feat: add AIO_LOG_LEVEL env to configure log level across all main containers

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/cd05ca56-d0e8-4260-988b-a7cc0747beff

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/apache/start.sh

@@ -36,6 +36,15 @@ else
     export PROTOCOL="https"
 fi
 
+# Apply log level to Caddy and Apache httpd
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   CADDY_LOG_LEVEL="DEBUG"; APACHE_LOG_LEVEL="debug" ;;
+    info)    CADDY_LOG_LEVEL="INFO";  APACHE_LOG_LEVEL="info" ;;
+    warning) CADDY_LOG_LEVEL="WARN";  APACHE_LOG_LEVEL="warn" ;;
+    error)   CADDY_LOG_LEVEL="ERROR"; APACHE_LOG_LEVEL="error" ;;
+    *)       CADDY_LOG_LEVEL="WARN";  APACHE_LOG_LEVEL="warn" ;;
+esac
+
 # Change the auto_https in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
     CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
@@ -44,6 +53,10 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile
 
+# Apply Caddy log level
+CADDYFILE="$(sed "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /tmp/Caddyfile)"
+echo "$CADDYFILE" > /tmp/Caddyfile
+
 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
     # Here the 100.64.0.0/10 range gets added which is the CGNAT range used by Tailscale nodes
@@ -74,4 +87,18 @@ fi
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 
-exec "$@"
+# Apply Apache httpd log level
+sed -i "s|LogLevel [a-z]*|LogLevel $APACHE_LOG_LEVEL|" /usr/local/apache2/conf/nextcloud.conf
+
+# Apply supervisord log level (supervisord.conf is not writable by this user, so use /tmp copy)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug" ;;
+    info)    SUPERVISORD_LOG_LEVEL="info" ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn" ;;
+    error)   SUPERVISORD_LOG_LEVEL="error" ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn" ;;
+esac
+cp /supervisord.conf /tmp/supervisord.conf
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+
+exec /usr/bin/supervisord -c /tmp/supervisord.conf

Containers/borgbackup/start.sh

@@ -4,6 +4,39 @@
 export MOUNT_DIR="/mnt/borgbackup"
 export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"  # necessary even when remote to store the aio-lockfile
 
+# Map AIO_LOG_LEVEL to a Python logging config for borg (via BORG_LOGGING_CONF)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   BORG_PYTHON_LOG_LEVEL="DEBUG" ;;
+    info)    BORG_PYTHON_LOG_LEVEL="INFO" ;;
+    warning) BORG_PYTHON_LOG_LEVEL="WARNING" ;;
+    error)   BORG_PYTHON_LOG_LEVEL="ERROR" ;;
+    *)       BORG_PYTHON_LOG_LEVEL="WARNING" ;;
+esac
+cat > /tmp/borg-logging.conf << EOF
+[loggers]
+keys=root
+
+[handlers]
+keys=console
+
+[formatters]
+keys=simple
+
+[logger_root]
+level=$BORG_PYTHON_LOG_LEVEL
+handlers=console
+
+[handler_console]
+class=StreamHandler
+level=$BORG_PYTHON_LOG_LEVEL
+formatter=simple
+args=(sys.stderr,)
+
+[formatter_simple]
+format=%(message)s
+EOF
+export BORG_LOGGING_CONF=/tmp/borg-logging.conf
+
 # Validate BORG_PASSWORD
 if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
     echo "Neither BORG_PASSWORD nor BACKUP_RESTORE_PASSWORD are set."

Containers/clamav/start.sh

@@ -3,6 +3,40 @@
 # Print out clamav version for compliance reasons
 clamscan --version
 
+# Apply AIO_LOG_LEVEL to ClamAV by copying the read-only config files to /tmp
+# and applying the appropriate LogVerbose / Debug settings there.
+# supervisord.conf is also copied so its loglevel can be adjusted.
+cp /etc/clamav/clamd.conf /tmp/clamd.conf
+cp /etc/clamav/freshclam.conf /tmp/freshclam.conf
+cp /supervisord.conf /tmp/supervisord.conf
+
+# Point supervisord to the /tmp copies of the ClamAV configs
+sed -i "s|/etc/clamav/clamd.conf|/tmp/clamd.conf|g" /tmp/supervisord.conf
+
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug yes|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="debug"
+        ;;
+    info)
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose yes|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="info"
+        ;;
+    warning|error|*)
+        sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/clamd.conf
+        sed -i "s|#\?Debug.*|Debug no|" /tmp/clamd.conf
+        sed -i "s|#\?LogVerbose.*|LogVerbose no|" /tmp/freshclam.conf
+        SUPERVISORD_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+        # supervisord uses 'warn' not 'warning'
+        [ "$SUPERVISORD_LOG_LEVEL" = "warning" ] && SUPERVISORD_LOG_LEVEL="warn"
+        ;;
+esac
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+
 echo "Clamav started"
 
-exec "$@"
+exec /usr/bin/supervisord -c /tmp/supervisord.conf

Containers/docker-socket-proxy/haproxy.cfg

@@ -2,6 +2,7 @@
 
 global
     maxconn 10
+    # HAPROXY_LOG_PLACEHOLDER
 
 defaults
     timeout connect 30s

Containers/docker-socket-proxy/start.sh

@@ -18,6 +18,17 @@ else
     HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
 fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
+
+# Apply AIO_LOG_LEVEL as HAProxy global log directive
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   HAPROXY_LOG_LEVEL="debug" ;;
+    info)    HAPROXY_LOG_LEVEL="info" ;;
+    warning) HAPROXY_LOG_LEVEL="notice" ;;
+    error)   HAPROXY_LOG_LEVEL="err" ;;
+    *)       HAPROXY_LOG_LEVEL="notice" ;;
+esac
+HAPROXYFILE="$(sed "s|# HAPROXY_LOG_PLACEHOLDER|log stdout format raw local0 $HAPROXY_LOG_LEVEL|" /tmp/haproxy.cfg)"
+echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 set +x
 
 haproxy -f /tmp/haproxy.cfg -db

Containers/domaincheck/start.sh

@@ -14,6 +14,16 @@ fi
 CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
 
+# Enable verbose debug logging when AIO_LOG_LEVEL is set to debug
+if [ "${AIO_LOG_LEVEL:-warning}" = "debug" ]; then
+    {
+        echo 'debug.log-request-handling = "enable"'
+        echo 'debug.log-response-header = "enable"'
+        echo 'debug.log-request-header = "enable"'
+        echo 'debug.log-condition-handling = "enable"'
+    } >> /etc/lighttpd/lighttpd.conf
+fi
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf
 

Containers/mastercontainer/start.sh

@@ -396,6 +396,19 @@ if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
     rm -rf /mnt/docker-aio-config/caddy/locks/*
 fi
 
+# Apply log level to Caddyfiles, supervisord and PHP-FPM
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   CADDY_LOG_LEVEL="DEBUG";  SUPERVISORD_LOG_LEVEL="debug";  PHP_FPM_LOG_LEVEL="debug" ;;
+    info)    CADDY_LOG_LEVEL="INFO";   SUPERVISORD_LOG_LEVEL="info";   PHP_FPM_LOG_LEVEL="notice" ;;
+    warning) CADDY_LOG_LEVEL="WARN";   SUPERVISORD_LOG_LEVEL="warn";   PHP_FPM_LOG_LEVEL="warning" ;;
+    error)   CADDY_LOG_LEVEL="ERROR";  SUPERVISORD_LOG_LEVEL="error";  PHP_FPM_LOG_LEVEL="error" ;;
+    *)       CADDY_LOG_LEVEL="WARN";   SUPERVISORD_LOG_LEVEL="warn";   PHP_FPM_LOG_LEVEL="warning" ;;
+esac
+sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /acme.Caddyfile
+sed -i "s|level [A-Z]*|level $CADDY_LOG_LEVEL|" /internal.Caddyfile
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf
+printf '[global]\nlog_level = %s\n' "$PHP_FPM_LOG_LEVEL" > /usr/local/etc/php-fpm.d/z-aio-log-level.conf
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /acme.Caddyfile
 caddy fmt --overwrite /internal.Caddyfile

Containers/nextcloud/entrypoint.sh

@@ -437,7 +437,14 @@ EOF
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            case "${AIO_LOG_LEVEL:-warning}" in
+                debug)   NC_LOG_LEVEL=0 ;;
+                info)    NC_LOG_LEVEL=1 ;;
+                warning) NC_LOG_LEVEL=2 ;;
+                error)   NC_LOG_LEVEL=3 ;;
+                *)       NC_LOG_LEVEL=2 ;;
+            esac
+            php /var/www/html/occ config:system:set loglevel --value="$NC_LOG_LEVEL" --type=integer
             php /var/www/html/occ config:system:set log_type --value="file"
             php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
             php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer

Containers/nextcloud/start.sh

@@ -172,4 +172,14 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
 fi
 set +x
 
+# Apply AIO_LOG_LEVEL to supervisord (runs as root so file is writable)
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug" ;;
+    info)    SUPERVISORD_LOG_LEVEL="info" ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn" ;;
+    error)   SUPERVISORD_LOG_LEVEL="error" ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn" ;;
+esac
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /supervisord.conf
+
 exec "$@"

Containers/notify-push/start.sh

@@ -38,6 +38,12 @@ fi
 
 echo "notify-push was started"
 
+# Map AIO_LOG_LEVEL to RUST_LOG (Rust uses 'warn' not 'warning')
+case "${AIO_LOG_LEVEL:-warning}" in
+    warning) export RUST_LOG="warn" ;;
+    *)       export RUST_LOG="${AIO_LOG_LEVEL:-warn}" ;;
+esac
+
 # Run it
 /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --port 7867 \

Containers/postgresql/start.sh

@@ -6,6 +6,15 @@ export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
+# Map AIO_LOG_LEVEL to PostgreSQL log_min_messages
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   PG_LOG_LEVEL="DEBUG1" ;;
+    info)    PG_LOG_LEVEL="INFO" ;;
+    warning) PG_LOG_LEVEL="WARNING" ;;
+    error)   PG_LOG_LEVEL="ERROR" ;;
+    *)       PG_LOG_LEVEL="WARNING" ;;
+esac
+
 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
     echo "Waiting for backup container to finish..."
@@ -82,7 +91,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     export PGPORT=11000
 
     # Create new database
-    exec docker-entrypoint.sh postgres &
+    exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" &
 
     # Wait for creation
     while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
@@ -164,6 +173,9 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
     fi
 
+    # Set log level
+    sed -i "s|^#\?log_min_messages.*|log_min_messages = $PG_LOG_LEVEL|" "/var/lib/postgresql/data/postgresql.conf"
+
     # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
     if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
@@ -194,5 +206,5 @@ do_database_dump() {
 trap do_database_dump SIGINT SIGTERM
 
 # Start the database
-exec docker-entrypoint.sh postgres &
+exec docker-entrypoint.sh postgres -c "log_min_messages=$PG_LOG_LEVEL" &
 wait $!

Containers/redis/start.sh

@@ -6,12 +6,21 @@ if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
     echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit"
 fi
 
+# Map AIO_LOG_LEVEL to Redis log level
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   REDIS_LOG_LEVEL="debug" ;;
+    info)    REDIS_LOG_LEVEL="verbose" ;;
+    warning) REDIS_LOG_LEVEL="notice" ;;
+    error)   REDIS_LOG_LEVEL="warning" ;;
+    *)       REDIS_LOG_LEVEL="notice" ;;
+esac
+
 # Run redis with a password if provided
 echo "Redis has started"
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
-    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
+    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel "$REDIS_LOG_LEVEL"
 else
-    exec redis-server --loglevel warning
+    exec redis-server --loglevel "$REDIS_LOG_LEVEL"
 fi
 
 exec "$@"

Containers/talk-recording/start.sh

@@ -21,8 +21,14 @@ rm -fr /tmp/{*,.*}
 
 cat << RECORDING_CONF > "/conf/recording.conf"
 [logs]
-# 30 means Warning
+# 10=debug 20=info 30=warning 40=error
-level = 30
+$(case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   echo "level = 10" ;;
+    info)    echo "level = 20" ;;
+    warning) echo "level = 30" ;;
+    error)   echo "level = 40" ;;
+    *)       echo "level = 30" ;;
+esac)
 
 [http]
 listen = 0.0.0.0:1234

Containers/talk/start.sh

@@ -66,7 +66,7 @@ eturnal:
       port: $TALK_PORT
       transport: tcp
   log_dir: stdout
-  log_level: warning
+  log_level: ${AIO_LOG_LEVEL:-warning}
   secret: "$TURN_SECRET"
   relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
@@ -129,4 +129,18 @@ maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
 maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
 SIGNALING_CONF
 
-exec "$@"
+# Apply AIO_LOG_LEVEL to supervisord and Janus debug level
+# (supervisord.conf is not writable by this user, so use /tmp copy)
+# Janus debug levels: 2=ERR, 3=WARN, 4=INFO, 7=DBG
+case "${AIO_LOG_LEVEL:-warning}" in
+    debug)   SUPERVISORD_LOG_LEVEL="debug"; JANUS_DEBUG_LEVEL=7 ;;
+    info)    SUPERVISORD_LOG_LEVEL="info";  JANUS_DEBUG_LEVEL=4 ;;
+    warning) SUPERVISORD_LOG_LEVEL="warn";  JANUS_DEBUG_LEVEL=3 ;;
+    error)   SUPERVISORD_LOG_LEVEL="error"; JANUS_DEBUG_LEVEL=2 ;;
+    *)       SUPERVISORD_LOG_LEVEL="warn";  JANUS_DEBUG_LEVEL=3 ;;
+esac
+cp /supervisord.conf /tmp/supervisord.conf
+sed -i "s|loglevel=.*|loglevel=$SUPERVISORD_LOG_LEVEL|" /tmp/supervisord.conf
+sed -i "s|--debug-level [0-9]*|--debug-level $JANUS_DEBUG_LEVEL|" /tmp/supervisord.conf
+
+exec supervisord -c /tmp/supervisord.conf

Containers/watchtower/start.sh

@@ -17,7 +17,12 @@ if [ -f /run/.containerenv ]; then
 fi
 
 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
+    # Map AIO_LOG_LEVEL to watchtower log level (watchtower uses 'warn' not 'warning')
+    case "${AIO_LOG_LEVEL:-warning}" in
+        warning) WATCHTOWER_LOG_LEVEL="warn" ;;
+        *)       WATCHTOWER_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;;
+    esac
+    exec /watchtower --cleanup --log-level "$WATCHTOWER_LOG_LEVEL" --run-once "$CONTAINER_TO_UPDATE"
 else
     echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
     exit 1

Containers/whiteboard/start.sh

@@ -16,5 +16,11 @@ REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
 
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
 
+# Map AIO_LOG_LEVEL to pino log level (pino uses 'warn' not 'warning')
+case "${AIO_LOG_LEVEL:-warning}" in
+    warning) export LOG_LEVEL="warn" ;;
+    *)       export LOG_LEVEL="${AIO_LOG_LEVEL:-warn}" ;;
+esac
+
 # Run it
 exec npm --prefix /app run server:start

compose.yaml

@@ -17,6 +17,7 @@ services:
     # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+      # AIO_LOG_LEVEL: warning # Adjusts the log level of all included containers. Allowed values are warning, error, info and debug. Defaults to warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-log-level
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

php/containers.json

@@ -51,7 +51,8 @@
         "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push",
         "WHITEBOARD_HOST=nextcloud-aio-whiteboard",
-        "HARP_HOST=nextcloud-aio-harp"
+        "HARP_HOST=nextcloud-aio-harp",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -121,7 +122,8 @@
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
         "TZ=%TIMEZONE%",
-        "PGTZ=%TIMEZONE%"
+        "PGTZ=%TIMEZONE%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "stop_grace_period": 1800,
       "restart": "unless-stopped",
@@ -263,7 +265,8 @@
         "WHITEBOARD_SECRET=%WHITEBOARD_SECRET%",
         "WHITEBOARD_ENABLED=%WHITEBOARD_ENABLED%",
         "HARP_ENABLED=%HARP_ENABLED%",
-        "HP_SHARED_KEY=%HP_SHARED_KEY%"
+        "HP_SHARED_KEY=%HP_SHARED_KEY%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "stop_grace_period": 600,
       "restart": "unless-stopped",
@@ -310,7 +313,8 @@
       ],
       "environment": [
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "restart": "unless-stopped",
       "read_only": true,
@@ -339,7 +343,8 @@
       "internal_port": "6379",
       "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -380,7 +385,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=%COLLABORA_LOG_LEVEL% --o:logging.level_startup=%COLLABORA_LOG_LEVEL% --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -450,7 +455,8 @@
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%",
-        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
+        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "secrets": [
         "TURN_SECRET",
@@ -497,7 +503,8 @@
         "NC_DOMAIN=%NC_DOMAIN%",
         "TZ=%TIMEZONE%",
         "RECORDING_SECRET=%RECORDING_SECRET%",
-        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%"
+        "INTERNAL_SECRET=%TALK_INTERNAL_SECRET%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -544,7 +551,8 @@
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
         "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
         "BORG_HOST_ID=nextcloud-aio-borgbackup",
-        "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%"
+        "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -605,7 +613,8 @@
       "image": "ghcr.io/nextcloud-releases/aio-watchtower",
       "init": true,
       "environment": [
-        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
+        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -636,7 +645,8 @@
       "internal_port": "%APACHE_PORT%",
       "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
-        "APACHE_PORT=%APACHE_PORT%"
+        "APACHE_PORT=%APACHE_PORT%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "secrets": [
         "INSTANCE_ID"
@@ -672,7 +682,8 @@
       "internal_port": "3310",
       "environment": [
         "TZ=%TIMEZONE%",
-        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%"
+        "MAX_SIZE=%NEXTCLOUD_UPLOAD_LIMIT%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -719,7 +730,9 @@
         "TZ=%TIMEZONE%",
         "JWT_ENABLED=true",
         "JWT_HEADER=AuthorizationJwt",
-        "JWT_SECRET=%ONLYOFFICE_SECRET%"
+        "JWT_SECRET=%ONLYOFFICE_SECRET%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
+        "LOG_LEVEL=%ONLYOFFICE_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -760,7 +773,8 @@
       "internal_port": "9000",
       "environment": [
         "TZ=%TIMEZONE%",
-        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "restart": "unless-stopped",
       "cap_add": [
@@ -805,11 +819,12 @@
         "bootstrap.memory_lock=false",
         "cluster.name=nextcloud-aio",
         "discovery.type=single-node",
-        "logger.level=WARN",
+        "logger.level=%FULLTEXTSEARCH_LOG_LEVEL%",
         "http.port=9200",
         "xpack.license.self_generated.type=basic",
         "xpack.security.enabled=false",
-        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -837,7 +852,8 @@
       "init": true,
       "internal_port": "2375",
       "environment": [
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "volumes": [
         {
@@ -868,9 +884,10 @@
       "environment": [
         "HP_SHARED_KEY=%HP_SHARED_KEY%",
         "NC_INSTANCE_URL=https://%NC_DOMAIN%",
-        "HP_LOG_LEVEL=warning",
+        "HP_LOG_LEVEL=%AIO_LOG_LEVEL%",
         "HP_FRP_DISABLE_TLS=true",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "secrets": [
         "HP_SHARED_KEY"
@@ -927,7 +944,8 @@
         "REDIS_HOST=nextcloud-aio-redis",
         "REDIS_PORT=6379",
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
-        "BACKUP_DIR=/tmp"
+        "BACKUP_DIR=/tmp",
+        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%"
       ],
       "secrets": [
         "WHITEBOARD_SECRET",

php/src/Data/ConfigurationManager.php

@@ -289,6 +289,41 @@ class ConfigurationManager
         set { $this->set('nextcloud_keep_disabled_apps', $value); }
     }
 
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public string $aioLogLevel {
+        get => $this->getEnvironmentalVariableOrConfig('AIO_LOG_LEVEL', 'aio_log_level', 'warning');
+        set {
+            $this->validateAioLogLevel($value);
+            $this->set('aio_log_level', $value);
+        }
+    }
+
+    private function validateAioLogLevel(string $value) : void {
+        $allowedValues = ['warning', 'error', 'info', 'debug'];
+        if (!in_array($value, $allowedValues, true)) {
+            throw new InvalidSettingConfigurationException("Invalid log level '" . $value . "'. Allowed values are: " . implode(', ', $allowedValues));
+        }
+    }
+
+    private function getCollaboraLogLevel() : string {
+        return match ($this->aioLogLevel) {
+            'info' => 'information',
+            default => $this->aioLogLevel,
+        };
+    }
+
+    private function getUppercaseLogLevel() : string {
+        return match ($this->aioLogLevel) {
+            'warning' => 'WARN',
+            'error' => 'ERROR',
+            'info' => 'INFO',
+            'debug' => 'DEBUG',
+            default => 'WARN',
+        };
+    }
+
     private function getConfig() : array
     {
         if ($this->config === [] && file_exists(DataConst::GetConfigFile()))
@@ -1062,6 +1097,10 @@ class ConfigurationManager
             'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
             'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
             'AIO_VERSION' => $this->getAioVersion(),
+            'AIO_LOG_LEVEL' => $this->aioLogLevel,
+            'COLLABORA_LOG_LEVEL' => $this->getCollaboraLogLevel(),
+            'FULLTEXTSEARCH_LOG_LEVEL' => $this->getUppercaseLogLevel(),
+            'ONLYOFFICE_LOG_LEVEL' => $this->getUppercaseLogLevel(),
             default => $this->getRegisteredSecret($placeholder),
         };
     }

readme.md

@@ -240,6 +240,7 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [How to trust user-defined Certification Authorities (CA)?](#how-to-trust-user-defined-certification-authorities-ca)
     - [How to disable Collabora's Seccomp feature?](#how-to-disable-collaboras-seccomp-feature)
     - [How to adjust the Fulltextsearch Java options?](#how-to-adjust-the-fulltextsearch-java-options)
+    - [How to adjust the log level?](#how-to-adjust-the-log-level)
 - [Guides](#guides)
     - [How to run AIO on macOS?](#how-to-run-aio-on-macos)
     - [How to run AIO on Windows?](#how-to-run-aio-on-windows)
@@ -609,6 +610,9 @@ The Collabora container enables Seccomp by default, which is a security feature
 ### How to adjust the Fulltextsearch Java options?
 The Fulltextsearch Java options are by default set to `-Xms512M -Xmx512M` which might not be enough on some systems. You can adjust this by adding e.g. `--env FULLTEXTSEARCH_JAVA_OPTIONS="-Xms1024M -Xmx1024M"` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used.
 
+### How to adjust the log level?
+The log level for all included containers is by default set to `warning`. You can adjust this by adding e.g. `--env AIO_LOG_LEVEL=error` to the initial docker run command. If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used. Allowed values are `warning`, `error`, `info` and `debug`.
+
 ## Guides
 
 ### How to run AIO on macOS?

tests/QA/060-environmental-variables.md

@@ -25,5 +25,6 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
+- [ ] When starting the mastercontainer with `--env AIO_LOG_LEVEL=debug` all included main containers should use their debug log level. Using any value other than `warning`, `error`, `info` or `debug` should not allow the mastercontainer to start correctly.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)