   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
-   apt update -y
-   apt install -y caddy
-   ```
-   These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source.
-8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**):
-    ```shell
-    virsh net-dhcp-leases default
-    ```
-    This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname.
-    Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor:
-    ```shell
-    nano /etc/caddy/Caddyfile
-    ```
-    Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`.
-    ```shell
-    # Virtual machine #1 - "example1-com"
-    https://[DOMAIN_NAME_1]:8443 {
-        reverse_proxy https://[IP_ADDRESS_1]:8080 {
-            header_up Host {host}
-            transport http {
-                tls_insecure_skip_verify
-            }
-        }
-    }
-    https://[DOMAIN_NAME_1]:443 {
-        reverse_proxy [IP_ADDRESS_1]:11000
-    }
-    
-    # Virtual machine #2 - "example2-com"
-    https://[DOMAIN_NAME_2]:8443 {
-        reverse_proxy https://[IP_ADDRESS_2]:8080 {
-            header_up Host {host}
-            transport http {
-                tls_insecure_skip_verify
-            }
-        }
-    }
-    https://[DOMAIN_NAME_2]:443 {
-        reverse_proxy [IP_ADDRESS_2]:11000
-    }
-
-    # (Add more configurations here if you set up more than two VMs!)
-    ```
-    After making this change, you'll need to restart Caddy:
-   ```shell
-   systemctl restart caddy
-   ```
-9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy!
-    
-    <details><summary><strong>A few extra tips for managing this setup</strong></summary>
-        <ul>
-            <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
-            <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
-            <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
-            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
-            <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
-   virsh console --domain [VM_NAME]
-   # (Login to the VM with root privileges)
-   mkdir -p /mnt/[MOUNT_NAME]
-   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]</code></pre></li>
-            To create the XML device definition file, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh">this short guide</a>. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup.
-            <li>If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)</li>
-        </ul>
-    </details>
+# Multiple AIO instances
+It is possible to run multiple instances of AIO on one server.
+
+There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
+
+
+## Run multiple AIO instances on the same server with docker rootless
+1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
+1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
+1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
+1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
+1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
+1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
+1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
+1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly!
+
+Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
+
+
+## Run multiple AIO instances on the same server inside their own virtual machines
+This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root.
+
+<details><summary><strong>PLEASE READ: A few expectations about your network</strong></summary>
+This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of <a href="https://nextcloud.com/providers/">Nextcloud's trusted providers.</a>
+</details>
+
+<details><summary><strong>A note for VPS users</strong></summary>
+If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along.
+</details>
+
+**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use.
+If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation.
+
+**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**):
+<!--
+```shell
+# For host machines running Ubuntu Server:
+apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils
+```
+```shell
+# For host machines running Debian:
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+```
+-->
+```shell
+# For host machines running Ubuntu Server or Debian:
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+```
+
+**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1).
+
+**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.**
+
+1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it.
+2. Choose the distribution you'd like to install within the VM:
+   <details><summary><strong>Ubuntu Server 22.04.4 LTS</strong></summary>
+       <h4>Downloading the .ISO image</h4>
+       You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image.
+       <!-- This step is required because Ubuntu no longer hosts their "Legacy Ubuntu Server Installer" images, meaning we can no longer pass a URL to virt-install to use as a location. -->
+       <pre><code># Skip this part if you've already downloaded this image
+   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
+   </code></pre>
+       <em>Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail.</em>
+       <h4>Creating the VM</h4>
+       Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]):
+       <pre><code>virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
+   --os-variant ubuntujammy \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+       <h4>Using a different version of Ubuntu Server</h4>
+       To use a different Ubuntu Server release, visit <a href="https://releases.ubuntu.com">this page</a> and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly.
+   </details>
+   <details><summary><strong>Debian 11</strong></summary>
+       <h4>Creating the VM</h4>
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       <pre><code>virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
+   --os-variant debian11 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+   </details>
+   <details><summary><strong>Debian 12</strong></summary>
+       <h4>Creating the VM</h4>
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       <pre><code># If the os-variant "debian12" is unknown, try "debiantesting" instead
+   virt-install \
+   --name [VM_NAME] \
+   --virt-type kvm \
+   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
+   --os-variant debian12 \
+   --disk size=32 \
+   --memory 2048 \
+   --graphics none \
+   --console pty,target_type=serial \
+   --extra-args "console=ttyS0" \
+   --autostart \
+   --boot uefi
+   </code></pre>
+   </details>
+   <!--To learn more about virt-install or automating this process, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_installation_overview-creating_guests_with_virt_install">this guide</a>.-->
+3. Navigate through the text-based installer. Most options can remain as default, but here are some tips:
+   <details><summary><strong>For the Ubuntu Server installer</strong></summary>
+   When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do <strong>not</strong> want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return.
+   </details>
+   <details><summary><strong>For the Debian installer</strong></summary>
+   When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device.
+   </details>
+4. Configure your new VM:
+
+   After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges.
+
+   We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them.
+
+   **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.**
+
+   Run these commands (**on the VM**):
+   ```shell
+   apt install -y curl
+   
+   curl -fsSL https://get.docker.com | sh
+
+   # Make sure you increment the TALK_PORT value every time you run this!
+   docker run \
+   --init \
+   --sig-proxy=false \
+   --name nextcloud-aio-mastercontainer \
+   --restart always \
+   --publish 8080:8080 \
+   --env APACHE_PORT=11000 \
+   --env APACHE_IP_BINDING=0.0.0.0 \
+   --env TALK_PORT=3478 \
+   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+   ghcr.io/nextcloud-releases/all-in-one:latest
+   ```
+   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
+
+   
+   ---
+6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)*
+7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**):
+   ```shell
+   apt update -y
+   apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
+   apt update -y
+   apt install -y caddy
+   ```
+   These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source.
+8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**):
+    ```shell
+    virsh net-dhcp-leases default
+    ```
+    This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname.
+    Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor:
+    ```shell
+    nano /etc/caddy/Caddyfile
+    ```
+    Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`.
+    ```shell
+    # Virtual machine #1 - "example1-com"
+    https://[DOMAIN_NAME_1]:8443 {
+        reverse_proxy https://[IP_ADDRESS_1]:8080 {
+            header_up Host {host}
+            transport http {
+                tls_insecure_skip_verify
+            }
+        }
+    }
+    https://[DOMAIN_NAME_1]:443 {
+        reverse_proxy [IP_ADDRESS_1]:11000
+    }
+    
+    # Virtual machine #2 - "example2-com"
+    https://[DOMAIN_NAME_2]:8443 {
+        reverse_proxy https://[IP_ADDRESS_2]:8080 {
+            header_up Host {host}
+            transport http {
+                tls_insecure_skip_verify
+            }
+        }
+    }
+    https://[DOMAIN_NAME_2]:443 {
+        reverse_proxy [IP_ADDRESS_2]:11000
+    }
+
+    # (Add more configurations here if you set up more than two VMs!)
+    ```
+    After making this change, you'll need to restart Caddy:
+   ```shell
+   systemctl restart caddy
+   ```
+9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy!
+    
+    <details><summary><strong>A few extra tips for managing this setup</strong></summary>
+        <ul>
+            <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
+            <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
+            <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
+            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
+            <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
+   virsh console --domain [VM_NAME]
+   # (Login to the VM with root privileges)
+   mkdir -p /mnt/[MOUNT_NAME]
+   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]</code></pre></li>
+            To create the XML device definition file, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh">this short guide</a>. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup.
+            <li>If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)</li>
+        </ul>
+    </details>
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 13.0.4
+version: 13.1.0
 apiVersion: v2
 keywords:
  - latest
@@ -49,8 +49,6 @@ spec:
              value: "{{ .Values.APACHE_PORT }}"
            - name: COLLABORA_HOST
              value: nextcloud-aio-collabora
-            - name: HARP_HOST
-              value: nextcloud-aio-harp
            - name: NC_DOMAIN
              value: "{{ .Values.NC_DOMAIN }}"
            - name: NEXTCLOUD_HOST
@@ -65,7 +63,7 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-apache:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -36,7 +36,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
          command:
            - mkdir
            - "-p"
@@ -61,7 +61,7 @@ spec:
              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -38,9 +38,9 @@ spec:
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260527_140826
          {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260527_140826
          {{- end }}
          readinessProbe:
            exec:
@@ -35,7 +35,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
          command:
            - mkdir
            - "-p"
@@ -66,7 +66,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
          command:
            - chmod
            - "777"
@@ -60,7 +60,7 @@ spec:
              value: basic
            - name: xpack.security.enabled
              value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -40,7 +40,7 @@ spec:
              value: "{{ .Values.IMAGINARY_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
          command:
            - chmod
            - "777"
@@ -192,7 +192,7 @@ spec:
              value: "{{ .Values.WHITEBOARD_ENABLED }}"
            - name: WHITEBOARD_SECRET
              value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260527_140826
          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
          securityContext:
            # The items below only work in container context
@@ -41,7 +41,7 @@ spec:
              value: nextcloud-aio-nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
          command:
            - chmod
            - "777"
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -41,7 +41,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-redis:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -56,7 +56,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-talk:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -52,7 +52,7 @@ spec:
              value: redis
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260527_140826
          readinessProbe:
            exec:
              command:
@@ -64,25 +64,26 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.10.0",
+            "version": "7.11.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
+                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
-                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/c987f8ce84b8434fa430795eca0f3430663da72b",
+                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
-                "guzzlehttp/promises": "^2.3",
-                "guzzlehttp/psr7": "^2.8",
+                "guzzlehttp/promises": "^2.5",
+                "guzzlehttp/psr7": "^2.11",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
-                "symfony/deprecation-contracts": "^2.2 || ^3.0"
+                "symfony/deprecation-contracts": "^2.5 || ^3.0",
+                "symfony/polyfill-php80": "^1.24"
            },
            "provide": {
                "psr/http-client-implementation": "1.0"
@@ -91,8 +92,9 @@
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
+                "guzzlehttp/test-server": "^0.4",
                "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
@@ -170,7 +172,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.11.0"
            },
            "funding": [
                {
@@ -186,28 +188,29 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2025-08-23T22:36:01+00:00"
+            "time": "2026-06-02T12:40:51+00:00"
        },
        {
            "name": "guzzlehttp/promises",
-            "version": "2.3.0",
+            "version": "2.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
-                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
+                "reference": "4360e982f87f5f258bf872d094647791db2f4c8e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
-                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/4360e982f87f5f258bf872d094647791db2f4c8e",
+                "reference": "4360e982f87f5f258bf872d094647791db2f4c8e",
                "shasum": ""
            },
            "require": {
-                "php": "^7.2.5 || ^8.0"
+                "php": "^7.2.5 || ^8.0",
+                "symfony/deprecation-contracts": "^2.5 || ^3.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
            },
            "type": "library",
            "extra": {
@@ -253,7 +256,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.3.0"
+                "source": "https://github.com/guzzle/promises/tree/2.5.0"
            },
            "funding": [
                {
@@ -269,27 +272,29 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2025-08-22T14:34:08+00:00"
+            "time": "2026-06-02T12:23:43+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.9.0",
+            "version": "2.11.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884"
+                "reference": "bbb5e61349fa5cb822b3e87842b951088b76b81f"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/7d0ed42f28e42d61352a7a79de682e5e67fec884",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/bbb5e61349fa5cb822b3e87842b951088b76b81f",
+                "reference": "bbb5e61349fa5cb822b3e87842b951088b76b81f",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.1 || ^2.0",
-                "ralouphie/getallheaders": "^3.0"
+                "ralouphie/getallheaders": "^3.0",
+                "symfony/deprecation-contracts": "^2.5 || ^3.0",
+                "symfony/polyfill-php80": "^1.24"
            },
            "provide": {
                "psr/http-factory-implementation": "1.0",
@@ -297,9 +302,9 @@
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
-                "http-interop/http-factory-tests": "0.9.0",
+                "http-interop/http-factory-tests": "1.1.0",
                "jshttp/mime-db": "1.54.0.1",
-                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -370,7 +375,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.9.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.11.0"
            },
            "funding": [
                {
@@ -386,7 +391,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-03-10T16:41:02+00:00"
+            "time": "2026-06-02T12:30:48+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -1284,16 +1289,16 @@
        },
        {
            "name": "slim/slim",
-            "version": "4.15.1",
+            "version": "4.15.2",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim.git",
-                "reference": "887893516557506f254d950425ce7f5387a26970"
+                "reference": "e12cb05ca2a14e8f459d019e87a31dc915b80470"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/887893516557506f254d950425ce7f5387a26970",
-                "reference": "887893516557506f254d950425ce7f5387a26970",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/e12cb05ca2a14e8f459d019e87a31dc915b80470",
+                "reference": "e12cb05ca2a14e8f459d019e87a31dc915b80470",
                "shasum": ""
            },
            "require": {
@@ -1396,7 +1401,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2025-11-21T12:23:44+00:00"
+            "time": "2026-05-22T08:00:12+00:00"
        },
        {
            "name": "slim/twig-view",
@@ -1619,16 +1624,16 @@
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.37.0",
+            "version": "v1.38.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "6a21eb99c6973357967f6ce3708cd55a6bec6315"
+                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6a21eb99c6973357967f6ce3708cd55a6bec6315",
-                "reference": "6a21eb99c6973357967f6ce3708cd55a6bec6315",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/14c5439eec4ccff081ac14eca2dc57feb2a66d92",
+                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92",
                "shasum": ""
            },
            "require": {
@@ -1680,7 +1685,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.37.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.38.1"
            },
            "funding": [
                {
@@ -1700,20 +1705,104 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-04-10T17:25:58+00:00"
+            "time": "2026-05-26T12:51:13+00:00"
        },
        {
-            "name": "symfony/polyfill-php81",
+            "name": "symfony/polyfill-php80",
            "version": "v1.37.0",
            "source": {
                "type": "git",
-                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c"
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "dfb55726c3a76ea3b6459fcfda1ec2d80a682411"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
-                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/dfb55726c3a76ea3b6459fcfda1ec2d80a682411",
+                "reference": "dfb55726c3a76ea3b6459fcfda1ec2d80a682411",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.2"
+            },
+            "type": "library",
+            "extra": {
+                "thanks": {
+                    "url": "https://github.com/symfony/polyfill",
+                    "name": "symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.37.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2026-04-10T16:19:22+00:00"
+        },
+        {
+            "name": "symfony/polyfill-php81",
+            "version": "v1.38.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php81.git",
+                "reference": "6bfb9c766cacffbc8e118cb87217d08ed84e5cd7"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/6bfb9c766cacffbc8e118cb87217d08ed84e5cd7",
+                "reference": "6bfb9c766cacffbc8e118cb87217d08ed84e5cd7",
                "shasum": ""
            },
            "require": {
@@ -1760,7 +1849,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.38.1"
            },
            "funding": [
                {
@@ -1780,20 +1869,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2024-09-09T11:45:10+00:00"
+            "time": "2026-05-26T12:45:58+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.25.0",
+            "version": "v3.27.1",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "0dade995be754556af4dcbf8721d45cb3271f9b4"
+                "reference": "ae2071bffb38f04847fc0864d730c94b9cb8ab74"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/0dade995be754556af4dcbf8721d45cb3271f9b4",
-                "reference": "0dade995be754556af4dcbf8721d45cb3271f9b4",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/ae2071bffb38f04847fc0864d730c94b9cb8ab74",
+                "reference": "ae2071bffb38f04847fc0864d730c94b9cb8ab74",
                "shasum": ""
            },
            "require": {
@@ -1848,7 +1937,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.25.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.27.1"
            },
            "funding": [
                {
@@ -1860,7 +1949,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-17T07:41:26+00:00"
+            "time": "2026-05-30T17:09:26+00:00"
        }
    ],
    "packages-dev": [
@@ -2389,16 +2478,16 @@
        },
        {
            "name": "amphp/process",
-            "version": "v2.0.3",
+            "version": "v2.1.0",
            "source": {
                "type": "git",
                "url": "https://github.com/amphp/process.git",
-                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d"
+                "reference": "583959df17d00304ad7b0b32285373f985935643"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/amphp/process/zipball/52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
-                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
+                "url": "https://api.github.com/repos/amphp/process/zipball/583959df17d00304ad7b0b32285373f985935643",
+                "reference": "583959df17d00304ad7b0b32285373f985935643",
                "shasum": ""
            },
            "require": {
@@ -2412,7 +2501,7 @@
                "amphp/php-cs-fixer-config": "^2",
                "amphp/phpunit-util": "^3",
                "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.4"
+                "psalm/phar": "6.16.1"
            },
            "type": "library",
            "autoload": {
@@ -2445,7 +2534,7 @@
            "homepage": "https://amphp.org/process",
            "support": {
                "issues": "https://github.com/amphp/process/issues",
-                "source": "https://github.com/amphp/process/tree/v2.0.3"
+                "source": "https://github.com/amphp/process/tree/v2.1.0"
            },
            "funding": [
                {
@@ -2453,7 +2542,7 @@
                    "type": "github"
                }
            ],
-            "time": "2024-04-19T03:13:44+00:00"
+            "time": "2026-05-31T15:11:55+00:00"
        },
        {
            "name": "amphp/serialization",
@@ -4052,16 +4141,16 @@
        },
        {
            "name": "symfony/console",
-            "version": "v6.4.39",
+            "version": "v6.4.41",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/console.git",
-                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
+                "reference": "d21b17ed158e79180fac3895ff751707970eeb57"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
-                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
+                "url": "https://api.github.com/repos/symfony/console/zipball/d21b17ed158e79180fac3895ff751707970eeb57",
+                "reference": "d21b17ed158e79180fac3895ff751707970eeb57",
                "shasum": ""
            },
            "require": {
@@ -4126,7 +4215,7 @@
                "terminal"
            ],
            "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.39"
+                "source": "https://github.com/symfony/console/tree/v6.4.41"
            },
            "funding": [
                {
@@ -4146,24 +4235,25 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-12T06:50:03+00:00"
+            "time": "2026-05-24T08:48:41+00:00"
        },
        {
            "name": "symfony/filesystem",
-            "version": "v8.0.11",
+            "version": "v8.1.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/filesystem.git",
-                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
+                "reference": "99aec13b82b4967ec5088222c4a3ecca955949c2"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
-                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/99aec13b82b4967ec5088222c4a3ecca955949c2",
+                "reference": "99aec13b82b4967ec5088222c4a3ecca955949c2",
                "shasum": ""
            },
            "require": {
-                "php": ">=8.4",
+                "php": ">=8.4.1",
+                "symfony/deprecation-contracts": "^2.5|^3",
                "symfony/polyfill-ctype": "~1.8",
                "symfony/polyfill-mbstring": "~1.8"
            },
@@ -4196,7 +4286,7 @@
            "description": "Provides basic utilities for the filesystem",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.11"
+                "source": "https://github.com/symfony/filesystem/tree/v8.1.0"
            },
            "funding": [
                {
@@ -4216,7 +4306,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-11T16:39:47+00:00"
+            "time": "2026-05-29T05:06:50+00:00"
        },
        {
            "name": "symfony/finder",
@@ -4288,16 +4378,16 @@
        },
        {
            "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.37.0",
+            "version": "v1.38.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e"
+                "reference": "e9247d281d694a5120554d9afaf54e070e88a603"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/4864388bfbd3001ce88e234fab652acd91fdc57e",
-                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/e9247d281d694a5120554d9afaf54e070e88a603",
+                "reference": "e9247d281d694a5120554d9afaf54e070e88a603",
                "shasum": ""
            },
            "require": {
@@ -4346,7 +4436,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.37.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.38.1"
            },
            "funding": [
                {
@@ -4366,20 +4456,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-04-26T13:13:48+00:00"
+            "time": "2026-05-26T05:58:03+00:00"
        },
        {
            "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.37.0",
+            "version": "v1.38.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
-                "reference": "3833d7255cc303546435cb650316bff708a1c75c"
+                "reference": "2d446c214bdbe5b71bde5011b060a05fece3ae6b"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c",
-                "reference": "3833d7255cc303546435cb650316bff708a1c75c",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/2d446c214bdbe5b71bde5011b060a05fece3ae6b",
+                "reference": "2d446c214bdbe5b71bde5011b060a05fece3ae6b",
                "shasum": ""
            },
            "require": {
@@ -4431,7 +4521,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.37.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.38.0"
            },
            "funding": [
                {
@@ -4451,20 +4541,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2024-09-09T11:45:10+00:00"
+            "time": "2026-05-25T13:48:31+00:00"
        },
        {
            "name": "symfony/polyfill-php84",
-            "version": "v1.37.0",
+            "version": "v1.38.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php84.git",
-                "reference": "88486db2c389b290bf87ff1de7ebc1e13e42bb06"
+                "reference": "f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/88486db2c389b290bf87ff1de7ebc1e13e42bb06",
-                "reference": "88486db2c389b290bf87ff1de7ebc1e13e42bb06",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa",
+                "reference": "f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa",
                "shasum": ""
            },
            "require": {
@@ -4511,7 +4601,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.37.0"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.38.1"
            },
            "funding": [
                {
@@ -4531,7 +4621,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-04-10T18:47:49+00:00"
+            "time": "2026-05-26T12:51:13+00:00"
        },
        {
            "name": "symfony/service-contracts",
@@ -4622,16 +4712,16 @@
        },
        {
            "name": "symfony/string",
-            "version": "v7.4.11",
+            "version": "v7.4.13",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/string.git",
-                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
+                "reference": "961683010db3b27ec6ebcd7308e6e1ee8fa7ffde"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
-                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
+                "url": "https://api.github.com/repos/symfony/string/zipball/961683010db3b27ec6ebcd7308e6e1ee8fa7ffde",
+                "reference": "961683010db3b27ec6ebcd7308e6e1ee8fa7ffde",
                "shasum": ""
            },
            "require": {
@@ -4689,7 +4779,7 @@
                "utf8"
            ],
            "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.11"
+                "source": "https://github.com/symfony/string/tree/v7.4.13"
            },
            "funding": [
                {
@@ -4709,7 +4799,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-13T12:04:42+00:00"
+            "time": "2026-05-23T15:23:29+00:00"
        },
        {
            "name": "vimeo/psalm",
@@ -4898,16 +4988,16 @@
        },
        {
            "name": "webmozart/assert",
-            "version": "2.3.0",
+            "version": "2.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/webmozarts/assert.git",
-                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4"
+                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
-                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9007ea6f45ecf352a9422b36644e4bfc039b9155",
+                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155",
                "shasum": ""
            },
            "require": {
@@ -4923,7 +5013,11 @@
            },
            "type": "library",
            "extra": {
+                "psalm": {
+                    "pluginClass": "Webmozart\\Assert\\PsalmPlugin"
+                },
                "branch-alias": {
+                    "dev-master": "2.0-dev",
                    "dev-feature/2-0": "2.0-dev"
                }
            },
@@ -4954,9 +5048,9 @@
            ],
            "support": {
                "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.3.0"
+                "source": "https://github.com/webmozarts/assert/tree/2.4.0"
            },
-            "time": "2026-04-11T10:33:05+00:00"
+            "time": "2026-05-20T13:07:01+00:00"
        }
    ],
    "aliases": [],
@@ -828,11 +828,13 @@
        "discovery.type=single-node",
        "http.port=9200",
        "xpack.license.self_generated.type=basic",
-        "xpack.security.enabled=false",
+        "xpack.security.enabled=true",
+        "xpack.security.http.ssl.enabled=false",
+        "xpack.security.transport.ssl.enabled=false",
        "indices.fielddata.cache.size=20%",
        "indices.memory.index_buffer_size=20%",
        "thread_pool.write.queue_size=1000",
-        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
+        "ELASTIC_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
      ],
      "volumes": [
        {
@@ -1,29 +1,29 @@
 <?xml version="1.0"?>
 <psalm
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns="https://getpsalm.org/schema/config"
-	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
-	errorBaseline="psalm-baseline.xml"
-	findUnusedBaselineEntry="true"
-	findUnusedCode="false"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns="https://getpsalm.org/schema/config"
+    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+    errorBaseline="psalm-baseline.xml"
+    findUnusedBaselineEntry="true"
+    findUnusedCode="false"
 >
-	<projectFiles>
-		<directory name="templates"/>
-		<directory name="src"/>
-		<file name="public/index.php"/>
-		<ignoreFiles>
-			<directory name="vendor" />
-		</ignoreFiles>
-	</projectFiles>
-	<extraFiles>
-		<directory name="vendor" />
-	</extraFiles>
-	<issueHandlers>
-  		<ClassMustBeFinal errorLevel="suppress" />
+    <projectFiles>
+        <directory name="templates"/>
+        <directory name="src"/>
+        <file name="public/index.php"/>
+        <ignoreFiles>
+            <directory name="vendor" />
+        </ignoreFiles>
+    </projectFiles>
+    <extraFiles>
+        <directory name="vendor" />
+    </extraFiles>
+    <issueHandlers>
+        <ClassMustBeFinal errorLevel="suppress" />
        <MissingConstructor>
            <errorLevel type="suppress">
                <file name="src/Data/ConfigurationManager.php" />  <!-- We're using property hooks with virtual properties in that file, which Psalm wrongly complains about. See <https://github.com/vimeo/psalm/issues/11435>.  -->
            </errorLevel>
        </MissingConstructor>
-	</issueHandlers>
+    </issueHandlers>
 </psalm>
@@ -0,0 +1,14 @@
+"use strict";
+
+// Apply the saved theme immediately to avoid a flash of the wrong theme.
+try { document.documentElement.setAttribute('data-theme', localStorage.getItem('theme') ?? ''); } catch (e) {}
+
+// React when the user toggles the theme on the parent page while this page is
+// open in an iframe.  localStorage.setItem() fires a 'storage' event on every
+// other window / frame that shares the same origin, so we can keep in sync
+// without the parent having to know about us.
+window.addEventListener('storage', (e) => {
+    if (e.key === 'theme') {
+        document.documentElement.setAttribute('data-theme', e.newValue ?? '');
+    }
+});
@@ -181,8 +181,10 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
        'community_containers_enabled' => $configurationManager->aioCommunityContainers,
        'bypass_container_update' => $bypass_container_update,
-    ]);
+    // Do not cache the page as it shows credentials
+    ])->withHeader('Cache-Control', 'no-store');
 })->setName('profile');
+
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
@@ -191,6 +193,7 @@ $app->get('/login', function (Request $request, Response $response, array $args)
        'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
    ]);
 });
+
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\Setup $setup */
@@ -209,8 +212,10 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
        [
            'password' => $setup->Setup(),
        ]
-    );
+    // Do not cache the page as it shows credentials
+    )->withHeader('Cache-Control', 'no-store');
 });
+
 $app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
    $params = $request->getQueryParams();
    $id = $params['id'] ?? '';
@@ -218,7 +223,13 @@ $app->get('/log', function (Request $request, Response $response, array $args) u
        throw new DI\NotFoundException();
    }
    $view = Twig::fromRequest($request);
-    return $view->render($response, 'log.twig', ['id' => $id]);
+    return $view->render(
+        $response, 'log.twig', 
+        [
+            'id' => $id
+        ]
+    // Do not cache the page as it might shows credentials
+    )->withHeader('Cache-Control', 'no-store');
 });

 // Auth Redirector
@@ -10,6 +10,7 @@ pre {
    margin: 0;
    padding: 1rem;
    box-sizing: border-box;
+    font-family: system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
 }
 #floating-box {
    position: fixed;
@@ -26,7 +27,8 @@ pre {
    gap: 0.5rem;
    font-size: large;
    border: solid thin gray;
-    background-color: #f9f9f9;
+    background-color: var(--color-main-background);
+    color: var(--color-main-text);
    width: 10rem;
    padding: 0.5rem 1rem;
    margin: 0 0 0 1rem;
@@ -483,8 +483,8 @@ input[type="checkbox"]:disabled:not(:checked) + label {
    visibility: hidden;
    opacity: 0;
    align-self: start;
-    width: 300px;
-    height: 200px;
+    width: min(700px, calc(100vw - 4rem));
+    height: min(400px, calc(100vh - 14rem));
    border-radius: var(--border-radius-large);
    border: solid thin rgb(192, 192, 192);
 }
@@ -11,7 +11,7 @@ function toggleTheme() {

 function setThemeToDOM(value) {
    // Set the theme to the root document and all possible iframe documents (so they can adapt their styling, too).
-    const documents = [document, Array.from(document.querySelectorAll('iframe')).map((iframe) => iframe.contentDocument)].flat()
+    const documents = [document, ...Array.from(document.querySelectorAll('iframe')).map((iframe) => iframe.contentDocument).filter(Boolean)]
    documents.forEach((doc) => doc.documentElement.setAttribute('data-theme', value));
 }

@@ -35,4 +35,6 @@ setThemeToDOM(getSavedTheme());
 document.addEventListener('DOMContentLoaded', () => {
    setThemeIcon(getSavedTheme())
    document.querySelector('button#theme-toggle')?.addEventListener('click', () => toggleTheme());
+    // Re-apply theme when the overlay-log iframe navigates (e.g. after a form submission).
+    document.querySelector('iframe#overlay-log')?.addEventListener('load', () => setThemeToDOM(getSavedTheme()));
 });
@@ -52,14 +52,18 @@ readonly class ContainerDefinitionFetcher {
        $standardContainerNames = array_column($data['aio_services_v1'], 'container_name');

        $additionalContainerNames = [];
+        $additionalTopLevelContainerNames = [];
        foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) {
            if ($communityContainer !== '') {
                $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                $data = array_merge_recursive($data, $additionalData);
+                foreach ($additionalData['aio_services_v1'] as $additionalEntry) {
+                    $additionalContainerNames[] = $additionalEntry['container_name'];
+                }
                if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
-                    // Store container_name of community containers in variable for later
-                    $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
+                    // Store main container_name of community containers in variable for later
+                    $additionalTopLevelContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
                }
            }
        }
@@ -176,7 +180,7 @@ readonly class ContainerDefinitionFetcher {
                if ($entry['container_name'] === 'nextcloud-aio-apache') {
                    // Add community containers first and default ones last so that aio_variables works correctly
                    $valueDependsOnTemp = [];
-                    foreach ($additionalContainerNames as $containerName) {
+                    foreach ($additionalTopLevelContainerNames as $containerName) {
                        $valueDependsOnTemp[] = $containerName;
                    }
                    $valueDependsOn = array_merge_recursive($valueDependsOnTemp, $valueDependsOn);
@@ -221,7 +221,7 @@ readonly class DockerController {
        }

        if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = '33';
+            $installLatestMajor = '34';
        } else {
            $installLatestMajor = '';
        }
@@ -401,7 +401,8 @@ readonly class DockerController {
        <!DOCTYPE html>
        <html lang="en" class="overlay-iframe">
            <head>
-                <link rel="stylesheet" href="../../style.css?v8" media="all" />
+                <link rel="stylesheet" href="../../style.css?v9" media="all" />
+                <script type="text/javascript" src="../../apply-theme.js?v1"></script>
                <script type="text/javascript" src="../../scroll-into-view.js"></script>
            </head>
            <body>
@@ -5,6 +5,7 @@ namespace AIO\Data;

 use AIO\Auth\PasswordGenerator;
 use AIO\Controller\DockerController;
+use AIO\Helper\NetworkHelper;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\TransferException;

@@ -1111,9 +1112,9 @@ class ConfigurationManager
            'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '',
            'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes',
            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
+            'AIO_DATABASE_HOST' => NetworkHelper::resolveHostname('nextcloud-aio-database'),
            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? NetworkHelper::resolveHostname('nextcloud-aio-caddy') : '',
            'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
            'AIO_VERSION' => $this->getAioVersion(),
            default => $this->getRegisteredSecret($placeholder),
@@ -71,4 +71,5 @@ class DataConst {
    public static function GetAioVersionFile() : string {
        return (string)realpath(__DIR__ . '/../../templates/includes/aio-version.twig');
    }
+
 }
@@ -9,6 +9,7 @@ use AIO\Container\VersionState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
+use AIO\Helper\NetworkHelper;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use http\Env\Response;
@@ -449,7 +450,7 @@ readonly class DockerActionManager {

        // Special things for the jellyfin community container
        } elseif ($container->identifier === 'nextcloud-aio-jellyfin') {
-            $lldapIp = gethostbyname('nextcloud-aio-lldap');
+            $lldapIp = NetworkHelper::resolveHostname('nextcloud-aio-lldap');
            if ($lldapIp !== 'nextcloud-aio-lldap') {
                $requestBody['HostConfig']['ExtraHosts'] = ['nextcloud-aio-lldap:' . $lldapIp];
            }
@@ -472,7 +473,7 @@ readonly class DockerActionManager {
                // To avoid problems with whitespace or dashes in option arguments we use a regular expression
                // that splits the string at every position where a whitespace is followed by '--o:'.
                // The leading whitespace is removed in the split but the following characters are not.
-                // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"] 
+                // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"]
                $regEx = '/\s+(?=--o:)/';
                $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions));
            }
@@ -483,9 +484,10 @@ readonly class DockerActionManager {
        }

        // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
-        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
+        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels
+        // Also Dockhand should not be auto updating the containers. See https://dockhand.pro/manual/#container-labels-behavior
        // Additionally set a default org.label-schema.vendor and com.docker.compose.project
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "dockhand.update" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];

        // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
        $requestBody['Hostname'] = $container->identifier;
@@ -785,7 +787,7 @@ readonly class DockerActionManager {
                    ]
                )->getBody()->getContents(),
                true,
-                512, 
+                512,
                JSON_THROW_ON_ERROR,
            );

@@ -3,8 +3,6 @@ declare(strict_types=1);

 namespace AIO\Docker;

-use AIO\ContainerDefinitionFetcher;
-use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;

 readonly class DockerHubManager {
@@ -15,6 +13,16 @@ readonly class DockerHubManager {
        $this->guzzleClient = new Client();
    }

+
+    // Official Docker Hub images need the library/ prefix when using the registry API directly.
+    private function normalizeImageName(string $name): string {
+        if (!str_contains($name, '/')) {
+            return 'library/' . $name;
+        }
+        return $name;
+    }
+
+
    public function GetLatestDigestOfTag(string $name, string $tag) : ?string {
        $cacheKey = 'dockerhub-manifest-' . $name . $tag;

@@ -24,6 +32,7 @@ readonly class DockerHubManager {
        }

        // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
+        $name = $this->normalizeImageName($name);

        try {
            $authTokenRequest = $this->guzzleClient->request(
@@ -0,0 +1,23 @@
+<?php
+declare(strict_types=1);
+
+namespace AIO\Helper;
+
+class NetworkHelper {
+    /**
+     * Resolve a hostname to its IP address, trying IPv4 first and falling back
+     * to IPv6 (AAAA record) when no A record is found.  Returns the hostname
+     * unchanged when neither record resolves successfully.
+     */
+    public static function resolveHostname(string $hostname): string {
+        $ipv4 = gethostbyname($hostname);
+        if ($ipv4 !== $hostname) {
+            return $ipv4;
+        }
+        $records = dns_get_record($hostname, DNS_AAAA);
+        if (is_array($records) && isset($records[0]['ipv6']) && $records[0]['ipv6'] !== '') {
+            return $records[0]['ipv6'];
+        }
+        return $hostname;
+    }
+}
@@ -37,7 +37,7 @@
            {% set isBackupOrRestoreRunning = false %}
            {% set isApacheStarting = false %}
            {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersionString = '' %}
+            {% set newMajorVersionString = '26 Spring' %}
            {% set oldMajorVersionString = '25 Autumn' %}

            {% if is_backup_container_running == true %}
@@ -298,7 +298,7 @@
                                {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                    <details>
                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
-                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/7523">this documentation</a></strong></p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/8223">this documentation</a></strong></p>
                                    </details>
                                {% endif %}
                            {% endif %}
@@ -1 +1 @@
-13.0.4
+13.1.0
@@ -2,10 +2,10 @@
 <html lang="en">
    <head>
        <title>AIO</title>
-        <link rel="stylesheet" href="style.css?v9" media="all" />
+        <link rel="stylesheet" href="style.css?v10" media="all" />
        <link rel="icon" href="img/favicon.png">
        <script type="text/javascript" src="forms.js?v2"></script>
-        <script type="text/javascript" src="toggle-dark-mode.js?v1"></script>
+        <script type="text/javascript" src="toggle-dark-mode.js?v2"></script>
        <script type="text/javascript" src="click-handlers.js?v2"></script>
    </head>

@@ -2,9 +2,10 @@
    <head>
        <title>AIO</title>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-        <link rel="stylesheet" href="style.css">
-        <link rel="stylesheet" href="logs.css">
+        <link rel="stylesheet" href="style.css?v1">
+        <link rel="stylesheet" href="logs.css?v1">
        <link rel="icon" href="img/favicon.png">
+        <script src="apply-theme.js?v1"></script>
        <script src="log-load.js?v1"></script>
    </head>
    <body data-container-id="{{ id }}">
@@ -0,0 +1,4 @@
+FROM docker.io/library/composer:latest
+
+RUN pecl bundle -d /usr/src/php/ext apcu \
+ && docker-php-ext-install apcu
@@ -0,0 +1,107 @@
+# This setup expects that you run the services via profiles!
+# Usage: docker compose --profile local-code up
+#    or: docker compose --profile code-from-image up
+
+name: nextcloud-aio
+services:
+  composer:
+    image: localhost/composer:latest
+    build: Containers/composer
+    pull_policy: never
+    volumes:
+      - ..:/app
+    working_dir: /app
+    command: |-
+      bash -c '
+        test -d ./data && rm -r ./data
+        test -d ./session && rm -r ./session
+        composer install --no-dev
+        composer clear-cache
+      '
+  app-base:
+    image: ghcr.io/nextcloud-releases/all-in-one:develop${ARM64_SUFFIX-}
+    pull_policy: always # Always pull so we don't risk to run into the "Update for mastercontainer" page.
+    init: true
+    restart: always
+    network_mode: bridge
+    ports:
+      - "8080:8080"
+    volumes:
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - backup_vol:/mnt/test
+    profiles:
+      - none
+    environment:
+      SKIP_DOMAIN_VALIDATION: ${SKIP_DOMAIN_VALIDATION-true}
+      APACHE_PORT: 11000
+    entrypoint: bash /start.sh
+    
+  app-code-from-image:
+    extends: app-base
+    container_name: nextcloud-aio-mastercontainer
+    profiles:
+      - code-from-image
+    
+  app-local-code:
+    extends: app-base
+    container_name: nextcloud-aio-mastercontainer
+    depends_on:
+      composer:
+        condition: service_completed_successfully
+    volumes:
+      - ..:/var/www/docker-aio/php
+      - ../../Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile
+      - ../../Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile
+      - ../../Containers/mastercontainer/start.sh:/start.sh
+    profiles:
+      - local-code
+
+  test-runner-base:
+    image: mcr.microsoft.com/playwright:v1.56.1
+    volumes:
+      - ..:/app
+    working_dir: /app
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    ports:
+      - '9323:9323' # to view test reports
+    profiles:
+      - none
+    environment:
+      BASE_URL: "https://host.docker.internal:8080"
+      DEBUG: "pw:api"
+    command: |-
+      bash -c "
+        cd tests
+        # Install dependencies
+        npm ci
+        # Run the initial setup tests
+        npx playwright test "${TESTS_FILE-}"
+        exit $?
+      "
+      
+  test-runner-code-from-image:
+    extends: test-runner-base
+    container_name: test-runner
+    profiles:
+      - code-from-image
+    depends_on:
+      app:
+        condition: service_healthy
+      
+      
+  test-runner-local-code:
+    extends: test-runner-base
+    container_name: test-runner
+    profiles:
+      - local-code
+    depends_on:
+      app-local-code:
+        condition: service_healthy
+      
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer
+  backup_vol:
+
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+if [[ "$1" = -* ]]; then
+    echo "Usage $(basename $0) [PLAYWRIGHT_TESTS_FILE]"
+    exit 1
+fi
+
+cd $(dirname $0)/../..
+
+DOCO="docker compose -f ./php/tests/compose.yaml"
+
+if [[ $(uname -m) = 'arm64' ]]; then
+    export ARM64_SUFFIX='-arm64'
+fi
+
+run_tests() {
+    export TESTS_FILE="$1"
+    export SKIP_DOMAIN_VALIDATION
+
+    if [[ -n "$TEST_CODE_FROM_IMAGE" ]]; then
+        profile="code-from-image"
+    else
+        profile="local-code"
+    fi
+    
+    # Clean up old containers and volumes
+    docker container rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} > /dev/null 2>&1
+    docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} > /dev/null 2>&1
+    $DOCO --profile $profile down -v
+    sleep 1
+
+    echo -e "\n 📣  Running playwright tests for ${TESTS_FILE}\n"
+    if ! $DOCO --profile $profile run --remove-orphans test-runner-$profile; then
+        for container in nextcloud-aio-{mastercontainer,borgbackup}; do
+            if docker container list --format="{{ .Names }}" | grep -q "$container"; then
+                echo -e "\n 📣  Log output from container ${container}:\n"
+                docker logs nextcloud-aio-mastercontainer 
+            fi
+        done
+    fi
+}
+
+
+if [[ -n "$1" ]]; then
+    if [[ ! -f "$1" ]]; then
+        echo "Error: file '$1' does not exist."
+        exit 1
+    fi
+    # Not using coreutil's `realpath --relative-to` here since that is not available on BSD/mac systems.
+    fullpath="$(realpath "$1")"
+    prefix="$(realpath ./php/tests)"
+    relpath="${fullpath#"$prefix"/}"
+    
+    : ${SKIP_DOMAIN_VALIDATION:-false}
+    run_tests "$relpath"
+else
+    SKIP_DOMAIN_VALIDATION=true
+    run_tests tests/initial-setup.spec.js
+    sleep 1
+    SKIP_DOMAIN_VALIDATION=false
+    run_tests tests/restore-instance.spec.js
+fi
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Pablo Zmdl	29b4bad3ff	Run playwright tests via compose setup Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>	2026-06-03 16:18:54 +02:00
Pablo Zmdl	b55ab5eef4	Enable running playwright tests locally They now are running via a docker compose setup, which can be executed via ./php/tests/run.sh locally, and also gets called from the github workflow. Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>	2026-06-03 16:18:54 +02:00
Pablo Zmdl	fa98d22724	Use test path that exists on macos, too Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>	2026-06-03 11:05:53 +02:00
Simon L.	335db2aac2	try to fix playwright (#8245 )	2026-06-02 17:11:46 +02:00
Simon L.	f5f19a488f	fix playwright Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-02 17:09:45 +02:00
Simon L.	a78622e69a	PHP dependency updates (#8242 )	2026-06-02 16:02:08 +02:00
Simon L.	01e3f8247d	Nextcloud dependency update (#8243 )	2026-06-02 16:01:26 +02:00
szaimen	1937bf9690	nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-02 13:48:22 +00:00
szaimen	517543babd	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-02 13:24:42 +00:00
Simon L.	751cc9e16f	build(deps): bump dessant/lock-threads from 6.0.1 to 6.0.2 in /.github/workflows (#8240 )	2026-06-02 13:48:20 +02:00
dependabot[bot]	a9f722b453	build(deps): bump dessant/lock-threads in /.github/workflows Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/851cffe46851ddd2051ea7147ebdc995113241c3...89ae32b08ed1a541efecbab17912962a5e38981c) --- updated-dependencies: - dependency-name: dessant/lock-threads dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-02 11:13:32 +00:00
Simon L.	cbeb056e08	PHP dependency updates (#8238 )	2026-06-01 16:17:22 +02:00
szaimen	da5490b662	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-06-01 14:07:29 +00:00
Simon L.	99307a0ebe	manual-upgrade.md: Move md files from CRLF to LF line endings; instruct to use :ro flag when mounting the docker socket (#8166 )	2026-06-01 13:24:46 +02:00
Simon L.	f73bfa6283	caddy: re-introduce lets encrypt profiles (#8237 )	2026-06-01 12:39:48 +02:00
Simon L.	34aec1c790	caddy: re-introduce lets encrypt profiles Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-01 12:20:40 +02:00
Simon L.	e17415591a	revert: caddy: use acme shortlived profile (#8235 )	2026-06-01 11:45:04 +02:00
Simon L.	28c8faf997	revert: caddy: use acme shortlived profile Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-01 11:40:31 +02:00
Simon L.	54b9817061	build(deps): bump nextcloud-releases/whiteboard from v1.5.8 to v1.5.9 in /Containers/whiteboard (#8233 )	2026-06-01 10:42:39 +02:00
Simon L.	4f9725c5d4	build(deps): bump collabora/code from 25.04.9.4.1 to 25.04.10.3.1 in /Containers/collabora (#8232 )	2026-06-01 10:42:17 +02:00
Simon L.	71b2ae78c4	aio-interface: improve overlay log appearance (#8093 )	2026-06-01 10:27:33 +02:00
dependabot[bot]	66adab1ac0	build(deps): bump nextcloud-releases/whiteboard Bumps nextcloud-releases/whiteboard from v1.5.8 to v1.5.9. --- updated-dependencies: - dependency-name: nextcloud-releases/whiteboard dependency-version: v1.5.9 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-01 07:53:03 +00:00
dependabot[bot]	3ceb97c173	build(deps): bump collabora/code in /Containers/collabora Bumps collabora/code from 25.04.9.4.1 to 25.04.10.3.1. --- updated-dependencies: - dependency-name: collabora/code dependency-version: 25.04.10.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-01 07:51:19 +00:00
Simon L.	4f4420c713	PHP dependency updates (#8228 )	2026-06-01 09:04:49 +02:00
szaimen	dd0e4269a1	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-31 12:24:51 +00:00
Simon L.	32a0b97ce3	PHP dependency updates (#8224 )	2026-05-30 15:36:36 +02:00
szaimen	a0e7a80ac9	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-30 12:21:42 +00:00
Simon L.	62295caa39	update link to upgrade docs Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-29 17:44:27 +02:00
Simon L.	a529bac3b4	PHP dependency updates (#8221 )	2026-05-29 17:02:13 +02:00
szaimen	660f7cec08	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-29 12:59:01 +00:00
Simon L.	bf4c721fe0	Update pull request template with new checkboxes (#8220 )	2026-05-29 12:53:23 +02:00
Simon L.	b7317a4db6	Update pull request template with new checkboxes Added checkboxes for testing and AI usage in PR template. Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-29 12:46:03 +02:00
Simon L.	052c0e6ff3	fix: IPv6 compatibility across containers and PHP AIO interface (#8019 )	2026-05-29 10:13:33 +02:00
copilot-swe-agent[bot]	0722cf95be	fix: improve IPv6 compatibility in containers and PHP AIO interface Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/c71fba87-d463-4682-9cb3-abb659b2ca40 refactor: deduplicate resolveHostname into DataConst Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/42427bd4-05e6-4197-bdb7-db3761815113 refactor: move resolveHostname from DataConst into new NetworkHelper class Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/73cb1d89-ab85-43b6-adfe-a90c00ad60a1	2026-05-29 10:11:08 +02:00
Simon L.	b6ddc024fe	Nextcloud dependency update (#8218 )	2026-05-29 10:08:29 +02:00
Simon L.	acbfffd361	preparations for the upcoming Hub 26 Spring release (#8210 )	2026-05-29 10:07:14 +02:00
szaimen	b1ca6f4997	nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-29 08:07:10 +00:00
Simon L.	b4057096ac	watchtower container update (#8094 )	2026-05-29 10:04:55 +02:00
Simon L.	62396eee0d	PHP dependency updates (#8195 )	2026-05-29 10:03:57 +02:00
szaimen	e31a493785	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-29 08:01:24 +00:00
Simon L.	fb3ff3acbf	Revert "update tags of playwright workflows" (#8217 )	2026-05-29 10:00:18 +02:00
Simon L.	1a4093220f	Revert "update tags of playwright workflows"	2026-05-29 09:59:57 +02:00
Simon L.	a5cc10295d	build(deps): bump elasticsearch from 9.4.1 to 9.4.2 in /Containers/fulltextsearch (#8216 )	2026-05-29 09:04:52 +02:00
Simon L.	e9716690de	Imaginary update (#8215 )	2026-05-29 09:04:38 +02:00
Simon L.	5d10dcb284	build(deps): bump dessant/lock-threads from 6.0.0 to 6.0.1 in /.github/workflows (#8214 )	2026-05-29 09:04:18 +02:00
dependabot[bot]	1a7d50463a	build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 9.4.1 to 9.4.2. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 9.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-29 04:24:03 +00:00
szaimen	cfd8f7f47d	watchtower-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-28 14:58:32 +00:00
szaimen	6cef8a1bfc	imaginary-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-28 14:26:49 +00:00
dependabot[bot]	69afd5c857	build(deps): bump dessant/lock-threads in /.github/workflows Bumps [dessant/lock-threads](https://github.com/dessant/lock-threads) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/dessant/lock-threads/releases) - [Changelog](https://github.com/dessant/lock-threads/blob/main/CHANGELOG.md) - [Commits](https://github.com/dessant/lock-threads/compare/7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7...851cffe46851ddd2051ea7147ebdc995113241c3) --- updated-dependencies: - dependency-name: dessant/lock-threads dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-28 14:25:15 +00:00
Simon L.	7a499f3d0a	Add "dockhand.update": "false" to all managed containers (#8184 )	2026-05-28 11:56:24 +02:00
Simon L.	e52f3944ee	FTS: require authentication for all Elasticsearch API access (#8205 )	2026-05-28 11:54:40 +02:00
Simon L.	2f7b98ddff	preparations for the coming Hub 26 Spring release Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-28 11:42:03 +02:00
copilot-swe-agent[bot]	a50f28424d	fix: enable elasticsearch security to require authentication for all API access - Enable xpack.security in Elasticsearch (was explicitly disabled) - Add ELASTIC_PASSWORD env var so the built-in elastic user gets the password - Disable HTTP SSL to keep plain HTTP while still enforcing basic auth - Disable transport SSL (single-node setup) - Update healthcheck to authenticate with elastic credentials	2026-05-28 11:41:59 +02:00
Ivan Mihov	26c74fd556	Add a note regardign dockhand update and a link to the documentation Signed-off-by: Ivan Mihov <ivan@mihov.me>	2026-05-28 11:41:41 +02:00
Ivan Mihov	d2d59eb207	Add dockhand.update: false to the Dockerfiles Signed-off-by: Ivan Mihov <ivan@mihov.me>	2026-05-28 11:41:41 +02:00
Ivan Mihov	21649225d0	Add "dockhand.update": "false" to all managed containers Signed-off-by: Ivan Mihov <ivan@mihov.me>	2026-05-28 11:41:41 +02:00
Simon L.	9cfaad674c	update tags of playwright workflows (#8211 )	2026-05-28 11:40:21 +02:00
Simon L.	0b0f848377	update tags of playwright workflows Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-28 11:35:29 +02:00
Simon L.	79b24149dc	Helm Chart updates (#8206 )	2026-05-27 17:42:29 +02:00
szaimen	24c88f3fd2	Helm Chart updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-27 14:54:04 +00:00
Simon L.	2082fb6bbc	improve community-container readmes by adding links to upstream sw and describing what each one does (#8150 )	2026-05-26 13:07:35 +02:00
Simon L.	f976c55726	increase to v13.1.0 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-22 12:48:13 +02:00
Simon L.	1514c05435	Fix docker registry and community containers (#8091 )	2026-05-22 12:43:12 +02:00
Simon L.	55c08cab00	aio-interface: do not cache the containers, logs and setup screen as it shows credentials (#8161 )	2026-05-22 12:22:32 +02:00
Simon L.	2b1ec334e8	build(deps): bump docker from 29.5.1-cli to 29.5.2-cli in /Containers/mastercontainer (#8192 )	2026-05-22 10:11:10 +02:00
Simon L.	99704807d0	PHP dependency updates (#8190 )	2026-05-22 10:10:56 +02:00
Simon L.	dabb7d0224	server.config.php: fix serverid closing bracket Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-22 10:06:32 +02:00
dependabot[bot]	1a2d168a7f	build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.5.1-cli to 29.5.2-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.5.2-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-22 04:22:33 +00:00
lonode	abaea7b4c2	change case Signed-off-by: lonode <32384862+lonode@users.noreply.github.com>	2026-05-21 17:42:21 +02:00
szaimen	a1c818bc38	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-21 13:01:02 +00:00
copilot-swe-agent[bot]	f178b49cc1	fix: apply dark mode in overlay iframe via storage events and apply-theme.js Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/bc95f559-e0c7-4682-96fb-0799956a95c6 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-21 11:56:51 +00:00
Simon L.	1d546bbb59	aio-interface: do not cache the containers, logs and setup screen as it shows credentials Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-21 12:14:46 +02:00
Simon L.	5a474d92d9	notify-push: fix startup on ipv6 disabled servers (#8188 )	2026-05-21 12:06:28 +02:00
Simon L.	795baf903b	server.config.php: downstream sync serverid upstream change (#8187 )	2026-05-21 12:01:49 +02:00
Simon L.	b4c0266461	notify-push: fix startup on ipv6 disabled servers Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-21 10:53:49 +02:00
Simon L.	3a988938b2	server.config.php: downstream sync serverid upstream change Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-21 10:48:37 +02:00
Simon L.	7c0df4f701	build(deps): bump nats from 2.14.0-scratch to 2.14.1-scratch in /Containers/talk (#8185 )	2026-05-21 10:40:41 +02:00
dependabot[bot]	1d27e165e6	build(deps): bump nats in /Containers/talk Bumps nats from 2.14.0-scratch to 2.14.1-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.14.1-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-21 04:23:15 +00:00
Anvil5465	22d2db35b1	Update community-containers/fail2ban/readme.md Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>	2026-05-20 17:03:57 -04:00
Simon L.	a75d1c48bf	Small improvements to /app/readme (#8179 )	2026-05-20 17:15:51 +02:00
Simon L.	74b98b369e	PHP dependency updates (#8180 )	2026-05-20 16:36:42 +02:00
Simon L.	74dee77fac	Add top-level .editorconfig; improve app/.editorconfig (#8178 )	2026-05-20 15:54:33 +02:00
szaimen	70100ba5ef	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-05-20 13:42:43 +00:00
Gaetano Giunta	de72608519	Use proper name for AIP and Nextcloud in readme file Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-20 11:12:51 +00:00
Gaetano Giunta	02c9a7475b	Small improvements to /app/readme Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-20 11:02:14 +00:00
Gaetano Giunta	c2e48d3524	add a comment to .editorconfig Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-20 10:56:10 +00:00
Gaetano Giunta	b615acf413	tabs to spaces for php/psalm.xml Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-20 10:55:39 +00:00
Gaetano Giunta	379b3d9e5a	add top-level .editorconfig; improve app/.editorconfig Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-20 10:46:15 +00:00
Simon L.	abbe6a85cf	build(deps): bump docker from 29.5.0-cli to 29.5.1-cli in /Containers/mastercontainer (#8177 )	2026-05-20 10:50:58 +02:00
dependabot[bot]	20835baa0c	build(deps): bump docker in /Containers/mastercontainer Bumps docker from 29.5.0-cli to 29.5.1-cli. --- updated-dependencies: - dependency-name: docker dependency-version: 29.5.1-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-20 08:36:32 +00:00
Simon L.	a32568cc9c	mastercontainer: run session-deduplicator as www-data (#8175 )	2026-05-20 10:20:56 +02:00
Dimas D. Angga	c6748dc450	fix(mastercontainer): run session-deduplicator as www-data The session-deduplicator only touches files under /mnt/docker-aio-config/session/, which is already owned by www-data, so running it as root grants more privilege than it needs. Dropping to www-data reduces the number of root-owned processes in the mastercontainer and follows least-privilege for the supervisord program set.	2026-05-20 09:32:49 +07:00
Gaetano Giunta	4c73a123ca	move md files from CRLF to LF; instruct to use :ro flag when mounting the docker socket (manual-upgrade.md) Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-19 17:46:47 +00:00
copilot-swe-agent[bot]	b0c4f97ba2	aio-interface: improve overlay log appearance Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/d51a2637-5128-4c8a-a18c-a86085d2cb88 aio-interface: do not cache the containers, logs and setup screen as it shows credentials Signed-off-by: Simon L. <szaimen@e.mail.de> fix: address PR review comments - remove inline script (CSP), use default font string Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/62e290a3-94de-4988-aeb8-b577fec135a7 Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-19 16:30:33 +02:00
Tim Alexander Neuenbauer	6288665170	home-assistant: Update readme.md (#8055 )	2026-05-19 16:25:28 +02:00
lonode	3517ba3039	apply suggestion Signed-off-by: lonode <32384862+lonode@users.noreply.github.com>	2026-05-19 15:13:51 +02:00
gggeek	1b696a1242	improve comm-conts readmes by adding links to upstream sw and describing what each one does Signed-off-by: Gaetano Giunta <giunta.gaetano@gmail.com>	2026-05-18 15:55:10 +00:00
lonode	ff7443b566	add support for multicontainer on community containers Signed-off-by: lonode <32384862+lonode@users.noreply.github.com>	2026-05-13 14:35:13 +02:00
lonode	fedb0a65df	Add support for library (official) images Signed-off-by: lonode <32384862+lonode@users.noreply.github.com>	2026-05-13 14:35:08 +02:00
@@ -1 +1 @@
 .0.4
 .1.0