reuse: move helm chart and sample.conf SPDX headers to REUSE.toml; fix workflow license

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
reuse: fix PHP files to keep declare(strict_types=1) directly after <?php
2026-06-10 08:37:02 +00:00 · 2026-05-11 13:00:54 +00:00 · 2026-05-11 13:00:48 +00:00 · 2026-05-11 13:00:44 +00:00 · 2026-05-11 10:14:00 +00:00 · 2026-05-11 10:10:48 +00:00
252 changed files with 3739 additions and 1652 deletions
@@ -1,3 +1,8 @@
 <!--
 SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 ---
 name: 🐛 Bug report - no questions and no support!
 about: Help us improving by reporting a bug - this category is not for questions and also not for support! Please use one of the options below for questions and support
@@ -1,3 +1,8 @@
 <!--
 SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 ---
 name: 📖 Existing feature/documentation enhancement
 about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 blank_issues_enabled: false
 contact_links:
    - name: 📘 Documentation on Nextcloud AIO
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 version: 2
 updates:
 - package-ecosystem: "github-actions"
@@ -1,3 +1,8 @@
 <!--
 SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 <!--
  - 🚨 SECURITY INFO
  -
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 changelog:
  categories:
    - title: 🏕 New features and other improvements
@@ -5,12 +5,14 @@ on:
    paths:
      - 'php/**'
      - 'Containers/mastercontainer/*.Caddyfile'
      - 'Containers/mastercontainer/start.sh'
  push:
    branches:
      - main
    paths:
      - 'php/**'
      - 'Containers/mastercontainer/*.Caddyfile'
      - 'Containers/mastercontainer/start.sh'
 concurrency:
  group: playwright-${{ github.head_ref || github.run_id }}
@@ -55,7 +57,7 @@ jobs:
          rm -r ./session
          composer install --no-dev
          composer clear-cache
-          sudo chmod 777 -R ./
+          sudo chmod 777 -R ../
      - name: Start fresh development server
        run: |
@@ -72,6 +74,7 @@ jobs:
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=true \
            --env APACHE_PORT=11000 \
@@ -103,6 +106,7 @@ jobs:
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=false \
            --env APACHE_PORT=11000 \
@@ -0,0 +1,202 @@
 <!--
 SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 # Authors
 All contributors to the Nextcloud All-in-One project. Thank you!
 <!-- Generated from git log -->
 - -Denux <timon.klinkert@gmail.com>
 - 41it <137164547+41it@users.noreply.github.com>
 - Adam Monsen <haircut@gmail.com>
 - Adrian Gebhart <adrian@pestotoast.de>
 - AiroPi (Pierre) <47398145+AiroPi@users.noreply.github.com>
 - Alan Savage <asavageiv@users.noreply.github.com>
 - Alexander Hörl <alexander.horl2@live.de>
 - Alexander Müller <28591861+alexanderdd@users.noreply.github.com>
 - Alexander Piskun <bigcat88@icloud.com>
 - Alison McCue <gh@maladroit.me>
 - Andrey Borysenko <andrey18106x@gmail.com>
 - Andy George <andygeorge@users.noreply.github.com>
 - Anth0rx <pascal@dengconsult.systems>
 - Anton Podlozny <47890723+apodl1@users.noreply.github.com>
 - Anupam Kumar <kyteinsky@gmail.com>
 - Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
 - Apoorv Parle <19315187+apparle@users.noreply.github.com>
 - Arman The Parman <77603167+ArmanTheParman@users.noreply.github.com>
 - Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
 - BP <busta.pipes@gmail.com>
 - Basti Qdoba <sebastian.chudoba@googlemail.com>
 - Bastian <48765834+Cloudboom@users.noreply.github.com>
 - Bastian Derigs <155444921+derigs@users.noreply.github.com>
 - Ben Iofel <1713819+benwaffle@users.noreply.github.com>
 - Benjamin Brahmer <info@b-brahmer.de>
 - Braiden Psiuk <mail@braiden.dev>
 - Brian Philipp <66728496+BR14Nx@users.noreply.github.com>
 - Brouware <63195347+Brouware@users.noreply.github.com>
 - Caio Barros <cgbarros@users.noreply.github.com>
 - Copilot <198982749+Copilot@users.noreply.github.com>
 - Daniel Calviño Sánchez <danxuliu@gmail.com>
 - Daniel Hartmann <60435198+hartmann-daniel@users.noreply.github.com>
 - David <142408439+LinuxSpielKind@users.noreply.github.com>
 - David Bradette <87823519+DavidBradette@users.noreply.github.com>
 - David Hund <david.hund@gmail.com>
 - David Mehren <git@herrmehren.de>
 - Dennis R <dennis@elsysweyr.com>
 - Duvio <can2004kaya@gmail.com>
 - Emil Marklund <emil@btlcomputing.com>
 - Erwan Hervé <62173453+Erwan-loot@users.noreply.github.com>
 - FaySmash <30392780+FaySmash@users.noreply.github.com>
 - Felix Schäfer <felix@thegcat.net>
 - Felix Stupp <felix.stupp@banananet.work>
 - Fernando Ribeiro <fribeiro@fribeiro.org>
 - Florian Latifi <mail@florian-latifi.at>
 - Florian Wallner <asdf@walura.eu>
 - Francesco Saltori <francescosaltori@gmail.com>
 - FreDTV <70434961+Fred-DTV@users.noreply.github.com>
 - Frederik Berg <fberg@posteo.de>
 - Gerald Krause <gerald.d.krause@t-online.de>
 - Gonçalo Pereira <goncalo_pereira@outlook.pt>
 - Hannes Franke <hannes.franke@tu-dortmund.de>
 - HedgeShot <HedgeShot@users.noreply.github.com>
 - Hoang Pham <hoangmaths96@gmail.com>
 - Ikko Eltociear Ashimine <eltociear@gmail.com>
 - ItsQuadrus <quadrus.yt@gmail.com>
 - JL102 <jordanlees@mailbox.org>
 - JMarcosHP (Jehu Marcos Herrera Puentes) <jehuherrerap@hotmail.com>
 - Jean-Yves <7360784+docjyJ@users.noreply.github.com>
 - Jimmy Everling <jimmy@jimmyk.se>
 - Jo <jonassauge@gmail.com>
 - Joas Schilling <coding@schilljs.com>
 - Joe Hanson <joe@veri.dev>
 - John Molakvoæ <skjnldsv@protonmail.com>
 - Jos Poortvliet <jospoortvliet@gmail.com>
 - Joseph <jturnism@gmail.com>
 - Josh <josh.t.richards@gmail.com>
 - Joshua Hesketh <josh@hesketh.net.au>
 - Julius Härtl <jus@bitgrid.net>
 - Kai Biebel <38378574+seclution@users.noreply.github.com>
 - Kain <26943220+kaincenteno@users.noreply.github.com>
 - Kasim <kasim@rafique.co.uk>
 - Killiane Letellier <killiane.letellier@mailo.com>
 - Klaus15 <le_kluus@web.de>
 - Lance <Gero3977@gmail.com>
 - Lorenzo Marroccoli <lollo0296@gmail.com>
 - Lorenzo Moscati <lorenzo@moscati.page>
 - Lukas Reschke <lukas@statuscode.ch>
 - Luotio <juha@luotio.net>
 - ManOki <ManOki@users.noreply.github.com>
 - Marc <github@wuast24.de>
 - Marco Ambrosini <marcoambrosini@proton.me>
 - Marius Quabeck <marius.quabeck@nextcloud.com>
 - Martin Ligabue <martinligabue@gmail.com>
 - Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
 - Maximilian Jakob Maag <maximilian.maag@outlook.de>
 - Michael Keck <git@cr0ydon.com>
 - Miguel Guthridge <hdsq@outlook.com.au>
 - Mihai Coman <mihai.cmn@gmail.com>
 - MondoGao <mondogao@gmail.com>
 - Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
 - MrAn0nym <63542658+MrAn0nym@users.noreply.github.com>
 - Mustapha Zorgati <15628173+mustaphazorgati@users.noreply.github.com>
 - Nextcloud Team <contact@nextcloud.com>
 - Nextcloud bot <bot@nextcloud.com>
 - Nikolas Rimikis <25266387+Leptopoda@users.noreply.github.com>
 - Nils K <24257556+septatrix@users.noreply.github.com>
 - Oleksandr Piskun <oleksandr2088@icloud.com>
 - Oleksii Zolotarevskyi <15846984+roundoutandabout@users.noreply.github.com>
 - Olicorne (thiswillbeyourgithub) <26625900+thiswillbeyourgithub@users.noreply.github.com>
 - Pablo Zmdl <pablo@nextcloud.com>
 - Paul <devnoname120@gmail.com>
 - Perlover <perlover@perlover.com>
 - Peter van Dijk <peter@7bits.nl>
 - Phil Mocek <pmocek-github@mocek.org>
 - Philipp Fruck <dev@p-fruck.de>
 - Pi-Farm <43029891+pi-farm@users.noreply.github.com>
 - PreciousChicken <hello@preciouschicken.com>
 - Prokop Schield <76836484+prokopschield@users.noreply.github.com>
 - Quentin Lemeasle <quentinlemcode@gmail.com>
 - Rahammetoela Toekiman <fusekai@outlook.com>
 - Richard Steinmetz <richard@steinmetz.cloud>
 - Robert Riemann <robert.riemann@edps.europa.eu>
 - Robert Zilke <robert@zilke.dev>
 - Ruben D. <ruben@winterrific.net>
 - S1m <git@sgougeon.fr>
 - Samuel Plumppu <6125097+Greenheart@users.noreply.github.com>
 - Sergio Casero Hernández <soy@sergiocasero.es>
 - Seth Deegan <jayandseth@gmail.com>
 - Shantanu Tushar <shaan7in@gmail.com>
 - Simon L. (szaimen) <szaimen@e.mail.de>
 - SomeMichael <43578183+SomeMichael@users.noreply.github.com>
 - Surfict <allexandre@itis.swiss>
 - Syed Mishar Newaz <misharex.sezan@gmail.com>
 - TheManchineel <37479927+TheManchineel@users.noreply.github.com>
 - Thijs van der Woude <31108288+thijsvanderwoude@users.noreply.github.com>
 - Thomas Lavocat <tlavocat@redhat.com>
 - Thor Galle <thorgalle@gmail.com>
 - Thorsten Schaefer <github@npath.de>
 - Tim Diels <tim@diels.me>
 - Tomas <16553087+michnovka@users.noreply.github.com>
 - Tony F <goldstar611@hotmail.com>
 - Valeriy Sotnikov <sotnikov.link@mail.ru>
 - Varun Patil <varunpatil@ucla.edu>
 - Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
 - William Wong <46506352+tar-xz@users.noreply.github.com>
 - Yannik Buerkle <mail@yannik-buerkle.de>
 - Zakmaf <100925791+Zakmaf@users.noreply.github.com>
 - Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com>
 - Zoey <zoey@z0ey.de>
 - Zxhir <98621617+Imzxhir@users.noreply.github.com>
 - alexenica <alexenica@live.com>
 - autoantwort <Leander.schulten@rwth-aachen.de>
 - bentongxyz <60358804+bentongxyz@users.noreply.github.com>
 - blu3acid <michael.muschner@mailbox.org>
 - craigkh <74493036+craigkh@users.noreply.github.com>
 - dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 - derStephan <derStephan@users.noreply.github.com>
 - derhagen <2806328+derhagen@users.noreply.github.com>
 - dienteperro <dienteperro1207@yahoo.com>
 - ernolf <raphael.gradenwitz@googlemail.com>
 - esmith443 <119460913+esmith443@users.noreply.github.com>
 - foegra <foegra@yahoo.com>
 - gggeek <giunta.gaetano@gmail.com>
 - grossamos <email@amosgross.com>
 - hunhejj <hunhejj@gmail.com>
 - iraklis10 <1414477+iraklis10@users.noreply.github.com>
 - jameskimmel <17176225+jameskimmel@users.noreply.github.com>
 - jr_blue_551 <johnrowe551@gmail.com>
 - kri164 <52274164+kri164@users.noreply.github.com>
 - kurt-mcrae <83569406+kurt-mcrae@users.noreply.github.com>
 - lll <2844835+flll@users.noreply.github.com>
 - marekschneider <marek@kms.onl>
 - martin.mueller <martin.mueller@model-engineers.com>
 - masterwoot <company+github.com@maganti.se>
 - matiasdelellis <mati86dl@gmail.com>
 - ncguk <inglenook@duck.com>
 - nextcloud-command <nextcloud-command@users.noreply.github.com>
 - ninoppp <101364396+ninoppp@users.noreply.github.com>
 - notEvil <not_evil@rappold1.at>
 - pailloM <56462552+pailloM@users.noreply.github.com>
 - ph00lt0 <15004290+ph00lt0@users.noreply.github.com>
 - ph818 <71797925+ph818@users.noreply.github.com>
 - pun kyard <59349105+punkyard@users.noreply.github.com>
 - roelofz <11368363+roelofz@users.noreply.github.com>
 - roib20 <66280613+roib20@users.noreply.github.com>
 - rugk <rugk+git@posteo.de>
 - sjjh <2787214+sjjh@users.noreply.github.com>
 - spatterlight <81454789+spatterIight@users.noreply.github.com>
 - stefano99 <falchi.stefi@gmail.com>
 - steffenmalisi <steffenmalisi@users.noreply.github.com>
 - sunjam <sunjam@users.noreply.github.com>
 - ten0hira <85587841+ten0hira@users.noreply.github.com>
 - thigg <thigg@users.noreply.github.com>
 - tofuwabohu <66644064+tofuwabohu@users.noreply.github.com>
 - turtleinarock <s.senn14@gmail.com>
 - tyleraharrison <tyleraharrison@gmail.com>
 - wky0211 <46506352+wky0211@users.noreply.github.com>
 - xis <xis@schowek.net>
 - zybster <zybster@gmail.com>
 - Álvaro Brey <alvaro.brey@nextcloud.com>
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM alpine:3.23.4
 RUN set -ex; \
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 {
    auto_https disable_redirects
@@ -1,8 +1,10 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM caddy:2.11.2-alpine AS caddy
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.66-alpine3.23
+FROM httpd:2.4.67-alpine3.23
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z 127.0.0.1 8000 || exit 1
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 Listen 8000
 <VirtualHost *:8000>
    ServerName localhost
@@ -7,7 +10,7 @@ Listen 8000
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    ErrorLog /proc/self/fd/2
    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn
+    LogLevel ${AIO_LOG_LEVEL}
    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
@@ -1,10 +1,23 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -z "$NC_DOMAIN" ]; then
    echo "NC_DOMAIN and NEXTCLOUD_HOST need to be provided. Exiting!"
    exit 1
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
    export SUPERVISORD_STDOUT=NONE
 fi
 # Need write access to /mnt/data
 if ! [ -w /mnt/data ]; then
    echo "Cannot write to /mnt/data"
@@ -1,22 +1,25 @@
-[supervisord]
+# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-nodaemon=true
+# SPDX-License-Identifier: AGPL-3.0-only
-logfile=/var/log/supervisord/supervisord.log
+
-pidfile=/var/run/supervisord/supervisord.pid
+[supervisord]
-childlogdir=/var/log/supervisord/
+nodaemon=true
-logfile_maxbytes=50MB                           
+logfile=/var/log/supervisord/supervisord.log
-logfile_backups=10                              
+pidfile=/var/run/supervisord/supervisord.pid
-loglevel=error
+childlogdir=/var/log/supervisord/
-
+logfile_maxbytes=50MB                           
-[program:apache]
+logfile_backups=10                              
-# Stdout logging is disabled as otherwise the logs are spammed
+loglevel=%(ENV_AIO_LOG_LEVEL)s
-stdout_logfile=NONE
+
-stderr_logfile=/dev/stderr
+[program:apache]
-stderr_logfile_maxbytes=0
+# Stdout logging is disabled as otherwise the logs are spammed
-command=apachectl -DFOREGROUND
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
-
+stderr_logfile=/dev/stderr
-[program:caddy]
+stderr_logfile_maxbytes=0
-stdout_logfile=/dev/stdout
+command=apachectl -DFOREGROUND
-stdout_logfile_maxbytes=0
+
-stderr_logfile=/dev/stderr
+[program:caddy]
-stderr_logfile_maxbytes=0
+stdout_logfile=/dev/stdout
-command=/usr/bin/caddy run --config /tmp/Caddyfile
+stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/usr/bin/caddy run --config /tmp/Caddyfile
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM alpine:3.23.4
 RUN set -ex; \
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Functions
 get_start_time(){
@@ -40,7 +47,7 @@ if [ -z "$BORG_REMOTE_REPO" ] && ! mountpoint -q "$MOUNT_DIR"; then
 fi
 # Check if repo is uninitialized
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg info > /dev/null; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
        echo "The repository is uninitialized or cannot connect to remote. Cannot perform check or restore."
    else
@@ -123,7 +130,7 @@ if [ "$BORG_MODE" = backup ]; then
    fi
    # Initialize the repository if can't get info from target
-    if ! borg info > /dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            if [ -n "$BORG_REMOTE_REPO" ]; then
@@ -140,14 +147,14 @@ if [ "$BORG_MODE" = backup ]; then
        echo "Initializing repository..."
        NEW_REPOSITORY=1
-        if ! borg init --debug --encryption=repokey-blake2; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" init --encryption=repokey-blake2; then
            echo "Could not initialize borg repository."
            exit 1
        fi
        if [ -z "$BORG_REMOTE_REPO" ]; then
            # borg config only works for local repos; it's up to the remote to ensure the disk isn't full
-            borg config :: additional_free_space 2G
+            borg "$BORG_LOG_LEVEL_FLAG" config :: additional_free_space 2G
            # Fix too large Borg cache
            # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
@@ -156,7 +163,7 @@ if [ "$BORG_MODE" = backup ]; then
            touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
        fi
-        if ! borg info > /dev/null; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
            echo "Borg can't get info from the repo it created. Something is wrong."
            exit 1
        fi
@@ -216,9 +223,9 @@ if [ "$BORG_MODE" = backup ]; then
    # Create the backup
    echo "Starting the backup..."
    get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
        echo "Deleting the failed backup archive..."
-        borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
+        borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
        echo "You might want to check the backup integrity via the AIO interface."
        if [ "$NEW_REPOSITORY" = 1 ]; then
@@ -237,14 +244,14 @@ if [ "$BORG_MODE" = backup ]; then
    # Prune archives
    echo "Pruning the archives..."
-    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi
    # Compact archives
    echo "Compacting the archives..."
-    if ! borg compact; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
        echo "Failed to compact archives!"
        exit 1
    fi
@@ -261,19 +268,19 @@ if [ "$BORG_MODE" = backup ]; then
                fi
            done
            echo "Starting the backup for additional volumes..."
-            if ! borg create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-docker-volumes"
+                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
            echo "Pruning additional volumes..."
-            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
            echo "Compacting additional volumes..."
-            if ! borg compact; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
                echo "Failed to compact additional docker-volume archives!"
                exit 1
            fi
@@ -291,19 +298,19 @@ if [ "$BORG_MODE" = backup ]; then
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
            echo "Starting the backup for additional host mounts..."
-            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-host-mounts"
+                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
            echo "Pruning additional host mounts..."
-            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
            echo "Compacting additional host mounts..."
-            if ! borg compact; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
                echo "Failed to compact additional host-mount archives!"
                exit 1
            fi
@@ -385,7 +392,7 @@ if [ "$BORG_MODE" = restore ]; then
    if [ -z "$BORG_REMOTE_REPO" ]; then
        mkdir -p /tmp/borg
-        if ! borg mount "::$SELECTED_ARCHIVE" /tmp/borg; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" mount "::$SELECTED_ARCHIVE" /tmp/borg; then
            echo "Could not mount the backup!"
            exit 1
        fi
@@ -432,7 +439,7 @@ if [ "$BORG_MODE" = restore ]; then
        #
        # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
        cd /  # borg extract has no destination arg and extracts to CWD
-        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
+        if ! borg "$BORG_LOG_LEVEL_FLAG" extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
        then
            RESTORE_FAILED=1
            echo "Failed to extract backup archive."
@@ -464,7 +471,7 @@ if [ "$BORG_MODE" = restore ]; then
                    \) \
                    | LC_ALL=C sort \
                    | LC_ALL=C comm -23 - \
-                        <(borg list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
+                        <(borg "$BORG_LOG_LEVEL_FLAG" list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
                    > /tmp/local_files_not_in_backup
            then
                RESTORE_FAILED=1
@@ -552,7 +559,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."
    # Perform the check
-    if ! borg check -v --verify-data; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" check -v --verify-data; then
        echo "Some errors were found while checking the backup integrity!"
        echo "Check the AIO interface for advice on how to proceed now!"
        exit 1
@@ -570,7 +577,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
    echo "Checking the backup integrity and repairing it..."
    # Perform the check-repair
-    if ! echo YES | borg check -v --repair; then
+    if ! echo YES | borg "$BORG_LOG_LEVEL_FLAG" check -v --repair; then
        echo "Some errors were found while checking and repairing the backup integrity!"
        exit 1
    fi
@@ -584,7 +591,7 @@ fi
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg info > /dev/null; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
            echo "Borg could not get info from the remote repo."
            echo "See the above borg info output for details."
            exit 1
@@ -605,12 +612,12 @@ if [ "$BORG_MODE" = test ]; then
        fi
    fi
-    if ! borg list >/dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" list >/dev/null; then
        echo "The entered path seems to be valid but could not open the backup archive."
        echo "Most likely the entered password was wrong so please adjust it accordingly!"
        exit 1
    else
-        if ! borg list | grep "nextcloud-aio"; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" list | grep "nextcloud-aio"; then
            echo "The backup archive does not contain a valid Nextcloud AIO backup."
            echo "Most likely was the archive not created via Nextcloud AIO."
            exit 1
@@ -623,7 +630,7 @@ fi
 if [ "$BORG_MODE" = list ]; then
    echo "Updating backup list..."
-    if ! borg info > /dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
        echo "Could not update the backup list."
        exit 1
    fi
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # These patterns need to be kept in sync with rsync and find excludes in backupscript.sh,
 # which use a different syntax (patterns appear in 3 places in total)
 nextcloud_aio_volumes/nextcloud_aio_apache/caddy/
@@ -1,4 +1,18 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    BORG_LOG_LEVEL_FLAG="--warning"
 else
    BORG_LOG_LEVEL_FLAG="--$AIO_LOG_LEVEL"
 fi
 export BORG_LOG_LEVEL_FLAG
 # Variables
 export MOUNT_DIR="/mnt/borgbackup"
@@ -48,7 +62,7 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
 # Get a list of all available borg archives
-if borg list &>/dev/null; then
+if borg "$BORG_LOG_LEVEL_FLAG" list &>/dev/null; then
    borg list | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 else
    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM alpine:3.23.4
 RUN set -ex; \
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
 	echo "ERROR: Unable to contact server"
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
 	set -x
 fi
 # Print out clamav version for compliance reasons
 clamscan --version
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@@ -5,7 +8,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 [program:freshclam]
 stdout_logfile=/dev/stdout
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From https://gitlab.collabora.com/collabora-online/docker
 # hadolint ignore=DL3007
 FROM registry.gitlab.collabora.com/collabora-online/docker:latest
@@ -1,4 +1,7 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Unfortunately, no curl and no nc is installed in the container 
 # and packages can also not be added as the package list is broken.
@@ -1,10 +1,13 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
 FROM collabora/code:25.04.9.4.1
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1001
@@ -18,3 +21,5 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
 ENTRYPOINT ["/start.sh"]
@@ -1,4 +1,7 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Unfortunately, no curl and no nc is installed in the container 
 # and packages can also not be added as the package list is broken.
@@ -0,0 +1,22 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    COLLABORA_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then
    COLLABORA_LOG_LEVEL="notice"
 else
    COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 # Replace the hardcoded log level in extra_params with the translated one
 extra_params+=" --o:logging.level=$COLLABORA_LOG_LEVEL --o:logging.level_startup=$COLLABORA_LOG_LEVEL"
 export extra_params
 exec /start-collabora-online.sh "$@"
@@ -1,17 +0,0 @@
 # syntax=docker/dockerfile:latest
 FROM alpine:3.21
 RUN apk add --no-cache dnsmasq iproute2
 COPY --chmod=755 start.sh /start.sh
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    org.opencontainers.image.title="Dnsmasq for Nextcloud AIO" \
    org.opencontainers.image.description="Lightweight DNS server that resolves NC_DOMAIN to the local server IP for LAN devices" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/community-containers/dnsmasq/readme.md"
@@ -1,40 +0,0 @@
 #!/bin/sh
 set -e
 if [ -z "$NC_DOMAIN" ]; then
    echo "ERROR: NC_DOMAIN is not set" >&2
    exit 1
 fi
 LOCAL_IP=""
 # Determine the server's primary LAN IP - use the source address chosen by the kernel
 # for a route to a well-known public IP (1.1.1.1 is used purely to query the routing table;
 # no traffic is sent there).
 LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") {print $(i+1); exit}}')
 if [ -z "$LOCAL_IP" ]; then
    LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
 fi
 if [ -z "$LOCAL_IP" ]; then
    echo "ERROR: Could not determine local IP address" >&2
    exit 1
 fi
 echo "Nextcloud AIO dnsmasq: resolving $NC_DOMAIN -> $LOCAL_IP"
 echo "Configure your router's DHCP to hand out $LOCAL_IP as the DNS server for LAN clients."
 mkdir -p /etc/dnsmasq.d
 cat > /etc/dnsmasq.d/nextcloud-aio.conf << EOF
 # Auto-generated by Nextcloud AIO dnsmasq container.
 # Resolves NC_DOMAIN (and all its subdomains) to this server's local IP.
 address=/$NC_DOMAIN/$LOCAL_IP
 # Bind only to the LAN interface to avoid conflicts with any system DNS resolver.
 bind-interfaces
 listen-address=$LOCAL_IP
 EOF
 exec dnsmasq --no-daemon --log-queries --conf-dir=/etc/dnsmasq.d
@@ -1,5 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.6-alpine
+# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM haproxy:3.3.8-alpine
 # hadolint ignore=DL3002
 USER root
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
 global
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
 nc -z 127.0.0.1 2375 || exit 1
@@ -1,4 +1,11 @@
 #!/bin/sh
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Only start container if nextcloud is accessible
 while ! nc -z "$NEXTCLOUD_HOST" 9001; do
@@ -18,6 +25,8 @@ else
    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
 fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 haproxy -f /tmp/haproxy.cfg -db
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM alpine:3.23.4
 RUN set -ex; \
    apk upgrade --no-cache -a; \
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 server.document-root = "/var/www/domaincheck/" 
 server.port = env.APACHE_PORT
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -z "$INSTANCE_ID" ]; then
    echo "You need to provide an instance id."
@@ -14,6 +21,20 @@ fi
 CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 # shellcheck disable=SC2235
 if ([ "$AIO_LOG_LEVEL" = 'debug' ] || [ "$AIO_LOG_LEVEL" = 'info' ]) && ! grep -q debug.log-request-handling /etc/lighttpd/lighttpd.conf; then
    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
 debug.log-request-handling = "enable"
 CONF_FILE
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ] && ! grep -q debug.log-request-header /etc/lighttpd/lighttpd.conf; then
    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
 debug.log-request-header = "enable"
 debug.log-response-header = "enable"
 CONF_FILE
 fi
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf
@@ -1,32 +1,34 @@
-# syntax=docker/dockerfile:latest
+# syntax=docker/dockerfile:latest
-# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
+# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-FROM elasticsearch:8.19.14
+# SPDX-License-Identifier: AGPL-3.0-only
-
+# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-USER root
+FROM elasticsearch:9.4.0
-
+
-ARG DEBIAN_FRONTEND=noninteractive
+USER root
-
+
-# hadolint ignore=DL3008
+# hadolint ignore=DL3041
-RUN set -ex; \
+RUN set -ex; \
-    \
+    \
-    apt-get update; \
+    microdnf update -y; \
-    apt-get upgrade -y; \
+    microdnf install -y --setopt=tsflags=nodocs \
-    apt-get install -y --no-install-recommends \
+        tzdata \
-        tzdata \
+    ; \
-    ; \
+    microdnf clean all;
-    rm -rf /var/lib/apt/lists/*;
+
-
+COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
+
-USER 1000:0
+USER 1000:0
-
+
-HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
+HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false" \
+LABEL com.centurylinklabs.watchtower.enable="false" \
-    wud.watch="false" \
+    wud.watch="false" \
-    org.opencontainers.image.title="Full Text Search for Nextcloud AIO" \
+    org.opencontainers.image.title="Full Text Search for Nextcloud AIO" \
-    org.opencontainers.image.description="Elasticsearch-based full-text search for Nextcloud All-in-One" \
+    org.opencontainers.image.description="Elasticsearch-based full-text search for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
+    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
-ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
+ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
 ENTRYPOINT ["/start.sh"]
@@ -1,3 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
@@ -0,0 +1,12 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"
@@ -1,52 +1,55 @@
-# syntax=docker/dockerfile:latest
+# syntax=docker/dockerfile:latest
-FROM golang:1.26.2-alpine3.23 AS go
+# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-
+# SPDX-License-Identifier: AGPL-3.0-only
 FROM golang:1.26.2-alpine3.23 AS go
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
-
+
-RUN set -ex; \
+RUN set -ex; \
-    apk upgrade --no-cache -a; \
+    apk upgrade --no-cache -a; \
-    apk add --no-cache \
+    apk add --no-cache \
-        vips-dev \
+        vips-dev \
-        vips-magick \
+        vips-magick \
-        vips-heif \
+        vips-heif \
-        vips-jxl \
+        vips-jxl \
-        vips-poppler \
+        vips-poppler \
-        build-base; \
+        build-base; \
-    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
+    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
-
+
-FROM alpine:3.23.4
+FROM alpine:3.23.4
-RUN set -ex; \
+RUN set -ex; \
-    apk upgrade --no-cache -a; \
+    apk upgrade --no-cache -a; \
-    apk add --no-cache \
+    apk add --no-cache \
-        tzdata \
+        tzdata \
-        ca-certificates \
+        ca-certificates \
-        netcat-openbsd \
+        netcat-openbsd \
-        vips \
+        vips \
-        vips-magick \
+        vips-magick \
-        vips-heif \
+        vips-heif \
-        vips-jxl \
+        vips-jxl \
-        vips-poppler \
+        vips-poppler \
-        ttf-dejavu \
+        ttf-dejavu \
-        bash
+        bash
-
+
-COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
+COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
-COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
+
-ENV PORT=9000
+ENV PORT=9000 \
-
+    AIO_LOG_LEVEL=warn
-USER 65534
+
-
+USER 65534
-# https://github.com/h2non/imaginary#memory-issues
+
-ENV MALLOC_ARENA_MAX=2
+# https://github.com/h2non/imaginary#memory-issues
-ENTRYPOINT ["/start.sh"]
+ENV MALLOC_ARENA_MAX=2
-
+ENTRYPOINT ["/start.sh"]
-HEALTHCHECK CMD /healthcheck.sh
+
-LABEL com.centurylinklabs.watchtower.enable="false" \
+HEALTHCHECK CMD /healthcheck.sh
-    wud.watch="false" \
+LABEL com.centurylinklabs.watchtower.enable="false" \
-    org.opencontainers.image.title="Imaginary for Nextcloud AIO" \
+    wud.watch="false" \
-    org.opencontainers.image.description="High-performance image processing service for Nextcloud All-in-One" \
+    org.opencontainers.image.title="Imaginary for Nextcloud AIO" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.description="High-performance image processing service for Nextcloud All-in-One" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
+    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
+    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
@@ -1,3 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 "$PORT" || exit 1
@@ -1,4 +1,22 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
    debug) printf 'info' ;;
    info) printf 'info' ;;
    warn) printf 'warning' ;;
    error) printf 'error' ;;
 esac)"
 export GOLANG_LOG
 if [ "$AIO_LOG_LEVEL" = "debug" ]; then
    export DEBUG='*'
 fi
 echo "Imaginary has started"
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Docker CLI is a requirement
 FROM docker:29.4.1-cli AS docker
@@ -1,3 +1,8 @@
 <!--
 SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 # Nextcloud All-in-One `mastercontainer`
 This folder contains the OCI/Docker container definition, along with associated resources and
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 {
 	admin off
 	# auto_https will create redirects for https://{host}:8443 instead of https://{host}
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 restart_process() {
    echo "Restarting cron.sh because daily backup time was set, changed or unset."
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
@@ -17,7 +24,9 @@ while true; do
        else
            export SEND_SUCCESS_NOTIFICATIONS=0
        fi
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
            export LOCK_FILE_PRESENT=1
        else
@@ -51,9 +60,6 @@ while true; do
    # Check if AIO is outdated
    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
    # Update deSEC DNS IP record (no-op when IP is unchanged or deSEC is not configured)
    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateDesecIp.php
    # Remove sessions older than 24h
    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 echo "Daily backup script has started"
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 header {
    # CSP limits which features can be used. By default we allow nothing and only allow required options. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
    # default-src 'none'; Allow nothing by default
@@ -18,9 +21,9 @@ header {
    Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
    X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
    Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
+    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
+    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
+    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
    # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
    Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
    nc -z 127.0.0.1 80 || exit 1
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 {
 	admin off
 	# auto_https will be handled manually in acme.Caddyfile
@@ -1,4 +1,7 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 deduplicate_sessions() {
    echo "Deleting duplicate sessions"
@@ -16,6 +19,10 @@ compare_times() {
    fi
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 while true; do
    compare_times
    sleep 2
@@ -1,4 +1,7 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Function to show text in green
 print_green() {
@@ -20,6 +23,10 @@ case "${1}" in
 esac
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Check if running as root user
 if [ "$EUID" != "0" ]; then
    print_red "Container does not run as root user. This is not supported."
@@ -333,6 +340,22 @@ else
    export NEXTCLOUD_DRI_GID=""
 fi
 # Log level logics
 if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
    print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
 It is set to '$AIO_LOG_LEVEL'".
    exit 1
 fi
 if [ -z "$AIO_LOG_LEVEL" ]; then
    export AIO_LOG_LEVEL="warn"
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
    export SUPERVISORD_STDOUT=NONE
 fi
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
 if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@@ -5,12 +8,12 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 user=root
 [program:php-fpm]
 # Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
@@ -58,7 +61,7 @@ user=root
 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs
-stdout_logfile=NONE
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
-stderr_logfile=NONE
+stderr_logfile=%(ENV_SUPERVISORD_STDOUT)s
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
 user=www-data
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM php:8.3.30-fpm-alpine3.23
 ENV PHP_MEMORY_LIMIT=512M
@@ -8,7 +10,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.2
+ENV NEXTCLOUD_VERSION=33.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -250,6 +252,21 @@ RUN set -ex; \
 # We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
 # Also children will usually be terminated again after the process is done due to the ondemand setting
    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
 # With pm = ondemand, workers are killed after pm.process_idle_timeout seconds
 # of inactivity.  The upstream default is 10 s, which is aggressive: after a
 # brief quiet period (e.g. desktop-sync clients polling every few seconds), all
 # workers are reaped and the next request burst must wait for fresh forks.  On
 # a loaded host that spawn latency can push Apache past its FastCGI timeout and
 # produce a 502.  300 s (5 min) keeps a warm pool through normal sync-client
 # polling cycles while still reclaiming memory during genuinely idle periods.
    sed -i 's/^;*pm.process_idle_timeout\s*=.*/pm.process_idle_timeout = 300s/' /usr/local/etc/php-fpm.d/www.conf; \
 # Set request_terminate_timeout so that PHP-FPM forcibly kills workers that
 # exceed the wall-clock limit.  Without this (default = 0 = disabled) a worker
 # stuck on a slow DB query, a stalled Redis connection, or a hung syscall is
 # never reaped.  Over time these zombies fill up pm.max_children, leaving no
 # free slots for legitimate requests and causing Apache to return 502 Bad
 # Gateway upstream.
    sed -i "s|^;*request_terminate_timeout = .*|request_terminate_timeout = \${PHP_MAX_TIME}|" /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
    \
    echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
@@ -1,3 +1,8 @@
 <!--
 SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 SPDX-License-Identifier: AGPL-3.0-only
 -->
 # Nextcloud All-in-One ``nextcloud`` Container
 This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 $CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 $CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
 );
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 $CONFIG = array (
  'apps_paths' => array (
      0 => array (
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 // Check if NEXTCLOUD_TRUSTED_CERTIFICATES_ are configured
 if (str_contains(implode(' ', array_keys(getenv())), 'NEXTCLOUD_TRUSTED_CERTIFICATES_')) {
  $CONFIG['default_certificates_bundle_path'] = '/var/www/html/data/certificates/ca-bundle.crt';
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
  $CONFIG = array(
    'pgsql_ssl' => array(
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 if (getenv('HTTP_PROXY')) {
    $CONFIG['proxy'] = getenv('HTTP_PROXY');
 }
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 if (getenv('REDIS_MODE') !== 'rediscluster') {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
@@ -1,47 +1,50 @@
-<?php
+<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
+// SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+// SPDX-License-Identifier: AGPL-3.0-only
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $CONFIG = array(
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-    'objectstore' => array(
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-      'class' => '\OC\Files\ObjectStore\S3',
+  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
-      'arguments' => array(
+  $CONFIG = array(
-        'multibucket' => $multibucket === 'true',
+    'objectstore' => array(
-        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
+      'class' => '\OC\Files\ObjectStore\S3',
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+      'arguments' => array(
-        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
+        'multibucket' => $multibucket === 'true',
-        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        // required for some non Amazon S3 implementations
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'use_path_style' => strtolower($use_path) === 'true',
+        'autocreate' => strtolower($autocreate) !== 'false',
-        // required for older protocol versions
+        'use_ssl' => strtolower($use_ssl) !== 'false',
-        'legacy_auth' => strtolower($use_legacyauth) === 'true',
+        // required for some non Amazon S3 implementations
-        'use_nextcloud_bundle' => 1,
+        'use_path_style' => strtolower($use_path) === 'true',
-      )
+        // required for older protocol versions
-    )
+        'legacy_auth' => strtolower($use_legacyauth) === 'true',
-  );
+        'use_nextcloud_bundle' => 1,
-
+      )
-  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+    )
-  if ($sse_c_key) {
+  );
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
+
-  }
+  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-
+  if ($sse_c_key) {
-  $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION');
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
-  if ($requestChecksumValidation) {
+  }
-    $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation;
+
-  }
+  $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION');
-
+  if ($requestChecksumValidation) {
-  $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION');
+    $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation;
-  if ($responseChecksumValidation) {
+  }
-    $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation;
+
-  }
+  $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION');
-}
+  if ($responseChecksumValidation) {
    $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation;
  }
 }
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 $CONFIG = array (
  'serverid' => crc32(gethostname()) % 512,
 );
@@ -1,4 +1,7 @@
 <?php
 // SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 // SPDX-License-Identifier: AGPL-3.0-only
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
@@ -1,31 +1,34 @@
-<?php
+<?php
-if (getenv('OBJECTSTORE_SWIFT_URL')) {
+// SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
+// SPDX-License-Identifier: AGPL-3.0-only
-  $CONFIG = array(
+
-    'objectstore' => [
+if (getenv('OBJECTSTORE_SWIFT_URL')) {
-      'class' => 'OC\\Files\\ObjectStore\\Swift',
+    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
-      'arguments' => [
+  $CONFIG = array(
-        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
+    'objectstore' => [
-        'user' => [
+      'class' => 'OC\\Files\\ObjectStore\\Swift',
-          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
+      'arguments' => [
-          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
+        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
-          'domain' => [
+        'user' => [
-            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
+          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
-          ],
+          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
-        ],
+          'domain' => [
-        'scope' => [
+            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
-          'project' => [
+          ],
-            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
+        ],
-            'domain' => [
+        'scope' => [
-              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
+          'project' => [
-            ],
+            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
-          ],
+            'domain' => [
-        ],
+              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
-        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
+            ],
-        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
+          ],
-        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
+        ],
-        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
+        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
-      ]
+        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
-    ]
+        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
-  );
+        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
-}
+      ]
    ]
  );
 }
@@ -1,4 +1,12 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 wait_for_cron() {
    set -x
    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
@@ -1,4 +1,7 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # version_greater A B returns whether A > B
 version_greater() {
@@ -10,6 +13,10 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 run_upgrade_if_needed_due_to_app_update() {
    if php /var/www/html/occ status | grep maintenance | grep -q true; then
        php /var/www/html/occ maintenance:mode --off
@@ -20,6 +27,14 @@ run_upgrade_if_needed_due_to_app_update() {
    fi
 }
 NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '0' ;;
    info) printf '1' ;;
    warn) printf '2' ;;
    error) printf '3' ;;
 esac)"
 export NEXTCLOUD_LOG_LEVEL
 # Create cert bundle
 if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
@@ -75,7 +90,9 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
    cat "$CERTIFICATE_BUNDLE"
    # Disable debug mode
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
 fi
 # Adjust DATABASE_TYPE to by Nextcloud supported value
@@ -222,7 +239,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                if grep -q appstoreurl /var/www/html/config/config.php; then
                    set -x
                    APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
-                    set +x
+                    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
                        set +x
                    fi
                fi
                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
@@ -289,7 +308,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                    "$SOURCE_LOCATION/custom_apps/" \
                    /var/www/html/custom_apps/
            done
-            set +x
+            if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
                set +x
            fi
        fi
        # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
@@ -442,7 +463,7 @@ EOF
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
            if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
                php /var/www/html/occ config:system:set log_type --value="errorlog"
                php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
@@ -653,6 +674,7 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
 php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
 if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
    php /var/www/html/occ config:system:set log_type --value="errorlog"
    php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
@@ -764,7 +786,9 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
        COLLABORA_HOST="$NC_DOMAIN"
    fi
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
    # Remove richdcoumentscode if it should be incorrectly installed
    if [ -d "/var/www/html/custom_apps/richdocumentscode" ]; then
        php /var/www/html/occ app:remove richdocumentscode
@@ -885,7 +909,9 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    if [ -z "$TURN_DOMAIN" ]; then
        TURN_DOMAIN="$TALK_HOST"
    fi
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Wait until the apache container is ready
 while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
@@ -53,7 +60,9 @@ if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindept
    usermod -aG "$GROUP" www-data
    touch "/dev-dri-group-was-added"
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 # Check datadir permissions
 sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
@@ -170,6 +179,8 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 exec "$@"
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm/supervisord.conf
 [supervisord]
 nodaemon=true
@@ -6,7 +9,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 user=root
 [program:php-fpm]
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM alpine:3.23.4
 COPY --chmod=775 start.sh /start.sh
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if ! nc -z "$NEXTCLOUD_HOST" 9001; then
    exit 0
@@ -1,4 +1,13 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 export RUST_LOG="$AIO_LOG_LEVEL"
 if [ -z "$NEXTCLOUD_HOST" ]; then
    echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:9.3.1.2
@@ -1,3 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 80 || exit 1
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
 FROM postgres:18.3-alpine
@@ -14,6 +16,7 @@ RUN set -ex; \
        bash \
        openssl \
        shadow \
        netcat-openbsd \
        grep; \
    \
 # We need to use the same gid and uid as on old installations
@@ -1,7 +1,17 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 test -f "/mnt/data/backup-is-running" && exit 0
-PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0
+# If database import is running, do not continue with the health check
 if nc -z 127.0.0.1 11000; then
    exit 0
 fi
 PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1
@@ -1,4 +1,12 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 set -ex
 touch "$DUMP_DIR/initialization.failed"
@@ -1,4 +1,19 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
    debug) printf 'debug1' ;;
    info) printf 'info' ;;
    warn) printf 'warning' ;;
    error) printf 'error' ;;
 esac)"
 export POSTGRES_LOG_MIN_MESSAGES
 # Variables
 DATADIR="/var/lib/postgresql/data"
@@ -166,6 +181,12 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
        sed -i 's|#log_checkpoints.*|log_checkpoints = off|' "$PGCONF"
    fi
    if grep -q "^#\?log_min_messages" /var/lib/postgresql/data/postgresql.conf; then
        sed -i "s|^#\?log_min_messages.*|log_min_messages = $POSTGRES_LOG_MIN_MESSAGES|" /var/lib/postgresql/data/postgresql.conf
    else
        echo "log_min_messages = $POSTGRES_LOG_MIN_MESSAGES" >> /var/lib/postgresql/data/postgresql.conf
    fi
    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
    if grep -q "^idle_session_timeout" "$PGCONF"; then
        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' "$PGCONF"
@@ -223,12 +244,16 @@ do_database_dump() {
        pg_ctl stop -m fast
        rm "$DUMP_DIR/export.failed"
        echo 'Database dump successful!'
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        exit 0
    else
        pg_ctl stop -m fast
        echo "Database dump unsuccessful!"
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        exit 1
    fi
 }
@@ -1,6 +1,8 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.2-alpine
+FROM redis:8.6.3-alpine
 COPY --chmod=775 start.sh /start.sh
@@ -1,3 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 redis-cli -a "$REDIS_HOST_PASSWORD" PING || exit 1
@@ -1,4 +1,21 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Redis only supports [debug, verbose, notice, warning, nothing] as log level
 if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
    REDIS_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then
    REDIS_LOG_LEVEL="notice"
 else
    REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 export REDIS_LOG_LEVEL
 # Show wiki if vm.overcommit is disabled
 if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
@@ -16,7 +33,7 @@ fi
 # Build the redis-server argument list.
 REDIS_ARGS=(
-    --loglevel warning
+    --loglevel "$REDIS_LOG_LEVEL"
    --save "" # Disable RDB persistence (Redis is used as a pure cache/lock store)
    --maxmemory-policy allkeys-lru # Evict least-recently-used keys when memory is full
    --lazyfree-lazy-eviction yes # Perform evictions in a background thread
@@ -1,15 +1,18 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM python:3.14.3-alpine3.23
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
-ENV RECORDING_VERSION=v0.2.1
+ENV RECORDING_VERSION=v0.2.1 \
-ENV ALLOW_ALL=false
+    ALLOW_ALL=false \
-ENV HPB_PROTOCOL=https
+    HPB_PROTOCOL=https \
-ENV NC_PROTOCOL=https
+    NC_PROTOCOL=https \
-ENV SKIP_VERIFY=false
+    SKIP_VERIFY=false \
-ENV HPB_PATH=/standalone-signaling/
+    HPB_PATH=/standalone-signaling/ \
    AIO_LOG_LEVEL=warn
 RUN set -ex; \
    apk upgrade --no-cache -a; \
@@ -1,3 +1,10 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 1234 || exit 1
@@ -1,4 +1,19 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '10' ;;
    info) printf '20' ;;
    warn) printf '30' ;;
    error) printf '40' ;;
 esac)"
 export TALK_RECORDING_LOG_LEVEL
 # Variables
 if [ -z "$NC_DOMAIN" ]; then
@@ -49,7 +64,7 @@ fi
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
-level = 30
+level = ${TALK_RECORDING_LOG_LEVEL}
 [http]
 listen = 0.0.0.0:1234
@@ -1,5 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.7-scratch AS nats
+# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM nats:2.14.0-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus
@@ -37,7 +39,8 @@ RUN set -ex; \
 FROM alpine:3.23.4
 ENV ETURNAL_ETC_DIR="/conf"
-ENV SKIP_CERT_VERIFY=false
+ENV SKIP_CERT_VERIFY=false \
    AIO_LOG_LEVEL=warn
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
 COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 8081 || exit 1
 nc -z 127.0.0.1 8188 || exit 1
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 [http]
 # IP and port to listen on for HTTP requests.
 # Comment line to disable the listener.
@@ -1,4 +1,25 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    ETURNAL_LOG_LEVEL="warning"
 else
    ETURNAL_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 export ETURNAL_LOG_LEVEL
 JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '7' ;;
    info) printf '4' ;;
    warn) printf '3' ;;
    error) printf '1' ;;
 esac)"
 export JANUS_LOG_LEVEL
 # Variables
 if [ -z "$NC_DOMAIN" ]; then
@@ -31,7 +52,9 @@ if mountpoint -q /usr/local/share/ca-certificates; then
        fi
    done
    export SSL_CERT_FILE=/tmp/ca-certificates.crt
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
 fi
 set -x
@@ -40,7 +63,9 @@ IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
 IPv4_ADDRESS_TALK="$(dig "$TALK_HOST" IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 # shellcheck disable=SC2153
 IPv6_ADDRESS_TALK="$(dig "$TALK_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
    IPv4_ADDRESS_TALK=""
@@ -53,7 +78,9 @@ if grep -q "1" /sys/module/ipv6/parameters/disable \
 || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
    IP_BINDING="0.0.0.0"
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
@@ -66,7 +93,7 @@ eturnal:
      port: $TALK_PORT
      transport: tcp
  log_dir: stdout
-  log_level: warning
+  log_level: ${ETURNAL_LOG_LEVEL}
  secret: "$TURN_SECRET"
  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
  relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
@@ -1,3 +1,6 @@
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@@ -5,7 +8,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 [program:nats-server]
 stdout_logfile=/dev/stdout
@@ -30,8 +33,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-# debug-level 3 means warning
+command=janus --config=/conf/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level %(ENV_JANUS_LOG_LEVEL)s
 command=janus --config=/conf/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
 # Start alongside eturnal; signaling connects to Janus via WebSocket
 priority=20
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 FROM golang:1.26.2-alpine3.23 AS go
 ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3	
@@ -1,4 +1,11 @@
 #!/bin/bash
 # SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Check if socket is available and readable
 if ! [ -e "/var/run/docker.sock" ]; then
@@ -17,7 +24,7 @@ if [ -f /run/.containerenv ]; then
 fi
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --log-level "$AIO_LOG_LEVEL" --run-once "$CONTAINER_TO_UPDATE"
 else
    echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
    exit 1
@@ -1,4 +1,6 @@
 # syntax=docker/dockerfile:latest
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
 # SPDX-License-Identifier: AGPL-3.0-only
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
copilot-swe-agent[bot]	ee72a128a9	reuse: move helm chart and sample.conf SPDX headers to REUSE.toml; fix workflow license Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 13:00:54 +00:00
copilot-swe-agent[bot]	b1046f0269	reuse: fix PHP files to keep declare(strict_types=1) directly after <?php Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 13:00:48 +00:00
copilot-swe-agent[bot]	4f43a212c3	reuse: fix Dockerfiles to keep # syntax= directive on line 1 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 13:00:44 +00:00
copilot-swe-agent[bot]	0098c23e0d	reuse: add AUTHORS.md with all contributors Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:14:00 +00:00
copilot-swe-agent[bot]	06940f8e66	reuse: add SPDX headers to remaining root-level files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:48 +00:00
copilot-swe-agent[bot]	efb037f48b	reuse: add SPDX headers to app, community-containers, helm chart, and docs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:44 +00:00
copilot-swe-agent[bot]	a2f5895265	reuse: add SPDX headers to PHP source files, templates, and JS/CSS Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:37 +00:00
copilot-swe-agent[bot]	ac02e17a20	reuse: add SPDX headers to container config files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:31 +00:00
copilot-swe-agent[bot]	9c1a086642	reuse: add SPDX headers to Dockerfiles and container shell scripts Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:26 +00:00
copilot-swe-agent[bot]	000248d67a	reuse: add REUSE.toml with annotations for binary, JSON, and vendor files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:10:22 +00:00
copilot-swe-agent[bot]	b0845e1f02	reuse: add LICENSES directory with AGPL-3.0-only, AGPL-3.0-or-later, and MIT license texts Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-11 10:05:32 +00:00
Simon L.	15ae285d9f	increase to 13.0.3 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-07 16:22:14 +02:00
Simon L.	1fa4f3b6a3	aio-interface: change session cookie SameSite from Strict to Lax to fix cross-site getlogin flow (#8064 )	2026-05-07 16:10:18 +02:00
copilot-swe-agent[bot]	654c39ff1e	fix: change session cookie SameSite from Strict to Lax to fix cross-site getlogin flow Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/acf6148d-63c7-4ee2-a856-6de7de68118d Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-05-07 07:53:51 +00:00
Simon L.	91d59af4dc	increase to 13.0.2 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-06 13:03:28 +02:00
Simon L.	5091f27e87	build(deps): bump redis from 8.6.2-alpine to 8.6.3-alpine in /Containers/redis (#8061 )	2026-05-06 13:00:57 +02:00
Simon L.	c74d08902e	build(deps): bump elasticsearch from 9.3.3 to 9.4.0 in /Containers/fulltextsearch (#8060 )	2026-05-06 13:00:45 +02:00
Simon L.	216c73d3aa	build(deps): bump httpd from 2.4.66-alpine3.23 to 2.4.67-alpine3.23 in /Containers/apache (#8059 )	2026-05-06 13:00:34 +02:00
Simon L.	6c1c33e069	build(deps): bump haproxy from 3.3.7-alpine to 3.3.8-alpine in /Containers/docker-socket-proxy (#8047 )	2026-05-06 13:00:22 +02:00
Simon L.	f0949a8746	build(deps): bump nats from 2.12.8-scratch to 2.14.0-scratch in /Containers/talk (#8037 )	2026-05-06 13:00:08 +02:00
dependabot[bot]	79eccd576d	build(deps): bump redis in /Containers/redis Bumps redis from 8.6.2-alpine to 8.6.3-alpine. --- updated-dependencies: - dependency-name: redis dependency-version: 8.6.3-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-06 04:20:08 +00:00
dependabot[bot]	323a34a437	build(deps): bump elasticsearch in /Containers/fulltextsearch Bumps elasticsearch from 9.3.3 to 9.4.0. --- updated-dependencies: - dependency-name: elasticsearch dependency-version: 9.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-06 04:19:29 +00:00
dependabot[bot]	f2076fa56b	build(deps): bump httpd in /Containers/apache Bumps httpd from 2.4.66-alpine3.23 to 2.4.67-alpine3.23. --- updated-dependencies: - dependency-name: httpd dependency-version: 2.4.67-alpine3.23 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-06 04:19:18 +00:00
Simon L.	99ea91c5ef	increase to v13.0.1 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-04 10:49:10 +02:00
Simon L.	7b2de0683e	fix harp container not starting anymore (#8048 )	2026-05-04 10:48:29 +02:00
Simon L.	f7b677fb51	fix harp container not starting anymore Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-04 10:39:21 +02:00
Simon L.	ee8a5a185c	mastercontainer: fix checking for AIO_LOG_LEVEL (#8035 )	2026-05-04 10:36:45 +02:00
Simon L.	2b0cb13f35	aio-interface: fix Cross-Origin-* headers not being sent (#8046 )	2026-05-04 10:36:22 +02:00
dependabot[bot]	1e064fed8a	build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.3.7-alpine to 3.3.8-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.3.8-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-04 04:20:18 +00:00
Zoey	a1eaea85ed	fix Cross-Origin-* headers not being sent Signed-off-by: Zoey <zoey@z0ey.de>	2026-05-03 22:34:27 +02:00
dependabot[bot]	bc2105d668	build(deps): bump nats in /Containers/talk Bumps nats from 2.12.8-scratch to 2.14.0-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.14.0-scratch dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-01 04:27:45 +00:00
Simon L.	c545bffc53	mastercontainer: fix checking for AIO_LOG_LEVEL Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-30 16:07:48 +02:00
Simon L.	dc27f8078f	nextcloud: update to 33.0.3 (#8032 )	2026-04-30 11:22:32 +02:00
Simon L.	9f9846461e	nextcloud: update to 33.0.3 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-30 11:19:13 +02:00
Simon L.	8e3141ab75	fix update-yaml script detail Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 18:41:12 +02:00
Simon L.	f060a334d3	collabora: fix log level info (#8030 )	2026-04-29 17:59:10 +02:00
Simon L.	4417d1ca7a	collabora: fix log level info Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 17:57:25 +02:00
Simon L.	cdc617d0b7	another fix for redis Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 17:31:35 +02:00
Simon L.	71dbf98d48	fix detail Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 17:06:32 +02:00
Simon L.	42e2d88b3e	redis: fix log level (#8029 )	2026-04-29 17:02:03 +02:00
Simon L.	4682355bfe	redis: fix log level Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 17:01:14 +02:00
Simon L.	13ac536b68	nextcloud: overwrite the log level every start (#8028 )	2026-04-29 15:02:35 +02:00
Simon L.	9b9b3b638d	nextcloud: overwrite the log level every start Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 15:01:17 +02:00
Simon L.	7b6bda1f60	postgres: fix healthcheck (#8027 )	2026-04-29 14:55:57 +02:00
Simon L.	764314524d	caddy: revert being able to adjust the log level for it for now (#8021 )	2026-04-29 14:55:21 +02:00
Simon L.	4910c3f012	postgres: fix healthcheck Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 14:54:36 +02:00
Simon L.	55790da3eb	caddy: revert being able to adjust the log level for it for now Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-29 14:47:32 +02:00
Simon L.	4e8292b922	acme.Caddyfile: mute caddy warnings Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-28 21:38:41 +02:00
Simon L.	50643afd6a	allow to adjust the log level globally (#7902 )	2026-04-28 18:08:27 +02:00
Simon L.	4f4ef8f1d6	add our own entrypoint to fts and collabora Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-28 15:39:57 +02:00
Simon L.	4acc5b87e3	nextcloud: fix intermittent 502 Bad Gateway: PHP-FPM request_terminate_timeout + process_idle_timeout (#8013 )	2026-04-28 10:00:59 +02:00
Simon L.	753ea8d3fd	build(deps): bump nats from 2.12.7-scratch to 2.12.8-scratch in /Containers/talk (#8014 )	2026-04-28 09:38:19 +02:00
dependabot[bot]	dbda18b67d	build(deps): bump nats in /Containers/talk Bumps nats from 2.12.7-scratch to 2.12.8-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.12.8-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-28 04:46:51 +00:00
Simon L.	461f9e14c1	Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-27 17:57:47 +02:00
Simon L.	457a0d9fef	Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-27 17:56:07 +02:00
copilot-swe-agent[bot]	ffd9dd2da8	refactor: move request_terminate_timeout to Dockerfile; remove 502 docs section - Remove request_terminate_timeout sed from start.sh (was runtime-dynamic) - Add request_terminate_timeout sed to Dockerfile alongside pm.process_idle_timeout so it is baked into the image permanently at build time - Remove the 502 Bad Gateway troubleshooting subsection from reverse-proxy.md Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/bc8a9920-0b43-4645-9591-180fa8783767 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-04-27 15:54:49 +00:00
copilot-swe-agent[bot]	2bc3c4e7ec	refine: improve sed pattern specificity and remove hardcoded timeout from docs - Use \s*= in pm.process_idle_timeout sed pattern to match only setting lines, not comment-only lines that mention the setting name - Remove hardcoded '5 minutes' from docs; reference pm.process_idle_timeout by name so it stays accurate if the value changes Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/2fd7a6d1-bfdb-4f26-a8d0-cd54a7307999 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-04-27 15:32:37 +00:00
copilot-swe-agent[bot]	46eb2dfc7d	fix: prevent 502 Bad Gateway via PHP-FPM worker pool exhaustion and cold-start latency - Add request_terminate_timeout = PHP_MAX_TIME in start.sh: without this (default 0 = disabled) workers blocked on a slow DB query, stalled Redis connection, or hung syscall are never reaped. Over time they fill pm.max_children and Apache returns 502 Bad Gateway to the reverse proxy. - Set pm.process_idle_timeout = 300s in Dockerfile: the upstream default of 10 s kills all idle workers after a brief quiet period. The next request burst must then wait for fresh PHP-FPM forks; on a loaded host that spawn latency can push Apache past its FastCGI deadline and produce a 502. 300 s keeps a warm pool through normal desktop-sync polling cycles. - Add a dedicated 502 troubleshooting subsection to reverse-proxy.md documenting the six most common causes (proxy timeout, worker exhaustion, stuck workers, Redis session lock contention, container cold start, Caddy cert renewal) with actionable diagnostics. Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/2fd7a6d1-bfdb-4f26-a8d0-cd54a7307999 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-04-27 15:31:14 +00:00
Simon L.	119f68b6ee	aio-interface: also reset the borg backup cache when resetting the backup path (#7998 )	2026-04-27 14:36:05 +02:00
Simon L.	cd2d06fca6	aio-interface: only set the placeholder for timezone and not the value automatically because it is confusing (#7999 )	2026-04-27 14:32:24 +02:00
Simon L.	6c3403d95d	domain-check: replace curl with GuzzleHttp\Client in ConfigurationManager (#7994 )	2026-04-27 14:31:53 +02:00
Simon L.	8b40127b0e	fulltextsearch: update Elasticsearch to v9 (#8004 )	2026-04-27 14:30:10 +02:00
Simon L.	8d77f3340a	PHP dependency updates (#8011 )	2026-04-27 14:29:30 +02:00
szaimen	dac2ccd195	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-27 12:28:00 +00:00
Simon L.	c7d980e7bc	build(deps): bump haproxy from 3.3.6-alpine to 3.3.7-alpine in /Containers/docker-socket-proxy (#8007 )	2026-04-27 10:24:58 +02:00
dependabot[bot]	024e404c8d	build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.3.6-alpine to 3.3.7-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.3.7-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-27 04:20:12 +00:00
copilot-swe-agent[bot]	aa831bc8a5	fulltextsearch: update elasticsearch from v8 to v9, switch apt-get to microdnf Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/53b5dc51-71a8-40d3-a262-4ef6ce59d92d Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>	2026-04-27 00:29:17 +00:00
Simon L.	8727df147d	Add disclaimer and clarify migration steps for snap installation Added a disclaimer regarding the accuracy of the migration guide and clarified the use of a temporary Docker container for database conversion. Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-26 19:59:36 +02:00
Simon L.	a747ab1c5e	migration.md: add snap-to-AIO migration procedure using temporary Docker container (#8003 )	2026-04-26 18:11:17 +02:00
copilot-swe-agent[bot]	f28d94c30c	migration.md: add snap-to-AIO migration procedure using temporary Docker container Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/64e677c8-17ac-4c15-93db-e7375d2a2084 docs: address code review feedback on snap migration section Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/64e677c8-17ac-4c15-93db-e7375d2a2084 docs: improve snap migration section per feedback Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f71332ba-4e6b-465b-8278-6767fe3a62d3 docs: add snap removal step after successful migration to AIO Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/b3c5c0c5-79dd-4fa3-b617-6db88ee99431 Apply suggestion from @szaimen Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-26 18:08:40 +02:00
Simon L.	6dc1cd6ebd	adjust community-container readme Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-25 17:09:23 +02:00
Simon L.	1f813aacc3	timezone: only set the placeholder and not the value automatically because it is confusing Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-25 16:41:48 +02:00
Simon L.	670e38969c	docs: add Pangolin to reverse proxy guide (#7996 )	2026-04-25 16:25:04 +02:00
copilot-swe-agent[bot]	ae5a21eadf	docs: add Pangolin to reverse proxy guide Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/c7f8b130-4edd-4fcc-b218-1522ba88eae8 docs: add Pangolin option to local-instance docs Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/0ad32b82-c0ae-46f4-9849-af64ae130dbd docs: address review feedback on Pangolin section Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/c7f8b130-4edd-4fcc-b218-1522ba88eae8 Co-Authored-By: szaimen <42591237+szaimen@users.noreply.github.com> Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-25 16:24:13 +02:00
copilot-swe-agent[bot]	d772c14f55	domain-check: replace curl with GuzzleHttp\Client in ConfigurationManager	2026-04-25 16:17:16 +02:00
copilot-swe-agent[bot]	172c72f735	aio-interface: also reset the borg backup cache when resetting the backup path Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-25 15:06:58 +02:00
Simon L.	47307b37f8	Apply suggestions from code review Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 17:27:15 +02:00
Simon L.	f80f888d6c	allow to adjust the log level globally (whiteboard) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	95f70d2082	allow to adjust the log level globally (watchtower) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	d69939f010	allow to adjust the log level globally (talk-recording) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	ab167fe665	allow to adjust the log level globally (talk) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	02eae0f5ed	allow to adjust the log level globally (redis) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	60231f09eb	allow to adjust the log level globally (postgresql) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:18 +02:00
Simon L.	38996ddb29	allow to adjust the log level globally (onlyoffice) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:17 +02:00
Simon L.	e30742904e	allow to adjust the log level globally (notify-push) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:17 +02:00
Simon L.	6185478b21	allow to adjust the log level globally (nextcloud) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:35:17 +02:00
Simon L.	d1a677909e	allow to adjust the log level globally (mastercontainer) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:44 +02:00
Simon L.	14c4ff7809	allow to adjust the log level globally (imaginary) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:44 +02:00
Simon L.	d837898ade	allow to adjust the log level globally (fulltextsearch) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:44 +02:00
Simon L.	2c0461d223	allow to adjust the log level globally (domaincheck) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:44 +02:00
Simon L.	498c4bda12	allow to adjust the log level globally (docker-socket-proxy) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	81878f669e	allow to adjust the log level globally (collabora-online) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	49234b77fe	allow to adjust the log level globally (collabora) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	07bd520b77	allow to adjust the log level globally (clamav) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	995b5cc27a	allow to adjust the log level globally (borgbackup) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	d8aa83f4e0	allow to adjust the log level globally (apache) Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00
Simon L.	74ec1b6baa	allow to adjust the log level globally Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-24 10:34:43 +02:00