fix: use named volume for OpenVPMS Redis /data instead of tmpfs

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/5f263bfa-a9fe-4ec7-b788-5f51a75ea0fc

Containers/mastercontainer/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.3.1-cli AS docker
+FROM docker:29.3.0-cli AS docker
 
 ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
 

Containers/mastercontainer/internal.Caddyfile

@@ -1,11 +1,8 @@
 {
 	admin off
 
-	# auto_https will be handled manually in acme.Caddyfile
-	auto_https disable_redirects
-
 	storage file_system {
-		root /mnt/docker-aio-config/caddy-internal/
+		root /mnt/docker-aio-config/caddy/
 	}
 
 	log {

Containers/mastercontainer/start.sh

@@ -364,7 +364,6 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
-mkdir -p /mnt/docker-aio-config/caddy-internal/
 
 # Adjust permissions for all instances
 chmod 770 -R /mnt/docker-aio-config
@@ -372,7 +371,6 @@ chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
-chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/
 
 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!

Containers/nextcloud/Dockerfile

@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.8
+ENV NEXTCLOUD_VERSION=32.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.2-alpine
+FROM redis:8.6.1-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/talk/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.6-scratch AS nats
+FROM nats:2.12.5-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.3 AS janus

community-containers/caddy/readme.md

@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. It also covers [OpenVPMS](https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms) by listening on `vpms.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -15,6 +15,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr.
 - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
+- If you want to use this with [OpenVPMS](https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms), make sure that you point `vpms.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for OpenVPMS.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

community-containers/fail2ban/fail2ban.json

@@ -35,6 +35,11 @@
                     "source": "nextcloud_aio_jellyseerr",
                     "destination": "/jellyseerr",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_openvpms_logs",
+                    "destination": "/openvpms",
+                    "writeable": false
                 }
             ]
         }

community-containers/fail2ban/readme.md

@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.

community-containers/openvpms/Dockerfile

@@ -0,0 +1,73 @@
+# syntax=docker/dockerfile:latest
+FROM tomcat:9.0-jdk17-temurin-alpine
+
+ARG OPENVPMS_VERSION=2.4.0.1
+ARG MARIADB_DRIVER_VERSION=3.4.1
+ARG REDISSON_VERSION=4.3.0
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        bash \
+        curl \
+        mariadb-client \
+        redis \
+        unzip; \
+    \
+    # Change Tomcat's connector port from 8080 to 11001
+    sed -i 's/port="8080"/port="11001"/' /usr/local/tomcat/conf/server.xml; \
+    \
+    # Download MariaDB JDBC driver into Tomcat's shared lib directory
+    curl -fsSL -o /usr/local/tomcat/lib/mariadb-java-client.jar \
+        "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/${MARIADB_DRIVER_VERSION}/mariadb-java-client-${MARIADB_DRIVER_VERSION}.jar"; \
+    \
+    # Download Redisson JARs for Redis-backed Tomcat session management
+    curl -fsSL -o /usr/local/tomcat/lib/redisson-all.jar \
+        "https://repo1.maven.org/maven2/org/redisson/redisson-all/${REDISSON_VERSION}/redisson-all-${REDISSON_VERSION}.jar"; \
+    curl -fsSL -o /usr/local/tomcat/lib/redisson-tomcat-9.jar \
+        "https://repo1.maven.org/maven2/org/redisson/redisson-tomcat-9/${REDISSON_VERSION}/redisson-tomcat-9-${REDISSON_VERSION}.jar"; \
+    \
+    # Remove default webapps
+    rm -rf /usr/local/tomcat/webapps/*; \
+    \
+    # Download and extract OpenVPMS release archive
+    curl -fsSL -o /tmp/openvpms-release.zip \
+        "https://repository.openvpms.org/releases/org/openvpms/openvpms-release/${OPENVPMS_VERSION}/openvpms-release-${OPENVPMS_VERSION}.zip"; \
+    unzip -q /tmp/openvpms-release.zip -d /tmp/openvpms-release; \
+    \
+    # Extract and deploy the WAR file — fail explicitly if not exactly one WAR is found
+    WAR_COUNT="$(find /tmp/openvpms-release -name '*.war' | wc -l)"; \
+    if [ "${WAR_COUNT}" -ne 1 ]; then \
+        echo "Expected exactly 1 WAR file, found ${WAR_COUNT}"; exit 1; \
+    fi; \
+    find /tmp/openvpms-release -name '*.war' \
+        -exec cp {} /usr/local/tomcat/webapps/openvpms.war \;; \
+    \
+    # Copy DB setup scripts — fail explicitly if the db directory is not found
+    DB_DIR="$(find /tmp/openvpms-release -type d -name 'db' | head -1)"; \
+    if [ -z "${DB_DIR}" ]; then \
+        echo "DB setup directory not found in release archive"; exit 1; \
+    fi; \
+    mkdir -p /setup/db; \
+    cp -r "${DB_DIR}/"* /setup/db/; \
+    \
+    # Clean up
+    rm -rf /tmp/openvpms-release /tmp/openvpms-release.zip
+
+COPY --chmod=755 entrypoint.sh /entrypoint.sh
+COPY --chmod=755 healthcheck.sh /healthcheck.sh
+
+RUN mkdir -p /opt/openvpms/data
+
+VOLUME /opt/openvpms/data
+
+EXPOSE 11001
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 \
+    CMD /healthcheck.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+LABEL org.opencontainers.image.title="aio-openvpms" \
+      org.opencontainers.image.description="OpenVPMS for Nextcloud AIO" \
+      org.opencontainers.image.source="https://github.com/szaimen/aio-openvpms"

community-containers/openvpms/entrypoint.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+set -e
+
+# Wait for the MariaDB database to be ready
+echo "Waiting for database at ${DB_HOST} to be ready..."
+until mariadb -h "${DB_HOST}" -u "${DB_USER}" -p"${DB_PASSWORD}" "${DB_NAME}" -e "SELECT 1" >/dev/null 2>&1; do
+    echo "Database not yet available, retrying in 3 seconds..."
+    sleep 3
+done
+echo "Database is ready."
+
+# Wait for Redis to be ready
+echo "Waiting for Redis at ${REDIS_HOST}:6379 to be ready..."
+until redis-cli -h "${REDIS_HOST}" ping 2>/dev/null | grep -q "PONG"; do
+    echo "Redis not yet available, retrying in 3 seconds..."
+    sleep 3
+done
+echo "Redis is ready."
+
+# Write the Redisson configuration for Redis-backed session management
+cat > /usr/local/tomcat/conf/redisson.yaml <<EOF
+singleServerConfig:
+  address: "redis://${REDIS_HOST}:6379"
+EOF
+
+# Write the JNDI datasource configuration, substituting env vars at runtime
+cat > /usr/local/tomcat/conf/context.xml <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<Context>
+    <Resource name="jdbc/openvpms"
+              auth="Container"
+              type="javax.sql.DataSource"
+              driverClassName="org.mariadb.jdbc.Driver"
+              url="jdbc:mariadb://${DB_HOST}/${DB_NAME}?useSSL=false&amp;allowPublicKeyRetrieval=true&amp;characterEncoding=UTF-8"
+              username="${DB_USER}"
+              password="${DB_PASSWORD}"
+              maxTotal="20"
+              maxIdle="10"
+              maxWaitMillis="-1"/>
+    <Manager className="org.redisson.tomcat.RedissonSessionManager"
+             configPath="/usr/local/tomcat/conf/redisson.yaml"
+             readMode="REDIS"
+             updateMode="DEFAULT"/>
+</Context>
+EOF
+
+# Initialise the database schema on first run only
+INIT_FLAG="/opt/openvpms/data/.db-initialized"
+if [ ! -f "${INIT_FLAG}" ]; then
+    echo "First run detected – initialising OpenVPMS database schema..."
+    SQL_SCRIPTS="$(find /setup/db -name '*.sql' | sort)"
+    if [ -n "${SQL_SCRIPTS}" ]; then
+        while IFS= read -r sql_file; do
+            echo "Applying ${sql_file}..."
+            mariadb -h "${DB_HOST}" -u "${DB_USER}" -p"${DB_PASSWORD}" "${DB_NAME}" < "${sql_file}"
+        done <<< "${SQL_SCRIPTS}"
+        touch "${INIT_FLAG}"
+        echo "Database schema initialised successfully."
+    else
+        echo "Warning: no SQL setup scripts found under /setup/db"
+    fi
+fi
+
+echo "Starting OpenVPMS on port 11001..."
+exec catalina.sh run

community-containers/openvpms/healthcheck.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+curl -sf http://localhost:11001/openvpms/ -o /dev/null || exit 1

community-containers/openvpms/openvpms.json

@@ -0,0 +1,84 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-openvpms",
+            "display_name": "OpenVPMS",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms",
+            "image": "ghcr.io/szaimen/aio-openvpms",
+            "image_tag": "latest",
+            "internal_port": "11001",
+            "restart": "unless-stopped",
+            "depends_on": [
+                "nextcloud-aio-openvpms-db",
+                "nextcloud-aio-openvpms-redis"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "DB_HOST=nextcloud-aio-openvpms-db",
+                "DB_NAME=openvpms",
+                "DB_USER=openvpms",
+                "DB_PASSWORD=%OPENVPMS_DB_PASSWORD%",
+                "REDIS_HOST=nextcloud-aio-openvpms-redis"
+            ],
+            "secrets": [
+                "OPENVPMS_DB_PASSWORD"
+            ],
+            "ui_secret": "OPENVPMS_DB_PASSWORD",
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms",
+                    "destination": "/opt/openvpms/data",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_openvpms_logs",
+                    "destination": "/usr/local/tomcat/logs",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_openvpms"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-openvpms-redis",
+            "display_name": "OpenVPMS Redis",
+            "image": "redis",
+            "image_tag": "7-alpine",
+            "hide_from_list": true,
+            "restart": "unless-stopped",
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms_redis",
+                    "destination": "/data",
+                    "writeable": true
+                }
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-openvpms-db",
+            "display_name": "OpenVPMS Database",
+            "image": "mariadb",
+            "image_tag": "lts",
+            "hide_from_list": true,
+            "restart": "unless-stopped",
+            "environment": [
+                "MYSQL_DATABASE=openvpms",
+                "MYSQL_USER=openvpms",
+                "MYSQL_PASSWORD=%OPENVPMS_DB_PASSWORD%",
+                "MYSQL_RANDOM_ROOT_PASSWORD=yes"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms_db",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_openvpms_db"
+            ]
+        }
+    ]
+}

community-containers/openvpms/readme.md

@@ -0,0 +1,16 @@
+## OpenVPMS
+This container bundles [OpenVPMS](https://openvpms.org) — an open-source veterinary practice management system — and auto-configures it for you. It includes a dedicated MariaDB database container.
+
+### Notes
+- You need to enable the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) as it is required to expose the OpenVPMS web interface. The web interface will be available at `https://vpms.your-nc-domain.com/openvpms` once Caddy is running.
+- You need to point `vpms.your-nc-domain.com` to your server using a CNAME or A/AAAA record so that Caddy can obtain a TLS certificate automatically.
+- It is recommended to also enable the [Fail2ban community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban) to automatically block IP addresses with too many failed login attempts.
+- A dedicated Redis instance is automatically started alongside OpenVPMS to store HTTP sessions externally, reducing JVM heap pressure and improving overall throughput.
+- The data of OpenVPMS and its database will be automatically included in AIO's backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-openvpms
+
+### Maintainer
+https://github.com/szaimen

community-containers/smbserver/smbserver.json

@@ -54,9 +54,6 @@
             "ui_secret": "SMBSERVER_PASSWORD",
             "backup_volumes": [
                 "nextcloud_aio_smbserver"
-            ],
-            "nextcloud_exec_commands": [
-                "php /var/www/html/occ config:system:set filesystem_check_changes --value=1 --type=integer"
             ]
         }
     ]

docker-rootless.md

@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
 1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 1. ⚠️ **Important:** Please read through all notes below!

php/composer.lock

@@ -4039,16 +4039,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.36",
+            "version": "v6.4.35",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
+                "reference": "49257c96304c508223815ee965c251e7c79e614e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+                "url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
+                "reference": "49257c96304c508223815ee965c251e7c79e614e",
                 "shasum": ""
             },
             "require": {
@@ -4113,7 +4113,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.36"
+                "source": "https://github.com/symfony/console/tree/v6.4.35"
             },
             "funding": [
                 {
@@ -4133,20 +4133,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-27T15:30:51+00:00"
+            "time": "2026-03-06T13:31:08+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v8.0.8",
+            "version": "v8.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
+                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
+                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
                 "shasum": ""
             },
             "require": {
@@ -4183,7 +4183,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.8"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.6"
             },
             "funding": [
                 {
@@ -4203,7 +4203,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-30T15:14:47+00:00"
+            "time": "2026-02-25T16:59:43+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4609,16 +4609,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.4.8",
+            "version": "v7.4.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688"
+                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688",
+                "url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
+                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
                 "shasum": ""
             },
             "require": {
@@ -4676,7 +4676,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.8"
+                "source": "https://github.com/symfony/string/tree/v7.4.6"
             },
             "funding": [
                 {
@@ -4696,7 +4696,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-24T13:12:05+00:00"
+            "time": "2026-02-09T09:33:46+00:00"
         },
         {
             "name": "vimeo/psalm",

php/public/automatic_reload.js

@@ -1,4 +1,4 @@
-window.addEventListener("load", function(event) {
+document.addEventListener("DOMContentLoaded", function(event) {
     if (document.hasFocus()) {
         // hide reload button if the site reloads automatically
         let list = document.getElementsByClassName("reload button");

php/public/containers-form-submit.js

@@ -121,8 +121,10 @@ document.addEventListener("DOMContentLoaded", function () {
 
     function handleDockerSocketProxyWarning() {
         if (document.getElementById("docker-socket-proxy").checked) {
-            alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
-            document.getElementById("docker-socket-proxy").checked = false
+            // TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included
+            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
+            // alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
+            // document.getElementById("docker-socket-proxy").checked = false
         }
     }
 

php/public/log-view.js

@@ -96,7 +96,7 @@ class LogViewer {
     }
 
     scrollToBottom() {
-        this.logElem.scrollTop = this.logElem.scrollHeight;
+        window.scrollTo(0, document.body.scrollHeight);
     }
 
     initAutoloadingControls() {

php/src/Auth/AuthManager.php

@@ -26,7 +26,6 @@ readonly class AuthManager {
     public function SetAuthState(bool $isLoggedIn) : void {
 
         if (!$this->IsAuthenticated() && $isLoggedIn === true) {
-            session_regenerate_id(true);
             $date = new DateTime();
             $dateTime = $date->getTimestamp();
             $_SESSION['date_time'] = $dateTime;

php/src/Data/ConfigurationManager.php

@@ -657,7 +657,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException("Please enter your current password.");
         }
 
-        if (!hash_equals($this->password, $currentPassword)) {
+        if ($currentPassword !== $this->password) {
             throw new InvalidSettingConfigurationException("The entered current password is not correct.");
         }
 

php/templates/containers.twig

@@ -27,7 +27,7 @@
             <script type="text/javascript" src="timezone.js"></script>
 
             {# js for optional containers and additional containers forms #}
-            <script type="text/javascript" src="containers-form-submit.js?v7"></script>
+            <script type="text/javascript" src="containers-form-submit.js?v6"></script>
 
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
@@ -635,7 +635,7 @@
             {% endif %}
 
         {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
-            <script type="text/javascript" src="automatic_reload.js?v1"></script>
+            <script type="text/javascript" src="automatic_reload.js"></script>
         {% else %}
             <script type="text/javascript" src="before-unload.js"></script>
         {% endif %}

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-12.9.1
+12.9.0

php/templates/includes/optional-containers.twig

@@ -198,6 +198,7 @@
         >
         <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>) ⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!</label>
     </p>
+{#
     <p>
         <input
             type="checkbox"
@@ -212,6 +213,7 @@
         >
         <label for="harp">HaRP (<a target="_blank" href="https://github.com/nextcloud/HaRP">High-availability Reverse Proxy</a> for Nextcloud ExApps)</label>
     </p>
+#}
     <p>
         <input
             type="checkbox"

php/templates/log.twig

@@ -3,25 +3,15 @@
         <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
         <link rel="stylesheet" href="style.css">
         <style>
-            html, body {
-                height: 100%;
-                overflow: hidden;
-                padding: 0;
-                margin: 0;
-            }
-            pre {
-                height: 100%;
-                overflow: auto;
-                margin: 0;
+            body {
                 padding: 1rem;
-                box-sizing: border-box;
             }
             #floating-box {
-                position: fixed;
+                position: sticky;
                 top: 1rem;
+                float: right;
                 right: 1rem;
-                max-width: calc(100vw - 2rem);
-                z-index: 10;
+                width: 20rem;
                 display: flex;
                 justify-content: end;
                 align-items: center;
@@ -53,7 +43,7 @@
                 transition: opacity 1s, display 1s allow-discrete;
             }
         </style>
-        <script src="log-view.js?v1"></script>
+        <script src="log-view.js"></script>
     </head>
     <body data-container-id="{{ id }}">
         <div id="floating-box">

readme.md

@@ -151,7 +151,7 @@ sudo docker run \
   - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.  
   - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.  
   - `--restart always` — ensures the container restarts automatically with the Docker daemon.  
-  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
+  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.  
   - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
   - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
   - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  

scripts/build-containers.sh

@@ -1,47 +0,0 @@
-#!/bin/bash
-
-VARIANT="develop"
-CONTAINERS=()
-
-# Parse flags first
-while [[ $# -gt 0 && $1 == --* ]]; do
-  case $1 in
-    --variant)
-      VARIANT="$2"
-      shift 2
-      ;;
-    *)
-      echo "Unknown option: $1"
-      exit 1
-      ;;
-  esac
-done
-
-# Remaining arguments are containers
-CONTAINERS=("$@")
-
-if [ ${#CONTAINERS[@]} -eq 0 ]; then
-    echo "Usage: $0 [--variant develop|beta] <container1> [container2] [container3] ..."
-    echo "Example: $0 --variant beta apache mastercontainer"
-    exit 1
-fi
-
-# Change to project root
-cd "$(dirname "$0")/.." || exit 1
-
-for container in "${CONTAINERS[@]}"; do
-  if [[ $container == "mastercontainer" ]]; then
-    TAG="all-in-one"
-  else
-    TAG="aio-$container"
-  fi
-
-  if [[ $container == "mastercontainer" || $container == "nextcloud" ]]; then
-      CONTEXT="."
-  else
-      CONTEXT="Containers/$container"
-  fi
-
-  docker buildx build --file Containers/$container/Dockerfile --tag ghcr.io/nextcloud-releases/"$TAG":"$VARIANT" --load $CONTEXT
-done
-