build(deps): bump python from 3.14.3-alpine3.23 to 3.14.5-alpine3.23 in /Containers/talk-recording (#8107 )

build(deps): bump postgres from 18.3-alpine to 18.4-alpine in /Containers/postgresql (#8106 )
build(deps): bump python in /Containers/talk-recording
2026-06-10 08:37:02 +00:00 · 2026-05-15 09:01:25 +02:00 · 2026-05-15 09:01:05 +02:00 · 2026-05-15 04:24:00 +00:00 · 2026-05-15 04:23:40 +00:00 · 2026-05-14 21:36:05 +02:00
110 changed files with 888 additions and 772 deletions
@@ -16,7 +16,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Turnstyle
-        uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
+        uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
        with:
          continue-after-seconds: 180
        env:
@@ -5,12 +5,14 @@ on:
    paths:
      - 'php/**'
      - 'Containers/mastercontainer/*.Caddyfile'
      - 'Containers/mastercontainer/start.sh'
  push:
    branches:
      - main
    paths:
      - 'php/**'
      - 'Containers/mastercontainer/*.Caddyfile'
      - 'Containers/mastercontainer/start.sh'
 concurrency:
  group: playwright-${{ github.head_ref || github.run_id }}
@@ -28,7 +30,7 @@ jobs:
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: lts/*
@@ -55,7 +57,7 @@ jobs:
          rm -r ./session
          composer install --no-dev
          composer clear-cache
-          sudo chmod 777 -R ./
+          sudo chmod 777 -R ../
      - name: Start fresh development server
        run: |
@@ -72,6 +74,7 @@ jobs:
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=true \
            --env APACHE_PORT=11000 \
@@ -103,6 +106,7 @@ jobs:
            --volume ./php:/var/www/docker-aio/php \
            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=false \
            --env APACHE_PORT=11000 \
@@ -15,7 +15,7 @@ jobs:
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
          node-version: lts/*
@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.11.2-alpine AS caddy
+FROM caddy:2.11.3-alpine AS caddy
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.66-alpine3.23
+FROM httpd:2.4.67-alpine3.23
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z 127.0.0.1 8000 || exit 1
 nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
@@ -7,7 +7,7 @@ Listen 8000
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    ErrorLog /proc/self/fd/2
    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn
+    LogLevel ${AIO_LOG_LEVEL}
    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
@@ -1,10 +1,20 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -z "$NC_DOMAIN" ]; then
    echo "NC_DOMAIN and NEXTCLOUD_HOST need to be provided. Exiting!"
    exit 1
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
    export SUPERVISORD_STDOUT=NONE
 fi
 # Need write access to /mnt/data
 if ! [ -w /mnt/data ]; then
    echo "Cannot write to /mnt/data"
@@ -5,11 +5,11 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 [program:apache]
 # Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Functions
 get_start_time(){
    START_TIME=$(date +%s)
@@ -40,7 +44,7 @@ if [ -z "$BORG_REMOTE_REPO" ] && ! mountpoint -q "$MOUNT_DIR"; then
 fi
 # Check if repo is uninitialized
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg info > /dev/null; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
        echo "The repository is uninitialized or cannot connect to remote. Cannot perform check or restore."
    else
@@ -123,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
    fi
    # Initialize the repository if can't get info from target
-    if ! borg info > /dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            if [ -n "$BORG_REMOTE_REPO" ]; then
@@ -140,14 +144,14 @@ if [ "$BORG_MODE" = backup ]; then
        echo "Initializing repository..."
        NEW_REPOSITORY=1
-        if ! borg init --debug --encryption=repokey-blake2; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" init --encryption=repokey-blake2; then
            echo "Could not initialize borg repository."
            exit 1
        fi
        if [ -z "$BORG_REMOTE_REPO" ]; then
            # borg config only works for local repos; it's up to the remote to ensure the disk isn't full
-            borg config :: additional_free_space 2G
+            borg "$BORG_LOG_LEVEL_FLAG" config :: additional_free_space 2G
            # Fix too large Borg cache
            # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
@@ -156,7 +160,7 @@ if [ "$BORG_MODE" = backup ]; then
            touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
        fi
-        if ! borg info > /dev/null; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
            echo "Borg can't get info from the repo it created. Something is wrong."
            exit 1
        fi
@@ -216,9 +220,9 @@ if [ "$BORG_MODE" = backup ]; then
    # Create the backup
    echo "Starting the backup..."
    get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
        echo "Deleting the failed backup archive..."
-        borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
+        borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
        echo "You might want to check the backup integrity via the AIO interface."
        if [ "$NEW_REPOSITORY" = 1 ]; then
@@ -237,14 +241,14 @@ if [ "$BORG_MODE" = backup ]; then
    # Prune archives
    echo "Pruning the archives..."
-    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi
    # Compact archives
    echo "Compacting the archives..."
-    if ! borg compact; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
        echo "Failed to compact archives!"
        exit 1
    fi
@@ -261,19 +265,19 @@ if [ "$BORG_MODE" = backup ]; then
                fi
            done
            echo "Starting the backup for additional volumes..."
-            if ! borg create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-docker-volumes"
+                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
            echo "Pruning additional volumes..."
-            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
            echo "Compacting additional volumes..."
-            if ! borg compact; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
                echo "Failed to compact additional docker-volume archives!"
                exit 1
            fi
@@ -291,19 +295,19 @@ if [ "$BORG_MODE" = backup ]; then
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
            echo "Starting the backup for additional host mounts..."
-            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-host-mounts"
+                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
            echo "Pruning additional host mounts..."
-            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
            echo "Compacting additional host mounts..."
-            if ! borg compact; then
+            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
                echo "Failed to compact additional host-mount archives!"
                exit 1
            fi
@@ -385,7 +389,7 @@ if [ "$BORG_MODE" = restore ]; then
    if [ -z "$BORG_REMOTE_REPO" ]; then
        mkdir -p /tmp/borg
-        if ! borg mount "::$SELECTED_ARCHIVE" /tmp/borg; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" mount "::$SELECTED_ARCHIVE" /tmp/borg; then
            echo "Could not mount the backup!"
            exit 1
        fi
@@ -432,7 +436,7 @@ if [ "$BORG_MODE" = restore ]; then
        #
        # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
        cd /  # borg extract has no destination arg and extracts to CWD
-        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
+        if ! borg "$BORG_LOG_LEVEL_FLAG" extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
        then
            RESTORE_FAILED=1
            echo "Failed to extract backup archive."
@@ -464,7 +468,7 @@ if [ "$BORG_MODE" = restore ]; then
                    \) \
                    | LC_ALL=C sort \
                    | LC_ALL=C comm -23 - \
-                        <(borg list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
+                        <(borg "$BORG_LOG_LEVEL_FLAG" list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
                    > /tmp/local_files_not_in_backup
            then
                RESTORE_FAILED=1
@@ -552,7 +556,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."
    # Perform the check
-    if ! borg check -v --verify-data; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" check -v --verify-data; then
        echo "Some errors were found while checking the backup integrity!"
        echo "Check the AIO interface for advice on how to proceed now!"
        exit 1
@@ -570,7 +574,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
    echo "Checking the backup integrity and repairing it..."
    # Perform the check-repair
-    if ! echo YES | borg check -v --repair; then
+    if ! echo YES | borg "$BORG_LOG_LEVEL_FLAG" check -v --repair; then
        echo "Some errors were found while checking and repairing the backup integrity!"
        exit 1
    fi
@@ -584,7 +588,7 @@ fi
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg info > /dev/null; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
            echo "Borg could not get info from the remote repo."
            echo "See the above borg info output for details."
            exit 1
@@ -605,12 +609,12 @@ if [ "$BORG_MODE" = test ]; then
        fi
    fi
-    if ! borg list >/dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" list >/dev/null; then
        echo "The entered path seems to be valid but could not open the backup archive."
        echo "Most likely the entered password was wrong so please adjust it accordingly!"
        exit 1
    else
-        if ! borg list | grep "nextcloud-aio"; then
+        if ! borg "$BORG_LOG_LEVEL_FLAG" list | grep "nextcloud-aio"; then
            echo "The backup archive does not contain a valid Nextcloud AIO backup."
            echo "Most likely was the archive not created via Nextcloud AIO."
            exit 1
@@ -623,7 +627,7 @@ fi
 if [ "$BORG_MODE" = list ]; then
    echo "Updating backup list..."
-    if ! borg info > /dev/null; then
+    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
        echo "Could not update the backup list."
        exit 1
    fi
@@ -1,5 +1,16 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    BORG_LOG_LEVEL_FLAG="--warning"
 else
    BORG_LOG_LEVEL_FLAG="--$AIO_LOG_LEVEL"
 fi
 export BORG_LOG_LEVEL_FLAG
 # Variables
 export MOUNT_DIR="/mnt/borgbackup"
 export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"  # necessary even when remote to store the aio-lockfile
@@ -48,7 +59,7 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
 # Get a list of all available borg archives
-if borg list &>/dev/null; then
+if borg "$BORG_LOG_LEVEL_FLAG" list &>/dev/null; then
    borg list | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 else
    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
 	echo "ERROR: Unable to contact server"
 	exit 1
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
 	set -x
 fi
 # Print out clamav version for compliance reasons
 clamscan --version
@@ -5,7 +5,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 [program:freshclam]
 stdout_logfile=/dev/stdout
@@ -5,6 +5,7 @@ FROM collabora/code:25.04.9.4.1
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1001
@@ -18,3 +19,5 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
 ENTRYPOINT ["/start.sh"]
@@ -0,0 +1,19 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    COLLABORA_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then
    COLLABORA_LOG_LEVEL="notice"
 else
    COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 # Replace the hardcoded log level in extra_params with the translated one
 extra_params+=" --o:logging.level=$COLLABORA_LOG_LEVEL --o:logging.level_startup=$COLLABORA_LOG_LEVEL"
 export extra_params
 exec /start-collabora-online.sh "$@"
@@ -1,17 +0,0 @@
 # syntax=docker/dockerfile:latest
 FROM alpine:3.21
 RUN apk add --no-cache dnsmasq iproute2
 COPY --chmod=755 start.sh /start.sh
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    org.opencontainers.image.title="Dnsmasq for Nextcloud AIO" \
    org.opencontainers.image.description="Lightweight DNS server that resolves NC_DOMAIN to the local server IP for LAN devices" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/community-containers/dnsmasq/readme.md"
@@ -1,40 +0,0 @@
 #!/bin/sh
 set -e
 if [ -z "$NC_DOMAIN" ]; then
    echo "ERROR: NC_DOMAIN is not set" >&2
    exit 1
 fi
 LOCAL_IP=""
 # Determine the server's primary LAN IP - use the source address chosen by the kernel
 # for a route to a well-known public IP (1.1.1.1 is used purely to query the routing table;
 # no traffic is sent there).
 LOCAL_IP=$(ip route get 1.1.1.1 2>/dev/null | awk '{for(i=1;i<=NF;i++) if($i=="src") {print $(i+1); exit}}')
 if [ -z "$LOCAL_IP" ]; then
    LOCAL_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
 fi
 if [ -z "$LOCAL_IP" ]; then
    echo "ERROR: Could not determine local IP address" >&2
    exit 1
 fi
 echo "Nextcloud AIO dnsmasq: resolving $NC_DOMAIN -> $LOCAL_IP"
 echo "Configure your router's DHCP to hand out $LOCAL_IP as the DNS server for LAN clients."
 mkdir -p /etc/dnsmasq.d
 cat > /etc/dnsmasq.d/nextcloud-aio.conf << EOF
 # Auto-generated by Nextcloud AIO dnsmasq container.
 # Resolves NC_DOMAIN (and all its subdomains) to this server's local IP.
 address=/$NC_DOMAIN/$LOCAL_IP
 # Bind only to the LAN interface to avoid conflicts with any system DNS resolver.
 bind-interfaces
 listen-address=$LOCAL_IP
 EOF
 exec dnsmasq --no-daemon --log-queries --conf-dir=/etc/dnsmasq.d
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.6-alpine
+FROM haproxy:3.3.10-alpine
 # hadolint ignore=DL3002
 USER root
@@ -1,4 +1,8 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
 nc -z 127.0.0.1 2375 || exit 1
@@ -1,5 +1,9 @@
 #!/bin/sh
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Only start container if nextcloud is accessible
 while ! nc -z "$NEXTCLOUD_HOST" 9001; do
    echo "Waiting for Nextcloud to start..."
@@ -18,6 +22,8 @@ else
    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
 fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 haproxy -f /tmp/haproxy.cfg -db
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -z "$INSTANCE_ID" ]; then
    echo "You need to provide an instance id."
    exit 1
@@ -14,6 +18,20 @@ fi
 CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 # shellcheck disable=SC2235
 if ([ "$AIO_LOG_LEVEL" = 'debug' ] || [ "$AIO_LOG_LEVEL" = 'info' ]) && ! grep -q debug.log-request-handling /etc/lighttpd/lighttpd.conf; then
    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
 debug.log-request-handling = "enable"
 CONF_FILE
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ] && ! grep -q debug.log-request-header /etc/lighttpd/lighttpd.conf; then
    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
 debug.log-request-header = "enable"
 debug.log-response-header = "enable"
 CONF_FILE
 fi
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf
@@ -1,21 +1,19 @@
 # syntax=docker/dockerfile:latest
-# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
+# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:8.19.14
+FROM elasticsearch:9.4.1
 USER root
-ARG DEBIAN_FRONTEND=noninteractive
+# hadolint ignore=DL3041
 # hadolint ignore=DL3008
 RUN set -ex; \
    \
-    apt-get update; \
+    microdnf update -y; \
-    apt-get upgrade -y; \
+    microdnf install -y --setopt=tsflags=nodocs \
    apt-get install -y --no-install-recommends \
        tzdata \
    ; \
-    rm -rf /var/lib/apt/lists/*;
+    microdnf clean all;
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1000:0
@@ -30,3 +28,5 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
 ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
 ENTRYPOINT ["/start.sh"]
@@ -1,3 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
@@ -0,0 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.2-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
@@ -33,7 +33,8 @@ COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
-ENV PORT=9000
+ENV PORT=9000 \
    AIO_LOG_LEVEL=warn
 USER 65534
@@ -1,3 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 "$PORT" || exit 1
@@ -1,5 +1,20 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
    debug) printf 'info' ;;
    info) printf 'info' ;;
    warn) printf 'warning' ;;
    error) printf 'error' ;;
 esac)"
 export GOLANG_LOG
 if [ "$AIO_LOG_LEVEL" = "debug" ]; then
    export DEBUG='*'
 fi
 echo "Imaginary has started"
 IMAGINARY_ARGS=(-return-size -max-allowed-resolution 222.2)
@@ -1,17 +1,17 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.4.1-cli AS docker
+FROM docker:29.4.3-cli AS docker
-ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
+ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
 # Caddy is a requirement
-FROM caddy:2.11.2-builder-alpine AS caddy
+FROM caddy:2.11.3-builder-alpine AS caddy
 RUN set -ex; \
    xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
    /usr/bin/caddy list-modules
 # From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.5-fpm-alpine3.23
+FROM php:8.5.6-fpm-alpine3.23
 EXPOSE 80
 EXPOSE 8080
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 restart_process() {
    echo "Restarting cron.sh because daily backup time was set, changed or unset."
    pkill cron.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
        set -x
@@ -17,7 +21,9 @@ while true; do
        else
            export SEND_SUCCESS_NOTIFICATIONS=0
        fi
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
            export LOCK_FILE_PRESENT=1
        else
@@ -51,9 +57,6 @@ while true; do
    # Check if AIO is outdated
    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
    # Update deSEC DNS IP record (no-op when IP is unchanged or deSEC is not configured)
    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/UpdateDesecIp.php
    # Remove sessions older than 24h
    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 echo "Daily backup script has started"
 # Check if initial configuration has been done, otherwise this script should do nothing.
@@ -18,9 +18,9 @@ header {
    Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
    X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
    Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
+    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
+    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
+    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
    # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
    Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
    nc -z 127.0.0.1 80 || exit 1
    nc -z 127.0.0.1 8080 || exit 1
@@ -16,6 +16,10 @@ compare_times() {
    fi
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 while true; do
    compare_times
    sleep 2
@@ -20,6 +20,10 @@ case "${1}" in
 esac
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Check if running as root user
 if [ "$EUID" != "0" ]; then
    print_red "Container does not run as root user. This is not supported."
@@ -333,6 +337,22 @@ else
    export NEXTCLOUD_DRI_GID=""
 fi
 # Log level logics
 if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
    print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
 It is set to '$AIO_LOG_LEVEL'".
    exit 1
 fi
 if [ -z "$AIO_LOG_LEVEL" ]; then
    export AIO_LOG_LEVEL="warn"
 fi
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
    export SUPERVISORD_STDOUT=NONE
 fi
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
 if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
@@ -5,12 +5,12 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 user=root
 [program:php-fpm]
 # Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
@@ -58,7 +58,7 @@ user=root
 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs
-stdout_logfile=NONE
+stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
-stderr_logfile=NONE
+stderr_logfile=%(ENV_SUPERVISORD_STDOUT)s
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
 user=www-data
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.30-fpm-alpine3.23
+FROM php:8.3.31-fpm-alpine3.23
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.2
+ENV NEXTCLOUD_VERSION=33.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -250,6 +250,21 @@ RUN set -ex; \
 # We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
 # Also children will usually be terminated again after the process is done due to the ondemand setting
    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
 # With pm = ondemand, workers are killed after pm.process_idle_timeout seconds
 # of inactivity.  The upstream default is 10 s, which is aggressive: after a
 # brief quiet period (e.g. desktop-sync clients polling every few seconds), all
 # workers are reaped and the next request burst must wait for fresh forks.  On
 # a loaded host that spawn latency can push Apache past its FastCGI timeout and
 # produce a 502.  300 s (5 min) keeps a warm pool through normal sync-client
 # polling cycles while still reclaiming memory during genuinely idle periods.
    sed -i 's/^;*pm.process_idle_timeout\s*=.*/pm.process_idle_timeout = 300s/' /usr/local/etc/php-fpm.d/www.conf; \
 # Set request_terminate_timeout so that PHP-FPM forcibly kills workers that
 # exceed the wall-clock limit.  Without this (default = 0 = disabled) a worker
 # stuck on a slow DB query, a stalled Redis connection, or a hung syscall is
 # never reaped.  Over time these zombies fill up pm.max_children, leaving no
 # free slots for legitimate requests and causing Apache to return 502 Bad
 # Gateway upstream.
    sed -i "s|^;*request_terminate_timeout = .*|request_terminate_timeout = \${PHP_MAX_TIME}|" /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
    \
    echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
@@ -1,4 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 wait_for_cron() {
    set -x
    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
@@ -10,6 +10,10 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 run_upgrade_if_needed_due_to_app_update() {
    if php /var/www/html/occ status | grep maintenance | grep -q true; then
        php /var/www/html/occ maintenance:mode --off
@@ -20,6 +24,14 @@ run_upgrade_if_needed_due_to_app_update() {
    fi
 }
 NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '0' ;;
    info) printf '1' ;;
    warn) printf '2' ;;
    error) printf '3' ;;
 esac)"
 export NEXTCLOUD_LOG_LEVEL
 # Create cert bundle
 if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
@@ -75,7 +87,9 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
    cat "$CERTIFICATE_BUNDLE"
    # Disable debug mode
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
 fi
 # Adjust DATABASE_TYPE to by Nextcloud supported value
@@ -222,7 +236,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                if grep -q appstoreurl /var/www/html/config/config.php; then
                    set -x
                    APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
-                    set +x
+                    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
                        set +x
                    fi
                fi
                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
@@ -289,7 +305,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                    "$SOURCE_LOCATION/custom_apps/" \
                    /var/www/html/custom_apps/
            done
-            set +x
+            if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
                set +x
            fi
        fi
        # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
@@ -442,7 +460,7 @@ EOF
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
            if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
                php /var/www/html/occ config:system:set log_type --value="errorlog"
                php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
@@ -653,6 +671,7 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
 php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
 if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
    php /var/www/html/occ config:system:set log_type --value="errorlog"
    php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
@@ -764,7 +783,9 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
        COLLABORA_HOST="$NC_DOMAIN"
    fi
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
    # Remove richdcoumentscode if it should be incorrectly installed
    if [ -d "/var/www/html/custom_apps/richdocumentscode" ]; then
        php /var/www/html/occ app:remove richdocumentscode
@@ -885,7 +906,9 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    if [ -z "$TURN_DOMAIN" ]; then
        TURN_DOMAIN="$TALK_HOST"
    fi
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
    POSTGRES_PORT=5432
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
 else
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
 else
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Wait until the apache container is ready
 while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
    echo "Waiting for $APACHE_HOST to become available..."
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
    POSTGRES_PORT=5432
@@ -53,7 +57,9 @@ if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindept
    usermod -aG "$GROUP" www-data
    touch "/dev-dri-group-was-added"
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 # Check datadir permissions
 sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
@@ -170,6 +176,8 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 exec "$@"
@@ -6,7 +6,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 user=root
 [program:php-fpm]
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if ! nc -z "$NEXTCLOUD_HOST" 9001; then
    exit 0
 fi
@@ -1,5 +1,11 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 export RUST_LOG="$AIO_LOG_LEVEL"
 if [ -z "$NEXTCLOUD_HOST" ]; then
    echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
    exit 1
@@ -1,3 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 80 || exit 1
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
-FROM postgres:18.3-alpine
+FROM postgres:18.4-alpine
 ENV PGDATA=/var/lib/postgresql/data
@@ -14,6 +14,7 @@ RUN set -ex; \
        bash \
        openssl \
        shadow \
        netcat-openbsd \
        grep; \
    \
 # We need to use the same gid and uid as on old installations
@@ -1,7 +1,14 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 test -f "/mnt/data/backup-is-running" && exit 0
-PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0
+# If database import is running, do not continue with the health check
 if nc -z 127.0.0.1 11000; then
    exit 0
 fi
 PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1
@@ -1,4 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 set -ex
 touch "$DUMP_DIR/initialization.failed"
@@ -1,5 +1,17 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
    debug) printf 'debug1' ;;
    info) printf 'info' ;;
    warn) printf 'warning' ;;
    error) printf 'error' ;;
 esac)"
 export POSTGRES_LOG_MIN_MESSAGES
 # Variables
 DATADIR="/var/lib/postgresql/data"
 export DUMP_DIR="/mnt/data"
@@ -166,6 +178,12 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
        sed -i 's|#log_checkpoints.*|log_checkpoints = off|' "$PGCONF"
    fi
    if grep -q "^#\?log_min_messages" /var/lib/postgresql/data/postgresql.conf; then
        sed -i "s|^#\?log_min_messages.*|log_min_messages = $POSTGRES_LOG_MIN_MESSAGES|" /var/lib/postgresql/data/postgresql.conf
    else
        echo "log_min_messages = $POSTGRES_LOG_MIN_MESSAGES" >> /var/lib/postgresql/data/postgresql.conf
    fi
    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
    if grep -q "^idle_session_timeout" "$PGCONF"; then
        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' "$PGCONF"
@@ -223,12 +241,16 @@ do_database_dump() {
        pg_ctl stop -m fast
        rm "$DUMP_DIR/export.failed"
        echo 'Database dump successful!'
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        exit 0
    else
        pg_ctl stop -m fast
        echo "Database dump unsuccessful!"
-        set +x
+        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
            set +x
        fi
        exit 1
    fi
 }
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.2-alpine
+FROM redis:8.6.3-alpine
 COPY --chmod=775 start.sh /start.sh
@@ -1,3 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 redis-cli -a "$REDIS_HOST_PASSWORD" PING || exit 1
@@ -1,5 +1,19 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Redis only supports [debug, verbose, notice, warning, nothing] as log level
 if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
    REDIS_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then
    REDIS_LOG_LEVEL="notice"
 else
    REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 export REDIS_LOG_LEVEL
 # Show wiki if vm.overcommit is disabled
 if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
    echo "Memory overcommit is disabled but necessary for safe operation"
@@ -16,7 +30,7 @@ fi
 # Build the redis-server argument list.
 REDIS_ARGS=(
-    --loglevel warning
+    --loglevel "$REDIS_LOG_LEVEL"
    --save "" # Disable RDB persistence (Redis is used as a pure cache/lock store)
    --maxmemory-policy allkeys-lru # Evict least-recently-used keys when memory is full
    --lazyfree-lazy-eviction yes # Perform evictions in a background thread
@@ -1,15 +1,16 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.3-alpine3.23
+FROM python:3.14.5-alpine3.23
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 ENV RECORDING_VERSION=v0.2.1
-ENV ALLOW_ALL=false
+ENV ALLOW_ALL=false \
-ENV HPB_PROTOCOL=https
+    HPB_PROTOCOL=https \
-ENV NC_PROTOCOL=https
+    NC_PROTOCOL=https \
-ENV SKIP_VERIFY=false
+    SKIP_VERIFY=false \
-ENV HPB_PATH=/standalone-signaling/
+    HPB_PATH=/standalone-signaling/ \
    AIO_LOG_LEVEL=warn
 RUN set -ex; \
    apk upgrade --no-cache -a; \
@@ -1,3 +1,7 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 1234 || exit 1
@@ -1,5 +1,17 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '10' ;;
    info) printf '20' ;;
    warn) printf '30' ;;
    error) printf '40' ;;
 esac)"
 export TALK_RECORDING_LOG_LEVEL
 # Variables
 if [ -z "$NC_DOMAIN" ]; then
    echo "You need to provide the NC_DOMAIN."
@@ -49,7 +61,7 @@ fi
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
 # 30 means Warning
-level = 30
+level = ${TALK_RECORDING_LOG_LEVEL}
 [http]
 listen = 0.0.0.0:1234
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.7-scratch AS nats
+FROM nats:2.14.0-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus
@@ -37,7 +37,8 @@ RUN set -ex; \
 FROM alpine:3.23.4
 ENV ETURNAL_ETC_DIR="/conf"
-ENV SKIP_CERT_VERIFY=false
+ENV SKIP_CERT_VERIFY=false \
    AIO_LOG_LEVEL=warn
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
 COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 8081 || exit 1
 nc -z 127.0.0.1 8188 || exit 1
 nc -z 127.0.0.1 4222 || exit 1
@@ -1,5 +1,23 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    ETURNAL_LOG_LEVEL="warning"
 else
    ETURNAL_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
 export ETURNAL_LOG_LEVEL
 JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
    debug) printf '7' ;;
    info) printf '4' ;;
    warn) printf '3' ;;
    error) printf '1' ;;
 esac)"
 export JANUS_LOG_LEVEL
 # Variables
 if [ -z "$NC_DOMAIN" ]; then
    echo "You need to provide the NC_DOMAIN."
@@ -31,7 +49,9 @@ if mountpoint -q /usr/local/share/ca-certificates; then
        fi
    done
    export SSL_CERT_FILE=/tmp/ca-certificates.crt
-    set +x
+    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
        set +x
    fi
 fi
 set -x
@@ -40,7 +60,9 @@ IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]
 IPv4_ADDRESS_TALK="$(dig "$TALK_HOST" IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 # shellcheck disable=SC2153
 IPv6_ADDRESS_TALK="$(dig "$TALK_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
    IPv4_ADDRESS_TALK=""
@@ -53,7 +75,9 @@ if grep -q "1" /sys/module/ipv6/parameters/disable \
 || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
    IP_BINDING="0.0.0.0"
 fi
-set +x
+if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
@@ -66,7 +90,7 @@ eturnal:
      port: $TALK_PORT
      transport: tcp
  log_dir: stdout
-  log_level: warning
+  log_level: ${ETURNAL_LOG_LEVEL}
  secret: "$TURN_SECRET"
  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
  relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
@@ -5,7 +5,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=error
+loglevel=%(ENV_AIO_LOG_LEVEL)s
 [program:nats-server]
 stdout_logfile=/dev/stdout
@@ -30,8 +30,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-# debug-level 3 means warning
+command=janus --config=/conf/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level %(ENV_JANUS_LOG_LEVEL)s
 command=janus --config=/conf/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
 # Start alongside eturnal; signaling connects to Janus via WebSocket
 priority=20
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.2-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
 ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3	
@@ -1,5 +1,9 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 # Check if socket is available and readable
 if ! [ -e "/var/run/docker.sock" ]; then
    echo "Docker socket is not available. Cannot continue."
@@ -17,7 +21,7 @@ if [ -f /run/.containerenv ]; then
 fi
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --log-level "$AIO_LOG_LEVEL" --run-once "$CONTAINER_TO_UPDATE"
 else
    echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
    exit 1
@@ -1,4 +1,8 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z "$REDIS_HOST" "$REDIS_PORT" || exit 0
 nc -z 127.0.0.1 3002 || exit 1
@@ -1,5 +1,11 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 export LOG_LEVEL="$AIO_LOG_LEVEL"
 # Only start container if nextcloud is accessible
 while ! nc -z "$REDIS_HOST" "$REDIS_PORT"; do
    echo "Waiting for redis to start..."
@@ -20,8 +20,7 @@
                "NC_DOMAIN=%NC_DOMAIN%",
                "APACHE_PORT=%APACHE_PORT%",
                "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
-                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%",
+                "NEXTCLOUD_EXPORTER_CADDY_PASSWORD=%NEXTCLOUD_EXPORTER_CADDY_PASSWORD%"
                "DESEC_TOKEN=%DESEC_TOKEN%"
            ],
            "volumes": [
                {
@@ -1,17 +0,0 @@
 {
    "aio_services_v1": [
        {
            "container_name": "nextcloud-aio-dnsmasq",
            "display_name": "Dnsmasq (Local DNS)",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/dnsmasq",
            "image": "ghcr.io/nextcloud-releases/aio-dnsmasq",
            "image_tag": "%AIO_CHANNEL%",
            "internal_port": "host",
            "restart": "unless-stopped",
            "environment": [
                "NC_DOMAIN=%NC_DOMAIN%",
                "TZ=%TIMEZONE%"
            ]
        }
    ]
 }
@@ -1,31 +0,0 @@
 # Dnsmasq (Local DNS) community container
 This container runs [dnsmasq](https://thekelleys.org.uk/dnsmasq/doc.html) pre-configured to resolve your Nextcloud domain (`NC_DOMAIN`) to the server's local LAN IP address.
 ## Why is this needed?
 By default, all devices on your LAN reach Nextcloud via the public internet (or require hairpin NAT on your router). With this container, LAN clients can resolve `NC_DOMAIN` directly to the server's private LAN IP, making local access faster and independent of your internet connection.
 This container is automatically enabled when you register a deSEC domain through the AIO interface.
 ## How it works
 On startup the container:
 1. Detects the server's primary LAN IP address automatically.
 2. Configures dnsmasq to resolve `NC_DOMAIN` (and all its subdomains) to that IP.
 3. Forwards all other DNS queries to the upstream nameservers from the host's `/etc/resolv.conf`.
 4. Listens only on the LAN interface to avoid conflicts with any system DNS resolver (e.g. `systemd-resolved`).
 ## Required router configuration
 ⚠️ **You must change your router's DHCP settings** for this to take effect for LAN clients:
 Set the **DNS server** handed out by DHCP to the **local IP address of this server** (the same IP that is printed in the container logs on startup). After saving the change, LAN devices need to renew their DHCP lease (or be rebooted) before the new DNS setting takes effect.
 Most routers expose this under **DHCP settings → Primary DNS** or **LAN → DNS Server**.
 ## Notes
 - The container runs in **host network mode** so it can bind directly to port 53 on the LAN interface. No additional port-forwarding is required.
 - If `systemd-resolved` (or another DNS resolver) is already listening on port 53 on the LAN IP, there will be a conflict. In that case you need to disable or reconfigure that resolver first.
 - IPv6 addresses are not handled by this container; extend the dnsmasq configuration manually if needed.
@@ -61,7 +61,8 @@ flowchart TD
 ## How to use this?
 Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down). 
-⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
+
 ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because some containers are not compatible with each other and more.
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
@@ -22,6 +22,7 @@ services:
      # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
      # AIO_LOG_LEVEL: warn # Allows to globally adjust the log level of the included AIO components. Supported values: debug, info, warn, error. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-log-level-for-aio-components
      # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
      # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
      # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
@@ -41,7 +42,7 @@ services:
      # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
-#   # Alternatively, if you don't have a domain yet, use the built-in deSEC free domain registration in the AIO interface, or use Tailscale. See https://github.com/nextcloud/all-in-one#how-to-get-a-free-domain-via-desec and https://github.com/nextcloud/all-in-one/discussions/6817
+#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/6817
 #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
 #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 #   caddy:
@@ -2,25 +2,22 @@
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 ### Content
- [1. deSEC free domain (recommended)](#1-desec-free-domain-recommended)
+- [1. Tailscale](#1-tailscale)
- [2. Tailscale](#2-tailscale)
+- [2. Pangolin](#2-pangolin)
 - [3. The normal way](#3-the-normal-way)
 - [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
 - [5. Use Cloudflare](#5-use-cloudflare)
 - [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
-## 1. deSEC free domain (recommended)
+## 1. Tailscale
-[deSEC](https://desec.io) offers free dynamic-DNS subdomains under `dedyn.io`. AIO can register an account and a subdomain for you automatically — directly from the domain-entry page of the AIO interface. After registration:
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 - The [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container is enabled automatically as a reverse proxy and handles TLS via Let's Encrypt.
 - The [dnsmasq](https://github.com/nextcloud/all-in-one/tree/main/community-containers/dnsmasq) community container is enabled automatically so that LAN clients resolve your Nextcloud domain to the server's local IP address — no separate Pi-hole or local DNS server required.
 - The mastercontainer keeps the DNS record up to date automatically when your public IP changes.
-**How to set it up:** Open the AIO interface, expand the **"Don't have a domain? Get a free one from deSEC"** section, enter your email and an optional subdomain slug, and click **Register free domain via deSEC**. See the full documentation at [How to get a free domain via deSEC](https://github.com/nextcloud/all-in-one#how-to-get-a-free-domain-via-desec).
+## 2. Pangolin
 [Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
-After registration, follow the [dnsmasq documentation](https://github.com/nextcloud/all-in-one/tree/main/community-containers/dnsmasq) to point your router's DHCP DNS server to the AIO host so that all LAN devices resolve the domain locally.
+You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
-## 2. Tailscale
+For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
 For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
 ## 3. The normal way
 The normal way is the following:
@@ -39,6 +39,7 @@ services:
      - COLLABORA_HOST=nextcloud-aio-collabora
      - TALK_HOST=nextcloud-aio-talk
      - APACHE_PORT
      - AIO_LOG_LEVEL
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
      - TZ=${TIMEZONE}
      - APACHE_MAX_SIZE
@@ -80,6 +81,7 @@ services:
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
      - POSTGRES_DB=nextcloud_database
      - POSTGRES_USER=nextcloud
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - PGTZ=${TIMEZONE}
    stop_grace_period: 1800s
@@ -149,6 +151,7 @@ services:
      - TURN_SECRET
      - SIGNALING_SECRET
      - ONLYOFFICE_SECRET
      - AIO_LOG_LEVEL
      - NEXTCLOUD_MOUNT
      - CLAMAV_ENABLED
      - CLAMAV_HOST=nextcloud-aio-clamav
@@ -207,6 +210,7 @@ services:
      - nextcloud_aio_nextcloud:/var/www/html:ro
    environment:
      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
    restart: unless-stopped
    read_only: true
@@ -228,6 +232,7 @@ services:
      - "6379"
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
    volumes:
      - nextcloud_aio_redis:/data:rw
@@ -251,8 +256,9 @@ services:
      - "9980"
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
      - dictionaries=${COLLABORA_DICTIONARIES}
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - server_name=${NC_DOMAIN}
      - DONT_GEN_SSL_CERT=1
@@ -293,6 +299,7 @@ services:
      - TALK_HOST=nextcloud-aio-talk
      - TURN_SECRET
      - SIGNALING_SECRET
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - TALK_PORT
      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
@@ -325,6 +332,7 @@ services:
      - "1234"
    environment:
      - NC_DOMAIN
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - RECORDING_SECRET
      - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
@@ -354,6 +362,7 @@ services:
    expose:
      - "3310"
    environment:
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
    volumes:
@@ -384,6 +393,8 @@ services:
    expose:
      - "80"
    environment:
      - AIO_LOG_LEVEL
      - LOG_LEVEL=${AIO_LOG_LEVEL}
      - TZ=${TIMEZONE}
      - JWT_ENABLED=true
      - JWT_HEADER=AuthorizationJwt
@@ -410,6 +421,7 @@ services:
    expose:
      - "9000"
    environment:
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - IMAGINARY_SECRET
    restart: unless-stopped
@@ -436,12 +448,12 @@ services:
    expose:
      - "9200"
    environment:
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
      - bootstrap.memory_lock=false
      - cluster.name=nextcloud-aio
      - discovery.type=single-node
      - logger.level=WARN
      - http.port=9200
      - xpack.license.self_generated.type=basic
      - xpack.security.enabled=false
@@ -473,6 +485,7 @@ services:
    tmpfs:
      - /tmp
    environment:
      - AIO_LOG_LEVEL
      - TZ=${TIMEZONE}
      - NEXTCLOUD_URL=https://${NC_DOMAIN}
      - JWT_SECRET_KEY=${WHITEBOARD_SECRET}
@@ -21,6 +21,7 @@ TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the opt
 TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 WHITEBOARD_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
@@ -100,6 +100,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
 sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
@@ -3,7 +3,7 @@
 There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO (if you ran AIO on the former installation already, you can follow [these steps](https://github.com/nextcloud/all-in-one#how-to-migrate-from-aio-to-aio)):
 1. Migrate only the files which is the easiest way (this excludes all calendar data for example)
-1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
+1. Migrate the files and the database which is much more complicated (with special handling required for former snap installations, see [below](#migrating-from-a-snap-installation))
 1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user
 ## Migrate only the files 
@@ -21,7 +21,7 @@ The procedure for migrating only the files works like this:
 1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 ## Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! If you are migrating from a snap installation, please first follow the [dedicated snap migration steps](#migrating-from-a-snap-installation) below, which show you how to perform the database conversion using a temporary Docker container. Once done, you can continue from step 5 of this guide.
 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
@@ -87,6 +87,130 @@ If not, feel free to restore the AIO instance from backup and start at step 8 ag
 If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 ### Migrating from a snap installation
 **Disclaimer:** it might be possible that the guide below is not working 100% correctly, yet. Improvements to it are very welcome!
 Since the Nextcloud snap is read-only, it is not possible to install the `pdo_pgsql` PHP extension inside the snap to perform the MySQL-to-PostgreSQL database conversion required by AIO. As a workaround, a temporary [nextcloud/docker](https://github.com/nextcloud/docker) container can be used as an intermediate environment that already includes `pdo_pgsql` and can convert the snap's MySQL database to PostgreSQL for you.
 This procedure covers steps 1–3 of the regular migration above (version matching, app updates, and database conversion) and also produces the `database-dump.sql` needed for step 4. Once finished, continue from step 5 of the [Migrate the files and the database](#migrate-the-files-and-the-database) procedure above.
 1. **Create a backup of the snap before doing anything else**, so you can restore the snap to its current state if anything goes wrong:
    ```
    sudo snap save nextcloud
    ```
    This creates a snapshot that can be restored later with `sudo snap restore <snapshot-id>`. The snapshot ID is shown in the output of `snap save`. You can also list existing snapshots with `snap saved`.
 1. Note the exact Nextcloud version of your snap installation:
    ```
    sudo nextcloud.occ -V
    ```
 1. Make sure that this version matches exactly the version used in Nextcloud AIO. You can find the AIO version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If they do not match, upgrade your snap with `sudo snap refresh nextcloud --channel=<major-version>/stable` or wait for AIO to be updated to the same version.
 1. Update all installed Nextcloud apps to their latest versions:
    ```
    sudo nextcloud.occ app:update --all
    ```
 1. Retrieve the necessary configuration values from the snap using `nextcloud.occ` and store them in environment variables. Do this **before** stopping the snap, as `nextcloud.occ` requires the snap services to be running:
    ```
    export INSTANCEID=$(sudo nextcloud.occ config:system:get instanceid)
    export PASSWORDSALT=$(sudo nextcloud.occ config:system:get passwordsalt)
    export SECRET=$(sudo nextcloud.occ config:system:get secret)
    export TABLE_PREFIX=$(sudo nextcloud.occ config:system:get dbtableprefix || echo "oc_")
    export SNAP_DATA=$(sudo nextcloud.occ config:system:get datadirectory)
    # Note down SNAP_DATA — you will need it later when copying files
    echo "Snap data directory: $SNAP_DATA"
    ```
 1. Export a dump of the snap's MySQL database:
    ```
    sudo nextcloud.mysqldump > ~/mysql-dump.sql
    ```
 1. Stop the snap to prevent further writes during the migration:
    ```
    sudo snap stop nextcloud
    ```
 1. Set up environment variables for the temporary containers (adjust the version and passwords as needed):
    ```
    export NEXTCLOUD_VERSION="29.0.0"  # Replace with the exact version from step 2
    export MYSQL_PASSWORD="mysql-temp-password"
    export PG_USER="ncadmin"
    export PG_PASSWORD="my-temporary-pg-password"
    export PG_DATABASE="nextcloud_db"
    ```
 1. Create a Docker network for the temporary migration containers:
    ```
    docker network create nextcloud-migration
    ```
 1. Start a temporary MySQL container and import the snap database dump into it:
    ```
    docker run -d \
      --name mysql-migration \
      --network nextcloud-migration \
      -e MYSQL_ROOT_PASSWORD="mysql-root-temp" \
      -e MYSQL_DATABASE="nextcloud" \
      -e MYSQL_USER="nextcloud" \
      -e MYSQL_PASSWORD="$MYSQL_PASSWORD" \
      mysql:8
    # Wait for MySQL to finish starting up before importing
    until docker exec mysql-migration mysqladmin ping -h localhost --silent 2>/dev/null; do sleep 1; done
    docker exec -i mysql-migration mysql -u nextcloud -p"$MYSQL_PASSWORD" nextcloud < ~/mysql-dump.sql
    ```
 1. Start a temporary PostgreSQL container as the migration target:
    ```
    docker run -d \
      --name postgres-migration \
      --network nextcloud-migration \
      -e POSTGRES_USER="$PG_USER" \
      -e POSTGRES_PASSWORD="$PG_PASSWORD" \
      -e POSTGRES_DB="$PG_DATABASE" \
      postgres:16
    ```
 1. Create a temporary config file for the migration container using the values retrieved in step 5:
    ```
    cat > /tmp/migration-config.php << EOF
    <?php
    \$CONFIG = array(
      'instanceid' => '$INSTANCEID',
      'passwordsalt' => '$PASSWORDSALT',
      'secret' => '$SECRET',
      'dbtype' => 'mysql',
      'dbname' => 'nextcloud',
      'dbhost' => 'mysql-migration',
      'dbport' => '',
      'dbtableprefix' => '$TABLE_PREFIX',
      'dbuser' => 'nextcloud',
      'dbpassword' => '$MYSQL_PASSWORD',
      'datadirectory' => '$SNAP_DATA',
      'installed' => true,
    );
    EOF
    ```
 1. Run a temporary nextcloud/docker container to convert the MySQL database to PostgreSQL. Note that the container image version must match the Nextcloud version you noted in step 2, and that `pdo_pgsql` is already included in the `nextcloud` Docker image:
    ```
    docker run --rm \
      --network nextcloud-migration \
      --entrypoint bash \
      -v /tmp/migration-config.php:/var/www/html/config/config.php:rw \
      -v "${SNAP_DATA}:${SNAP_DATA}:ro" \
      nextcloud:${NEXTCLOUD_VERSION}-apache \
      -c "php /var/www/html/occ db:convert-type --all-apps --password '$PG_PASSWORD' pgsql '$PG_USER' postgres-migration '$PG_DATABASE'"
    ```
    **Please note:** The `occ` command may print a warning about being run as root — this can be safely ignored for this migration step.
 1. Export the converted PostgreSQL database:
    ```
    docker exec postgres-migration pg_dump -U "$PG_USER" "$PG_DATABASE" > ~/database-dump.sql
    ```
    **Please note:** The exact name of the database export file is important! (`database-dump.sql`)
 1. Clean up the temporary containers and network:
    ```
    docker rm -f mysql-migration postgres-migration
    docker network rm nextcloud-migration
    ```
 1. You now have a `~/database-dump.sql`. Continue from step 5 of the [Migrate the files and the database](#migrate-the-files-and-the-database) procedure above. When those steps ask for your old data directory path, use the `$SNAP_DATA` value noted in step 5 (typically `/var/snap/nextcloud/common`). If you have opened a new shell session since then, you can retrieve it again with `sudo nextcloud.occ config:system:get datadirectory` (requires the snap to be running) or read it directly from `/var/snap/nextcloud/current/nextcloud/config/config.php`.
 1. Once you have verified that the migration to AIO was successful and everything is working correctly, you can permanently remove the Nextcloud snap from your system:
    ```
    sudo snap remove --purge nextcloud
    ```
    The `--purge` flag removes the snap along with all its saved snapshots and data. Omit it if you want to keep the snap snapshots as a fallback. **Only do this after you are fully satisfied that your AIO instance is working correctly**, as this action cannot be undone.
 ## Use the user_migration app
 A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.9.2
+version: 13.0.3-1
 apiVersion: v2
 keywords:
  - latest
@@ -37,6 +37,8 @@ spec:
        - env:
            - name: ADDITIONAL_TRUSTED_DOMAIN
              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: APACHE_HOST
              value: nextcloud-aio-apache
            - name: APACHE_MAX_SIZE
@@ -63,7 +65,7 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-apache:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -36,7 +36,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
          command:
            - mkdir
            - "-p"
@@ -55,11 +55,13 @@ spec:
              {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: MAX_SIZE
              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -23,6 +23,8 @@ spec:
      containers:
        - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
          env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: DONT_GEN_SSL_CERT
              value: "1"
            - name: TZ
@@ -32,13 +34,13 @@ spec:
            - name: dictionaries
              value: "{{ .Values.COLLABORA_DICTIONARIES }}"
            - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260513_090235
          {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260513_090235
          {{- end }}
          readinessProbe:
            exec:
@@ -35,7 +35,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
          command:
            - mkdir
            - "-p"
@@ -54,6 +54,8 @@ spec:
              {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: PGTZ
              value: "{{ .Values.TIMEZONE }}"
            - name: POSTGRES_DB
@@ -64,7 +66,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
          command:
            - chmod
            - "777"
@@ -34,6 +34,8 @@ spec:
              mountPath: /nextcloud-aio-elasticsearch
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: ES_JAVA_OPTS
              value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
            - name: FULLTEXTSEARCH_PASSWORD
@@ -48,13 +50,17 @@ spec:
              value: single-node
            - name: http.port
              value: "9200"
-            - name: logger.level
+            - name: indices.fielddata.cache.size
-              value: WARN
+              value: 20%
            - name: indices.memory.index_buffer_size
              value: 20%
            - name: thread_pool.write.queue_size
              value: "1000"
            - name: xpack.license.self_generated.type
              value: basic
            - name: xpack.security.enabled
              value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -34,11 +34,13 @@ spec:
        {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: IMAGINARY_SECRET
              value: "{{ .Values.IMAGINARY_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
          command:
            - chmod
            - "777"
@@ -92,6 +92,8 @@ spec:
              value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
            - name: ADMIN_USER
              value: admin
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: APACHE_HOST
              value: nextcloud-aio-apache
            - name: APACHE_PORT
@@ -190,7 +192,7 @@ spec:
              value: "{{ .Values.WHITEBOARD_ENABLED }}"
            - name: WHITEBOARD_SECRET
              value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260513_090235
          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
          securityContext:
            # The items below only work in container context
@@ -35,11 +35,13 @@ spec:
        {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: NEXTCLOUD_HOST
              value: nextcloud-aio-nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
          command:
            - chmod
            - "777"
@@ -34,15 +34,19 @@ spec:
              mountPath: /nextcloud-aio-onlyoffice
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: JWT_ENABLED
              value: "true"
            - name: JWT_HEADER
              value: AuthorizationJwt
            - name: JWT_SECRET
              value: "{{ .Values.ONLYOFFICE_SECRET }}"
            - name: LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -35,11 +35,13 @@ spec:
        {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: REDIS_HOST_PASSWORD
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-redis:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -40,6 +40,8 @@ spec:
              value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
            - name: TALK_MAX_SCREEN_BITRATE
              value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: INTERNAL_SECRET
              value: "{{ .Values.TALK_INTERNAL_SECRET }}"
            - name: NC_DOMAIN
@@ -54,7 +56,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-talk:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -36,6 +36,8 @@ spec:
        {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: INTERNAL_SECRET
              value: "{{ .Values.TALK_INTERNAL_SECRET }}"
            - name: NC_DOMAIN
@@ -44,7 +46,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -34,6 +34,8 @@ spec:
        {{- end }}
      containers:
        - env:
            - name: AIO_LOG_LEVEL
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: BACKUP_DIR
              value: /tmp
            - name: JWT_SECRET_KEY
@@ -50,7 +52,7 @@ spec:
              value: redis
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260513_090235
          readinessProbe:
            exec:
              command:
@@ -21,6 +21,7 @@ TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the op
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 WHITEBOARD_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 AIO_LOG_LEVEL: warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
 APACHE_MAX_SIZE: "17179869184"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
@@ -31,7 +32,7 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional pa
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
-NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. -app_api
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS: "yes"        # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
@@ -448,16 +448,16 @@
        },
        {
            "name": "laravel/serializable-closure",
-            "version": "v2.0.12",
+            "version": "v2.0.13",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919"
+                "reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
-                "reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
+                "reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
                "shasum": ""
            },
            "require": {
@@ -505,7 +505,7 @@
                "issues": "https://github.com/laravel/serializable-closure/issues",
                "source": "https://github.com/laravel/serializable-closure"
            },
-            "time": "2026-04-14T13:33:34+00:00"
+            "time": "2026-04-16T14:03:50+00:00"
        },
        {
            "name": "nikic/fast-route",
@@ -1465,16 +1465,16 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.6.0",
+            "version": "v3.7.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
+                "reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b",
-                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
+                "reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b",
                "shasum": ""
            },
            "require": {
@@ -1487,7 +1487,7 @@
                    "name": "symfony/contracts"
                },
                "branch-alias": {
-                    "dev-main": "3.6-dev"
+                    "dev-main": "3.7-dev"
                }
            },
            "autoload": {
@@ -1512,7 +1512,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.7.0"
            },
            "funding": [
                {
@@ -1523,16 +1523,20 @@
                    "url": "https://github.com/fabpot",
                    "type": "github"
                },
                {
                    "url": "https://github.com/nicolas-grekas",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                    "type": "tidelift"
                }
            ],
-            "time": "2024-09-25T14:21:43+00:00"
+            "time": "2026-04-13T15:52:40+00:00"
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
@@ -1591,7 +1595,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.37.0"
            },
            "funding": [
                {
@@ -1615,7 +1619,7 @@
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
@@ -1676,7 +1680,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.37.0"
            },
            "funding": [
                {
@@ -1700,7 +1704,7 @@
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
@@ -1756,7 +1760,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0"
            },
            "funding": [
                {
@@ -2172,16 +2176,16 @@
        },
        {
            "name": "amphp/parallel",
-            "version": "v2.3.3",
+            "version": "v2.3.4",
            "source": {
                "type": "git",
                "url": "https://github.com/amphp/parallel.git",
-                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
+                "reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
-                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
+                "reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
                "shasum": ""
            },
            "require": {
@@ -2201,7 +2205,7 @@
                "amphp/php-cs-fixer-config": "^2",
                "amphp/phpunit-util": "^3",
                "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.18"
+                "psalm/phar": "6.16.1"
            },
            "type": "library",
            "autoload": {
@@ -2244,7 +2248,7 @@
            ],
            "support": {
                "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.3"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.4"
            },
            "funding": [
                {
@@ -2252,7 +2256,7 @@
                    "type": "github"
                }
            ],
-            "time": "2025-11-15T06:23:42+00:00"
+            "time": "2026-05-06T19:26:51+00:00"
        },
        {
            "name": "amphp/parser",
@@ -2318,16 +2322,16 @@
        },
        {
            "name": "amphp/pipeline",
-            "version": "v1.2.3",
+            "version": "v1.2.4",
            "source": {
                "type": "git",
                "url": "https://github.com/amphp/pipeline.git",
-                "reference": "7b52598c2e9105ebcddf247fc523161581930367"
+                "reference": "a044733e080940d1483f56caff0c412ad6982776"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
+                "url": "https://api.github.com/repos/amphp/pipeline/zipball/a044733e080940d1483f56caff0c412ad6982776",
-                "reference": "7b52598c2e9105ebcddf247fc523161581930367",
+                "reference": "a044733e080940d1483f56caff0c412ad6982776",
                "shasum": ""
            },
            "require": {
@@ -2339,7 +2343,7 @@
                "amphp/php-cs-fixer-config": "^2",
                "amphp/phpunit-util": "^3",
                "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.18"
+                "psalm/phar": "6.16.1"
            },
            "type": "library",
            "autoload": {
@@ -2373,7 +2377,7 @@
            ],
            "support": {
                "issues": "https://github.com/amphp/pipeline/issues",
-                "source": "https://github.com/amphp/pipeline/tree/v1.2.3"
+                "source": "https://github.com/amphp/pipeline/tree/v1.2.4"
            },
            "funding": [
                {
@@ -2381,7 +2385,7 @@
                    "type": "github"
                }
            ],
-            "time": "2025-03-16T16:33:53+00:00"
+            "time": "2026-05-06T05:37:57+00:00"
        },
        {
            "name": "amphp/process",
@@ -3843,16 +3847,16 @@
        },
        {
            "name": "sebastian/diff",
-            "version": "8.1.0",
+            "version": "8.2.1",
            "source": {
                "type": "git",
                "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "9c957d730257f49c873f3761674559bd90098a7d"
+                "reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
-                "reference": "9c957d730257f49c873f3761674559bd90098a7d",
+                "reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
                "shasum": ""
            },
            "require": {
@@ -3865,7 +3869,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "8.1-dev"
+                    "dev-main": "8.2-dev"
                }
            },
            "autoload": {
@@ -3898,7 +3902,7 @@
            "support": {
                "issues": "https://github.com/sebastianbergmann/diff/issues",
                "security": "https://github.com/sebastianbergmann/diff/security/policy",
-                "source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
+                "source": "https://github.com/sebastianbergmann/diff/tree/8.2.1"
            },
            "funding": [
                {
@@ -3918,7 +3922,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-04-05T12:02:33+00:00"
+            "time": "2026-05-14T05:24:37+00:00"
        },
        {
            "name": "spatie/array-to-xml",
@@ -4048,16 +4052,16 @@
        },
        {
            "name": "symfony/console",
-            "version": "v6.4.36",
+            "version": "v6.4.39",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/console.git",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+                "url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
                "shasum": ""
            },
            "require": {
@@ -4122,7 +4126,7 @@
                "terminal"
            ],
            "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.36"
+                "source": "https://github.com/symfony/console/tree/v6.4.39"
            },
            "funding": [
                {
@@ -4142,20 +4146,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-03-27T15:30:51+00:00"
+            "time": "2026-05-12T06:50:03+00:00"
        },
        {
            "name": "symfony/filesystem",
-            "version": "v8.0.8",
+            "version": "v8.0.11",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/filesystem.git",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
                "shasum": ""
            },
            "require": {
@@ -4192,7 +4196,7 @@
            "description": "Provides basic utilities for the filesystem",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.8"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.11"
            },
            "funding": [
                {
@@ -4212,7 +4216,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-03-30T15:14:47+00:00"
+            "time": "2026-05-11T16:39:47+00:00"
        },
        {
            "name": "symfony/finder",
@@ -4284,16 +4288,16 @@
        },
        {
            "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "ad1b7b9092976d6c948b8a187cec9faaea9ec1df"
+                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/ad1b7b9092976d6c948b8a187cec9faaea9ec1df",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/4864388bfbd3001ce88e234fab652acd91fdc57e",
-                "reference": "ad1b7b9092976d6c948b8a187cec9faaea9ec1df",
+                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e",
                "shasum": ""
            },
            "require": {
@@ -4342,7 +4346,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4362,11 +4366,11 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-04-10T16:19:22+00:00"
+            "time": "2026-04-26T13:13:48+00:00"
        },
        {
            "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
@@ -4427,7 +4431,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4451,7 +4455,7 @@
        },
        {
            "name": "symfony/polyfill-php84",
-            "version": "v1.36.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php84.git",
@@ -4507,7 +4511,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.36.0"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4531,16 +4535,16 @@
        },
        {
            "name": "symfony/service-contracts",
-            "version": "v3.6.1",
+            "version": "v3.7.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
+                "reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a",
-                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
+                "reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a",
                "shasum": ""
            },
            "require": {
@@ -4558,7 +4562,7 @@
                    "name": "symfony/contracts"
                },
                "branch-alias": {
-                    "dev-main": "3.6-dev"
+                    "dev-main": "3.7-dev"
                }
            },
            "autoload": {
@@ -4594,7 +4598,7 @@
                "standards"
            ],
            "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.7.0"
            },
            "funding": [
                {
@@ -4614,20 +4618,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2025-07-15T11:30:57+00:00"
+            "time": "2026-03-28T09:44:51+00:00"
        },
        {
            "name": "symfony/string",
-            "version": "v7.4.8",
+            "version": "v7.4.11",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/string.git",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688"
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
+                "url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688",
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
                "shasum": ""
            },
            "require": {
@@ -4685,7 +4689,7 @@
                "utf8"
            ],
            "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.8"
+                "source": "https://github.com/symfony/string/tree/v7.4.11"
            },
            "funding": [
                {
@@ -4705,7 +4709,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-03-24T13:12:05+00:00"
+            "time": "2026-05-13T12:04:42+00:00"
        },
        {
            "name": "vimeo/psalm",
@@ -45,6 +45,7 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_HOST=nextcloud-aio-talk",
        "APACHE_PORT=%APACHE_PORT%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
        "TZ=%TIMEZONE%",
        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
@@ -120,6 +121,7 @@
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
        "POSTGRES_USER=nextcloud",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "PGTZ=%TIMEZONE%"
      ],
@@ -222,6 +224,7 @@
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "NC_AIO_VERSION=v%AIO_VERSION%",
        "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
@@ -311,6 +314,7 @@
      ],
      "environment": [
        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%"
      ],
      "restart": "unless-stopped",
@@ -340,6 +344,7 @@
      "internal_port": "6379",
      "environment": [
        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%"
      ],
      "volumes": [
@@ -381,8 +386,9 @@
      "internal_port": "9980",
      "environment": [
        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
        "dictionaries=%COLLABORA_DICTIONARIES%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "server_name=%NC_DOMAIN%",
        "DONT_GEN_SSL_CERT=1"
@@ -453,6 +459,7 @@
        "TALK_HOST=nextcloud-aio-talk",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "TALK_PORT=%TALK_PORT%",
        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
@@ -500,6 +507,7 @@
      "internal_port": "1234",
      "environment": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "RECORDING_SECRET=%RECORDING_SECRET%",
        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
@@ -543,6 +551,7 @@
        "BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%",
        "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
        "BORG_MODE=%BORGBACKUP_MODE%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
        "RESTORE_EXCLUDE_PREVIEWS=%RESTORE_EXCLUDE_PREVIEWS%",
        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
@@ -610,7 +619,8 @@
      "image": "ghcr.io/nextcloud-releases/aio-watchtower",
      "init": true,
      "environment": [
-        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
+        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
      ],
      "volumes": [
        {
@@ -641,7 +651,8 @@
      "internal_port": "%APACHE_PORT%",
      "environment": [
        "INSTANCE_ID=%INSTANCE_ID%",
-        "APACHE_PORT=%APACHE_PORT%"
+        "APACHE_PORT=%APACHE_PORT%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
      ],
      "secrets": [
        "INSTANCE_ID"
@@ -676,6 +687,7 @@
      ],
      "internal_port": "3310",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%"
      ],
@@ -721,6 +733,8 @@
      ],
      "internal_port": "80",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "JWT_ENABLED=true",
        "JWT_HEADER=AuthorizationJwt",
@@ -764,6 +778,7 @@
      ],
      "internal_port": "9000",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
      ],
@@ -805,12 +820,12 @@
      ],
      "internal_port": "9200",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "ES_JAVA_OPTS=%FULLTEXTSEARCH_JAVA_OPTIONS%",
        "bootstrap.memory_lock=false",
        "cluster.name=nextcloud-aio",
        "discovery.type=single-node",
        "logger.level=WARN",
        "http.port=9200",
        "xpack.license.self_generated.type=basic",
        "xpack.security.enabled=false",
@@ -845,6 +860,7 @@
      "init": true,
      "internal_port": "2375",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%"
      ],
      "volumes": [
@@ -876,7 +892,6 @@
      "environment": [
        "HP_SHARED_KEY=%HP_SHARED_KEY%",
        "NC_INSTANCE_URL=https://%NC_DOMAIN%",
        "HP_LOG_LEVEL=warning",
        "HP_FRP_DISABLE_TLS=true",
        "TZ=%TIMEZONE%"
      ],
@@ -928,6 +943,7 @@
      ],
      "internal_port": "3002",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "NEXTCLOUD_URL=https://%NC_DOMAIN%",
        "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
@@ -68,7 +68,7 @@ session_start([
    "use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
    "cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
    "cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
-    "cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
+    "cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
 ]);
 if ($wasAuthenticated) {
@@ -103,13 +103,13 @@ $app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::c
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
 $app->get('/api/auth/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');
 $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout');
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');
 $app->post('/api/desec/register', \AIO\Controller\DesecController::class . ':Register');
 // Views
 $app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
@@ -181,10 +181,6 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
        'community_containers_enabled' => $configurationManager->aioCommunityContainers,
        'bypass_container_update' => $bypass_container_update,
        'desec_email' => $configurationManager->desecEmail,
        'desec_password' => $configurationManager->desecPassword,
        'is_desec_domain' => $configurationManager->isDesecDomain(),
        'desec_account_registered' => $configurationManager->isDesecAccountRegistered(),
    ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
@@ -2,6 +2,6 @@ document.addEventListener("DOMContentLoaded", function(event) {
    // timezone
    let timezone = document.getElementById("timezone");
    if (timezone) {
-        timezone.value = Intl.DateTimeFormat().resolvedOptions().timeZone
+        timezone.placeholder = Intl.DateTimeFormat().resolvedOptions().timeZone
    }
 });
@@ -3,16 +3,14 @@ declare(strict_types=1);
 namespace AIO\Controller;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\InvalidSettingConfigurationException;
 use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 readonly class ConfigurationController {
    public function __construct(
-        private ConfigurationManager $configurationManager
+        private ConfigurationManager $configurationManager,
    ) {
    }
@@ -132,10 +130,6 @@ readonly class ConfigurationController {
                $this->configurationManager->collaboraAdditionalOptions = $additionalCollaboraOptions;
            }
            if (isset($request->getParsedBody()['delete_borg_backup_location_vars'])) {
                $this->configurationManager->deleteBorgBackupLocationItems();
            }
            return $response->withStatus(201)->withHeader('Location', '.');
        } catch (InvalidSettingConfigurationException $ex) {
            $response->getBody()->write($ex->getMessage());
@@ -1,27 +0,0 @@
 <?php
 declare(strict_types=1);
 namespace AIO\Controller;
 use AIO\Desec\DesecManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 readonly class DesecController {
    public function __construct(
        private DesecManager $desecManager,
    ) {
    }
    public function Register(Request $request, Response $response, array $args): Response {
        try {
            $email = (string)($request->getParsedBody()['desec_email'] ?? '');
            $slug  = (string)($request->getParsedBody()['desec_slug'] ?? '');
            $this->desecManager->register($email, $slug);
            return $response->withStatus(201)->withHeader('Location', '.');
        } catch (\Exception $ex) {
            $response->getBody()->write($ex->getMessage());
            return $response->withStatus(422);
        }
    }
 }
@@ -6,7 +6,6 @@ namespace AIO\Controller;
 use AIO\Container\Container;
 use AIO\Container\ContainerState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Desec\DesecManager;
 use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
@@ -19,8 +18,7 @@ readonly class DockerController {
    public function __construct(
        private DockerActionManager           $dockerActionManager,
        private ContainerDefinitionFetcher    $containerDefinitionFetcher,
-        private ConfigurationManager $configurationManager,
+        private ConfigurationManager $configurationManager
        private DesecManager $desecManager,
    ) {
    }
@@ -265,9 +263,6 @@ readonly class DockerController {
        // Stop domaincheck since apache would not be able to start otherwise
        $this->StopDomaincheckContainer();
        // Refresh the deSEC DNS record with the current public IP before starting containers
        $this->desecManager->updateIpIfDesecDomain();
        $id = self::TOP_CONTAINER;
        $this->PerformRecursiveContainerStart($id, $pullImage, $addToStreamingResponseBody);
@@ -333,6 +328,11 @@ readonly class DockerController {
        return $nonbufResp;
    }
    public function DeleteBorgBackupConfig(Request $request, Response $response, array $args) : Response {
        $this->dockerActionManager->deleteBorgBackupConfig();
        return $response->withStatus(201)->withHeader('Location', '.');
    }
    public function SystemPrune(Request $request, Response $response, array $args) : Response {
        // Get streaming response start and closure
        $nonbufResp = $this->startStreamingResponse($response);
@@ -1,17 +0,0 @@
 <?php
 declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 // Log whole log messages
 ini_set('log_errors_max_len', '0');
 require __DIR__ . '/../../vendor/autoload.php';
 $container = \AIO\DependencyInjection::GetContainer();
 /** @var \AIO\Desec\DesecManager $desecManager */
 $desecManager = $container->get(\AIO\Desec\DesecManager::class);
 $desecManager->updateIpIfDesecDomain();
@@ -5,11 +5,11 @@ namespace AIO\Data;
 use AIO\Auth\PasswordGenerator;
 use AIO\Controller\DockerController;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\TransferException;
 class ConfigurationManager
 {
    public const string DEDYN_SUFFIX = '.dedyn.io';
    private array $secrets = [];
    private array $config = [];
@@ -200,43 +200,6 @@ class ConfigurationManager
        set { $this->set('turn_domain', $value); }
    }
    public string $desecEmail {
        get => $this->get('desec_email', '');
        set { $this->set('desec_email', $value); }
    }
    public string $desecToken {
        get {
            $s = $this->get('secrets', []);
            return isset($s['DESEC_TOKEN']) && is_string($s['DESEC_TOKEN']) ? $s['DESEC_TOKEN'] : '';
        }
        set {
            $s = $this->get('secrets', []);
            $s['DESEC_TOKEN'] = $value;
            $this->set('secrets', $s);
        }
    }
    public string $desecPassword {
        get {
            $s = $this->get('secrets', []);
            return isset($s['DESEC_PASSWORD']) && is_string($s['DESEC_PASSWORD']) ? $s['DESEC_PASSWORD'] : '';
        }
        set {
            $s = $this->get('secrets', []);
            $s['DESEC_PASSWORD'] = $value;
            $this->set('secrets', $s);
        }
    }
    public function isDesecDomain(): bool {
        return str_ends_with($this->domain, self::DEDYN_SUFFIX) && $this->desecToken !== '';
    }
    public function isDesecAccountRegistered(): bool {
        return $this->desecToken !== '' && $this->desecEmail !== '' && $this->domain === '';
    }
    public string $apachePort {
        get => $this->getEnvironmentalVariableOrConfig('APACHE_PORT', 'apache_port', '443');
        set { $this->set('apache_port', $value); }
@@ -292,6 +255,11 @@ class ConfigurationManager
        set { $this->set('docker_socket_path', $value); }
    }
    public string $aioLogLevel {
        get => $this->getEnvironmentalVariableOrConfig('AIO_LOG_LEVEL', 'aio_log_level', 'warn');
        set { $this->set('aio_log_level', $value); }
    }
    public string $trustedCacertsDir {
        get => $this->getEnvironmentalVariableOrConfig('NEXTCLOUD_TRUSTED_CACERTS_DIR', 'trusted_cacerts_dir', '');
        set { $this->set('trusted_cacerts_dir', $value); }
@@ -569,23 +537,22 @@ class ConfigurationManager
            }
            // Check if response is correct
            $ch = curl_init();
            if ($ch === false) {
                throw new InvalidSettingConfigurationException('Could not init curl! Please check the logs!');
            }
            $testUrl = $protocol . $domain . ':443';
-            curl_setopt($ch, CURLOPT_URL, $testUrl);
+            $errorMessage = '';
-            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            $guzzleClient = new Client(['connect_timeout' => 10, 'timeout' => 10, 'http_errors' => false]);
-            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
+            try {
-            curl_setopt($ch, CURLOPT_TIMEOUT, 10);
+                $guzzleResponse = $guzzleClient->get($testUrl);
-            $response = (string)curl_exec($ch);
+                # Get rid of trailing \n
-            # Get rid of trailing \n
+                $response = str_replace("\n", "", (string)$guzzleResponse->getBody());
-            $response = str_replace("\n", "", $response);
+            } catch (TransferException $e) {
                $response = '';
                $errorMessage = 'The error message was: ' . $e->getMessage();
            }
            if ($response !== $instanceID) {
                error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
                error_log('Expected was: ' . $instanceID);
-                error_log('The error message was: ' . curl_error($ch));
+                error_log($errorMessage);
                $notice = "Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')";
                if ($port === '443') {
                    $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
@@ -1104,6 +1071,7 @@ class ConfigurationManager
            'NC_DOMAIN' => $this->domain,
            'NC_BASE_DN' => $this->getBaseDN(),
            'AIO_TOKEN' => $this->aioToken,
            'AIO_LOG_LEVEL' => $this->aioLogLevel,
            'BORGBACKUP_REMOTE_REPO' => $this->borgRemoteRepo,
            'BORGBACKUP_MODE' => $this->backupMode,
            'AIO_URL' => $this->aioUrl,
@@ -1148,7 +1116,6 @@ class ConfigurationManager
            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
            'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
            'AIO_VERSION' => $this->getAioVersion(),
            'DESEC_TOKEN' => $this->desecToken,
            default => $this->getRegisteredSecret($placeholder),
        };
    }
--- a/Show More
+++ b/Show More