aio-interface: handle SSH key authorization error explicitly in remote backup setup

Signed-off-by: Simon L. <szaimen@e.mail.de>

.editorconfig

@@ -0,0 +1,20 @@
+# https://editorconfig.org
+
+# Tip: to find files violating the rules set out here, run `docker run --rm --volume=$PWD:/check mstruebing/editorconfig-checker`
+
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.yaml]
+indent_size = 2
+
+
+[*.yml]
+indent_size = 2

.github/workflows/helm-release.yml

@@ -10,13 +10,16 @@ on:
 
 jobs:
   release:
+    # Do not run this workflow on forked repositories, as they might not have the `gh-pages` branch created, or might
+    # want to use it for other purposes than publishing helm charts
+    if: github.repository == 'nextcloud/all-in-one'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Turnstyle
-        uses: softprops/turnstyle@e565d2d86403c5d23533937e95980570545e5586 # v2
+        uses: softprops/turnstyle@e15e934b3f69ee283ba389ea05c8886baa656d93 # v2
         with:
           continue-after-seconds: 180
         env:

.github/workflows/playwright-on-push.yml

@@ -30,7 +30,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: lts/*
 

.github/workflows/playwright-on-workflow-dispatch.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
           node-version: lts/*
 

Containers/apache/Caddyfile

@@ -10,7 +10,7 @@
     }
 
     log {
-        level {$CADDY_LOG_LEVEL}
+        level ERROR
     }
 }
 

Containers/apache/Dockerfile

@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.11.2-alpine AS caddy
+FROM caddy:2.11.3-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.66-alpine3.23
+FROM httpd:2.4.67-alpine3.23
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

Containers/apache/nextcloud.conf

@@ -9,34 +9,6 @@ Listen 8000
     ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
     LogLevel ${AIO_LOG_LEVEL}
 
-    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
-    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
-    # which is especially expensive on TLS connections and noticeably slows down
-    # Nextcloud's login page and file manager that load dozens of resources at once.
-    KeepAlive On
-    # KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
-    # A short timeout frees Apache worker threads quickly so they are available
-    # for new requests; 5 s is long enough to cover the gap between requests
-    # that a browser issues while rendering a page (typically < 1 s), yet short
-    # enough to avoid holding threads open for idle or slow clients.
-    KeepAliveTimeout 5
-    # MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
-    # 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
-    # sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
-    # per sync cycle and routinely exceed 100 requests on a single connection.
-    # Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
-    # overhead. 500 gives sync clients enough headroom while still periodically
-    # recycling threads to contain per-process memory growth.
-    MaxKeepAliveRequests 500
-
-    # sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
-    # it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
-    # negating the compression configured below.  MMAP is also
-    # disabled because files can be replaced by Nextcloud at any time and mmap'd
-    # pages could serve stale data.
-    EnableSendfile Off
-    EnableMMAP Off
-
     # PHP match
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
@@ -45,17 +17,12 @@ Listen 8000
     <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
     </Proxy>
 
-    # Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
-    # compression with reasonable CPU cost; the default of 0 barely compresses).
+    # Compress JS, CSS and SVG responses with Brotli.
     # Other plain-text files are already compressed by Nextcloud itself.
-    # No deflate fallback is needed: every browser that Nextcloud supports
-    # (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
-    # supports Brotli. Internet Explorer, the only browser that never gained
-    # Brotli support, was dropped by Nextcloud with NC15 (2019).
     # Desktop and mobile sync clients never request JS/CSS/SVG assets.
     <IfModule mod_brotli.c>
         AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 4
+        BrotliCompressionQuality 0
     </IfModule>
 
     # Nextcloud dir

Containers/apache/start.sh

@@ -9,8 +9,6 @@ if [ -z "$NC_DOMAIN" ]; then
     exit 1
 fi
 
-CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
-export CADDY_LOG_LEVEL
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     export SUPERVISORD_STDOUT=/dev/stdout
 else

Containers/apache/supervisord.conf

@@ -12,7 +12,7 @@ loglevel=%(ENV_AIO_LOG_LEVEL)s
 stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=apachectl -DFOREGROUND
+command=httpd -DFOREGROUND
 
 [program:caddy]
 stdout_logfile=/dev/stdout

Containers/borgbackup/Dockerfile

@@ -31,4 +31,5 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
     org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
     org.opencontainers.image.vendor="Nextcloud" \
     org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
-ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
+ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6" \
+    AIO_LOG_LEVEL="warn"

Containers/borgbackup/backupscript.sh

@@ -18,6 +18,30 @@ get_expiration_time() {
     DURATION_HOUR=$((DURATION / 3600))
     DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC)
 }
+# Run "borg info" and handle the exit code.
+# If the exit code indicates a connection failure (80 = ConnectionClosed,
+# 81 = ConnectionClosedWithHint) and a remote repo is configured, the SSH
+# auth error signal file is created so the mastercontainer can show a
+# targeted error message.  Returns the original borg exit code.
+borg_info() {
+    borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null
+    local _exit=$?
+    if [ -n "$BORG_REMOTE_REPO" ] && { [ "$_exit" -eq 80 ] || [ "$_exit" -eq 81 ]; }; then
+        touch "$SSH_AUTH_ERROR_FILE"
+    fi
+    return $_exit
+}
+
+# Signal file written when an SSH authentication failure is detected so the
+# mastercontainer can show a targeted error without needing to scan container logs.
+# Borg exit codes 80 (ConnectionClosed) and 81 (ConnectionClosedWithHint) indicate
+# connection failures that occur before the Borg protocol is established, which covers
+# SSH authentication errors and host-key verification failures.
+# These codes are available because BORG_EXIT_CODES=modern is set in start.sh.
+SSH_AUTH_ERROR_FILE="/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg_ssh_auth_error"
+
+# Start with a clean state for every run
+rm -f "$SSH_AUTH_ERROR_FILE"
 
 # Test if all volumes aren't empty
 VOLUME_DIRS="$(find /nextcloud_aio_volumes -mindepth 1 -maxdepth 1 -type d)"
@@ -127,7 +151,7 @@ if [ "$BORG_MODE" = backup ]; then
     fi
 
     # Initialize the repository if can't get info from target
-    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+    if ! borg_info; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
             if [ -n "$BORG_REMOTE_REPO" ]; then
@@ -588,7 +612,7 @@ fi
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
     if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+        if ! borg_info; then
             echo "Borg could not get info from the remote repo."
             echo "See the above borg info output for details."
             exit 1

Containers/borgbackup/start.sh

@@ -29,6 +29,8 @@ else
 fi
 export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
+# Use specific exit codes (80/81 for connection failures) instead of the legacy generic exit code 2
+export BORG_EXIT_CODES=modern
 if [ -n "$BORG_REMOTE_REPO" ]; then
     export BORG_REPO="$BORG_REMOTE_REPO"
 

Containers/collabora/start.sh

@@ -6,6 +6,8 @@ fi
 
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     COLLABORA_LOG_LEVEL="warning"
+elif [ "$AIO_LOG_LEVEL" = "info" ]; then
+    COLLABORA_LOG_LEVEL="notice"
 else
     COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.7-alpine
+FROM haproxy:3.3.10-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:9.3.3
+FROM elasticsearch:9.4.1
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.2-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
 
-ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
+ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

Containers/mastercontainer/Dockerfile

@@ -1,17 +1,17 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.4.1-cli AS docker
+FROM docker:29.5.1-cli AS docker
 
-ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
+ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
 
 # Caddy is a requirement
-FROM caddy:2.11.2-builder-alpine AS caddy
+FROM caddy:2.11.3-builder-alpine AS caddy
 RUN set -ex; \
     xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
     /usr/bin/caddy list-modules
 
 # From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.5-fpm-alpine3.23
+FROM php:8.5.6-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080

Containers/mastercontainer/acme.Caddyfile

@@ -10,7 +10,7 @@
 	}
 
 	log {
-		level {$CADDY_LOG_LEVEL}
+		level ERROR
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host

Containers/mastercontainer/headers.Caddyfile

@@ -18,9 +18,9 @@ header {
     Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
     X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
     Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
+    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
+    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
+    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
 
     # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
     Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"

Containers/mastercontainer/internal.Caddyfile

@@ -9,7 +9,7 @@
 	}
 
 	log {
-		level {$CADDY_LOG_LEVEL}
+		level ERROR
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host

Containers/mastercontainer/start.sh

@@ -338,7 +338,7 @@ else
 fi
 
 # Log level logics
-if [ -n "$AIO_LOG_LEVEL" ] && ! grep -q "^debug$\|^info$\|^warn$\|^error$"; then
+if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
     print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
 It is set to '$AIO_LOG_LEVEL'".
     exit 1
@@ -347,13 +347,11 @@ if [ -z "$AIO_LOG_LEVEL" ]; then
     export AIO_LOG_LEVEL="warn"
 fi
 
-CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     export SUPERVISORD_STDOUT=/dev/stdout
 else
     export SUPERVISORD_STDOUT=NONE
 fi
-export CADDY_LOG_LEVEL
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268

Containers/mastercontainer/supervisord.conf

@@ -54,7 +54,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
-user=root
+user=www-data
 
 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs

Containers/nextcloud/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.30-fpm-alpine3.23
+FROM php:8.3.31-fpm-alpine3.23
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.2
+ENV NEXTCLOUD_VERSION=33.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

Containers/nextcloud/config/server.config.php

@@ -1,4 +1,4 @@
 <?php
 $CONFIG = array (
-  'serverid' => crc32(gethostname()) % 512,
+  'serverid' => hexdec(hash('xxh32', gethostname()) & 0x1FF,
 );

Containers/nextcloud/entrypoint.sh

@@ -671,6 +671,7 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
+php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
 if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
     php /var/www/html/occ config:system:set log_type --value="errorlog"
     php /var/www/html/occ config:system:set log_type_audit --value="errorlog"

Containers/notify-push/start.sh

@@ -28,7 +28,7 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
 fi
 
 # Add warning
-if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
+if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] && ! [ -f /var/www/html/apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     echo "The notify_push binary was not found."
     echo "Most likely is DNS resolution not working correctly."
     echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
@@ -42,9 +42,24 @@ if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; t
     exit 1
 fi
 
+# Logic for ipv6 disabled servers
+BIND="::"
+if grep -q "1" /sys/module/ipv6/parameters/disable \
+|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
+|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
+    BIND="0.0.0.0"
+fi
+export BIND
+
 echo "notify-push was started"
 
+
+if [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
+    PUSH_PATH="/var/www/html/custom_apps/notify_push/bin/$CPU_ARCH/notify_push"
+else
+    PUSH_PATH="/var/www/html/apps/notify_push/bin/$CPU_ARCH/notify_push"
+fi
 # Run it
-exec /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
+exec "$PUSH_PATH" \
     --port 7867 \
     /var/www/html/config/config.php

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
-FROM postgres:18.3-alpine
+FROM postgres:18.4-alpine
 
 ENV PGDATA=/var/lib/postgresql/data
 
@@ -14,6 +14,7 @@ RUN set -ex; \
         bash \
         openssl \
         shadow \
+        netcat-openbsd \
         grep; \
     \
 # We need to use the same gid and uid as on old installations

Containers/postgresql/healthcheck.sh

@@ -6,6 +6,9 @@ fi
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0
+# If database import is running, do not continue with the health check
+if nc -z 127.0.0.1 11000; then
+    exit 0
+fi
 
 PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.2-alpine
+FROM redis:8.6.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/redis/start.sh

@@ -4,8 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-if [ "$AIO_LOG_LEVEL" = "warn" ]; then
+# Redis only supports [debug, verbose, notice, warning, nothing] as log level
+if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
     REDIS_LOG_LEVEL="warning"
+elif [ "$AIO_LOG_LEVEL" = "info" ]; then
+    REDIS_LOG_LEVEL="notice"
 else
     REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi

Containers/talk-recording/Dockerfile

@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.14.3-alpine3.23
+FROM python:3.14.5-alpine3.23
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
-ENV RECORDING_VERSION=v0.2.1 \
-    ALLOW_ALL=false \
+ENV RECORDING_VERSION=v0.2.1
+ENV ALLOW_ALL=false \
     HPB_PROTOCOL=https \
     NC_PROTOCOL=https \
     SKIP_VERIFY=false \
@@ -35,6 +35,9 @@ RUN set -ex; \
         build-base \
         linux-headers \
         geckodriver; \
+    if [ "$(apk --print-arch)" = "x86_64" ]; then \
+        apk add --no-cache intel-media-driver; \
+    fi; \
     useradd -d /tmp --system recording -u 122; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \

Containers/talk/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.8-scratch AS nats
+FROM nats:2.14.1-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus

Containers/watchtower/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.2-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
 
 ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3	
 
@@ -22,6 +22,8 @@ COPY --chmod=775 start.sh /start.sh
 # hadolint ignore=DL3002
 USER root
 
+ENV AIO_LOG_LEVEL="warn"
+
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
     wud.watch="false" \

Containers/whiteboard/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.8
 
 USER root
 RUN set -ex; \

app/.editorconfig

@@ -1,19 +1,12 @@
 # https://editorconfig.org
 
+# note: the files in ./composer actually use 4 spaces instead of tabs
+
 root = true
 
 [*]
 charset = utf-8
 end_of_line = lf
-indent_size = 4
 indent_style = tab
 insert_final_newline = true
 trim_trailing_whitespace = true
-
-[*.feature]
-indent_size = 2
-indent_style = space
-
-[*.yml]
-indent_size = 2
-indent_style = space

app/readme.md

@@ -1,7 +1,10 @@
+# AIO app for Nextcloud
+
+This folder contains a Nextcloud app, which will be automatically installed within the Nextcloud instance.
+It adds a link to the admin settings page that gives access to the AIO interface.
+
 ## How to develop the app?
 
-Please note that in order to check if an app is already downloaded
-Nextcloud will look for a folder with the same name as the app.
+Please note that in order to check if an app is already downloaded Nextcloud will look for a folder with the same name as the app.
 
-Therefore you need to add the app to one of the app directories
-naming the directory `nextcloud-aio`.
+Therefore you need to add the app to one of the app directories naming the directory `nextcloud-aio`.

community-containers/home-assistant/readme.md

@@ -6,6 +6,8 @@ This container bundles Home Assistant and auto-configures it for you.
 - After adding and starting the container, you can visit `http://ip.address.of.this.server:8123` in order to set up your Home Assistant instance.
 - The data of Home Assistant will be automatically included in AIOs backup solution!
 - In order to access your Home Assistant outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
+- And to allow the traffic from the reverse proxy to be accepted by Home Assistant, follow [these instructions](https://www.home-assistant.io/integrations/http/#reverse-proxies) from the Home Assistant documentation. 
+- Or, to use the Caddy with geoblocking community container, follow the following instruction to add your own Caddyfile, to use it for Home Assistant: https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy#notes
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

community-containers/lldap/lldap.json

@@ -4,8 +4,8 @@
       "container_name": "nextcloud-aio-lldap",
       "display_name": "Light LDAP implementation",
       "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
-      "image": "lldap/lldap",
-      "image_tag": "v0-alpine",
+      "image": "ghcr.io/lldap/lldap",
+      "image_tag": "latest-alpine",
       "internal_port": "17170",
       "restart": "unless-stopped",
       "ports": [

community-containers/minio/readme.md

@@ -1,6 +1,9 @@
 ## Minio
 This container bundles minio s3 storage and auto-configures it for you.
 
+> [!CAUTION]
+> The Minio upstream project is no longer maintained. The container should still work in its current form...
+
 >[!WARNING]
 > Enabling this container will remove access to all the files formerly written to the data directory.
 > So only enable this on a clean instance directly after installing AIO.

compose.yaml

@@ -1,4 +1,4 @@
-name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
+name: nextcloud-aio # Add the container to the same compose project to which all the sibling containers are added automatically
 services:
   nextcloud-aio-mastercontainer:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
@@ -15,10 +15,10 @@ services:
       - "80:80" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - "8080:8080" # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
       - "8443:8443" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-    # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
-    # environment: # Is needed when using any of the options below
+    # security_opt: ["label:disable"] # Needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
+    # environment: # This line is needed (has to be uncommented) when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_PORT: 11000 # Needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy

manual-install/latest.yml

@@ -39,13 +39,13 @@ services:
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT
+      - AIO_LOG_LEVEL
       - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - TZ=${TIMEZONE}
       - APACHE_MAX_SIZE
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
       - WHITEBOARD_HOST=nextcloud-aio-whiteboard
-      - HARP_HOST=nextcloud-aio-harp
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -80,6 +80,7 @@ services:
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
       - POSTGRES_DB=nextcloud_database
       - POSTGRES_USER=nextcloud
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - PGTZ=${TIMEZONE}
     stop_grace_period: 1800s
@@ -149,6 +150,7 @@ services:
       - TURN_SECRET
       - SIGNALING_SECRET
       - ONLYOFFICE_SECRET
+      - AIO_LOG_LEVEL
       - NEXTCLOUD_MOUNT
       - CLAMAV_ENABLED
       - CLAMAV_HOST=nextcloud-aio-clamav
@@ -207,6 +209,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:ro
     environment:
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
     restart: unless-stopped
     read_only: true
@@ -228,6 +231,7 @@ services:
       - "6379"
     environment:
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
     volumes:
       - nextcloud_aio_redis:/data:rw
@@ -251,8 +255,9 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443,http://nextcloud-aio-apache.nextcloud-aio:23973
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
       - dictionaries=${COLLABORA_DICTIONARIES}
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
       - DONT_GEN_SSL_CERT=1
@@ -293,6 +298,7 @@ services:
       - TALK_HOST=nextcloud-aio-talk
       - TURN_SECRET
       - SIGNALING_SECRET
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - TALK_PORT
       - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
@@ -325,6 +331,7 @@ services:
       - "1234"
     environment:
       - NC_DOMAIN
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - RECORDING_SECRET
       - INTERNAL_SECRET=${TALK_INTERNAL_SECRET}
@@ -354,6 +361,7 @@ services:
     expose:
       - "3310"
     environment:
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
     volumes:
@@ -384,6 +392,8 @@ services:
     expose:
       - "80"
     environment:
+      - AIO_LOG_LEVEL
+      - LOG_LEVEL=${AIO_LOG_LEVEL}
       - TZ=${TIMEZONE}
       - JWT_ENABLED=true
       - JWT_HEADER=AuthorizationJwt
@@ -410,6 +420,7 @@ services:
     expose:
       - "9000"
     environment:
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - IMAGINARY_SECRET
     restart: unless-stopped
@@ -436,12 +447,12 @@ services:
     expose:
       - "9200"
     environment:
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - ES_JAVA_OPTS=${FULLTEXTSEARCH_JAVA_OPTIONS}
       - bootstrap.memory_lock=false
       - cluster.name=nextcloud-aio
       - discovery.type=single-node
-      - logger.level=WARN
       - http.port=9200
       - xpack.license.self_generated.type=basic
       - xpack.security.enabled=false
@@ -473,6 +484,7 @@ services:
     tmpfs:
       - /tmp
     environment:
+      - AIO_LOG_LEVEL
       - TZ=${TIMEZONE}
       - NEXTCLOUD_URL=https://${NC_DOMAIN}
       - JWT_SECRET_KEY=${WHITEBOARD_SECRET}

manual-install/sample.conf

@@ -21,11 +21,11 @@ TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the opt
 TALK_RECORDING_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 WHITEBOARD_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
+AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=17179869184          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 ADDITIONAL_COLLABORA_OPTIONS=['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
-AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation

manual-install/update-yaml.sh

@@ -48,6 +48,7 @@ sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/HARP_ENABLED/d' containers.yml
+sed -i '/HARP_HOST/d' containers.yml
 sed -i '/HP_SHARED_KEY/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 sed -i '/TURN_DOMAIN/d' containers.yml
@@ -100,7 +101,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warning          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
+sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
 sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.9.2
+version: 13.0.4
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -37,6 +37,8 @@ spec:
         - env:
             - name: ADDITIONAL_TRUSTED_DOMAIN
               value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: APACHE_HOST
               value: nextcloud-aio-apache
             - name: APACHE_MAX_SIZE
@@ -63,7 +65,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-apache:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
           command:
             - mkdir
             - "-p"
@@ -55,11 +55,13 @@ spec:
               {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: MAX_SIZE
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -23,6 +23,8 @@ spec:
       containers:
         - args: {{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson }}
           env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: DONT_GEN_SSL_CERT
               value: "1"
             - name: TZ
@@ -32,13 +34,13 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260515_145717
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260515_145717
           {{- end }}
           readinessProbe:
             exec:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
           command:
             - mkdir
             - "-p"
@@ -54,6 +54,8 @@ spec:
               {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: PGTZ
               value: "{{ .Values.TIMEZONE }}"
             - name: POSTGRES_DB
@@ -64,7 +66,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
           command:
             - chmod
             - "777"
@@ -34,6 +34,8 @@ spec:
               mountPath: /nextcloud-aio-elasticsearch
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: ES_JAVA_OPTS
               value: "{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}"
             - name: FULLTEXTSEARCH_PASSWORD
@@ -48,13 +50,17 @@ spec:
               value: single-node
             - name: http.port
               value: "9200"
-            - name: logger.level
-              value: WARN
+            - name: indices.fielddata.cache.size
+              value: 20%
+            - name: indices.memory.index_buffer_size
+              value: 20%
+            - name: thread_pool.write.queue_size
+              value: "1000"
             - name: xpack.license.self_generated.type
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -34,11 +34,13 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: IMAGINARY_SECRET
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
           command:
             - chmod
             - "777"
@@ -92,6 +92,8 @@ spec:
               value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
             - name: ADMIN_USER
               value: admin
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: APACHE_HOST
               value: nextcloud-aio-apache
             - name: APACHE_PORT
@@ -190,7 +192,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260515_145717
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -35,11 +35,13 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
           command:
             - chmod
             - "777"
@@ -34,15 +34,19 @@ spec:
               mountPath: /nextcloud-aio-onlyoffice
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: JWT_ENABLED
               value: "true"
             - name: JWT_HEADER
               value: AuthorizationJwt
             - name: JWT_SECRET
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -35,11 +35,13 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-redis:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -40,6 +40,8 @@ spec:
               value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
             - name: TALK_MAX_SCREEN_BITRATE
               value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: INTERNAL_SECRET
               value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
@@ -54,7 +56,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-talk:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -36,6 +36,8 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: INTERNAL_SECRET
               value: "{{ .Values.TALK_INTERNAL_SECRET }}"
             - name: NC_DOMAIN
@@ -44,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -34,6 +34,8 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: AIO_LOG_LEVEL
+              value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: BACKUP_DIR
               value: /tmp
             - name: JWT_SECRET_KEY
@@ -50,7 +52,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260409_094910
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260515_145717
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/values.yaml

@@ -21,6 +21,7 @@ TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the op
 TALK_RECORDING_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 WHITEBOARD_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 
+AIO_LOG_LEVEL: warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.
 APACHE_MAX_SIZE: "17179869184"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else).
 ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
@@ -31,7 +32,7 @@ NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional pa
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
-NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. -app_api
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS: "yes"        # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.

php/composer.lock

@@ -64,16 +64,16 @@
         },
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.10.0",
+            "version": "7.10.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
+                "reference": "aed36fd5fb4844f284252a999d9abf35d3a9a1ae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
-                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/aed36fd5fb4844f284252a999d9abf35d3a9a1ae",
+                "reference": "aed36fd5fb4844f284252a999d9abf35d3a9a1ae",
                 "shasum": ""
             },
             "require": {
@@ -91,8 +91,9 @@
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "ext-curl": "*",
                 "guzzle/client-integration-tests": "3.0.2",
+                "guzzlehttp/test-server": "^0.3.2",
                 "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -170,7 +171,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.2"
             },
             "funding": [
                 {
@@ -186,20 +187,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-23T22:36:01+00:00"
+            "time": "2026-05-20T11:58:52+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.3.0",
+            "version": "2.3.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
+                "reference": "d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
-                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e",
+                "reference": "d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e",
                 "shasum": ""
             },
             "require": {
@@ -207,7 +208,7 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
             },
             "type": "library",
             "extra": {
@@ -253,7 +254,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.3.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.1"
             },
             "funding": [
                 {
@@ -269,20 +270,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-08-22T14:34:08+00:00"
+            "time": "2026-05-19T18:30:48+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.9.0",
+            "version": "2.10.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884"
+                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/7d0ed42f28e42d61352a7a79de682e5e67fec884",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/73ab136360b5dfd858006eae9795e8fe43c80361",
+                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361",
                 "shasum": ""
             },
             "require": {
@@ -297,9 +298,9 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "http-interop/http-factory-tests": "0.9.0",
+                "http-interop/http-factory-tests": "1.1.0",
                 "jshttp/mime-db": "1.54.0.1",
-                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
+                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -370,7 +371,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.9.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.10.1"
             },
             "funding": [
                 {
@@ -386,7 +387,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-10T16:41:02+00:00"
+            "time": "2026-05-20T09:27:36+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -448,16 +449,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.12",
+            "version": "v2.0.13",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919"
+                "reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
-                "reference": "a6abb4e54f6fcd3138120b9ad497f0bd146f9919",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
+                "reference": "b566ee0dd251f3c4078bed003a7ce015f5ea6dce",
                 "shasum": ""
             },
             "require": {
@@ -505,7 +506,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2026-04-14T13:33:34+00:00"
+            "time": "2026-04-16T14:03:50+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -1465,16 +1466,16 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.6.0",
+            "version": "v3.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62"
+                "reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62",
-                "reference": "63afe740e99a13ba87ec199bb07bbdee937a5b62",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/50f59d1f3ca46d41ac911f97a78626b6756af35b",
+                "reference": "50f59d1f3ca46d41ac911f97a78626b6756af35b",
                 "shasum": ""
             },
             "require": {
@@ -1487,7 +1488,7 @@
                     "name": "symfony/contracts"
                 },
                 "branch-alias": {
-                    "dev-main": "3.6-dev"
+                    "dev-main": "3.7-dev"
                 }
             },
             "autoload": {
@@ -1512,7 +1513,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.6.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.7.0"
             },
             "funding": [
                 {
@@ -1523,12 +1524,16 @@
                     "url": "https://github.com/fabpot",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/nicolas-grekas",
+                    "type": "github"
+                },
                 {
                     "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-09-25T14:21:43+00:00"
+            "time": "2026-04-13T15:52:40+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -1780,16 +1785,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.24.0",
+            "version": "v3.26.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0"
+                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6769aefb305efef849dc25c9fd1653358c148f0",
-                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
+                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
                 "shasum": ""
             },
             "require": {
@@ -1844,7 +1849,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.24.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.26.0"
             },
             "funding": [
                 {
@@ -1856,7 +1861,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-17T21:31:11+00:00"
+            "time": "2026-05-20T07:31:59+00:00"
         }
     ],
     "packages-dev": [
@@ -2172,16 +2177,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.3.3",
+            "version": "v2.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60"
+                "reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/296b521137a54d3a02425b464e5aee4c93db2c60",
-                "reference": "296b521137a54d3a02425b464e5aee4c93db2c60",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/37f5b2754fadc229c00f9416bd68fb8d04529a81",
+                "reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81",
                 "shasum": ""
             },
             "require": {
@@ -2201,7 +2206,7 @@
                 "amphp/php-cs-fixer-config": "^2",
                 "amphp/phpunit-util": "^3",
                 "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.18"
+                "psalm/phar": "6.16.1"
             },
             "type": "library",
             "autoload": {
@@ -2244,7 +2249,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.3.3"
+                "source": "https://github.com/amphp/parallel/tree/v2.4.0"
             },
             "funding": [
                 {
@@ -2252,7 +2257,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-11-15T06:23:42+00:00"
+            "time": "2026-05-16T16:54:01+00:00"
         },
         {
             "name": "amphp/parser",
@@ -2318,16 +2323,16 @@
         },
         {
             "name": "amphp/pipeline",
-            "version": "v1.2.3",
+            "version": "v1.2.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/pipeline.git",
-                "reference": "7b52598c2e9105ebcddf247fc523161581930367"
+                "reference": "a044733e080940d1483f56caff0c412ad6982776"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/pipeline/zipball/7b52598c2e9105ebcddf247fc523161581930367",
-                "reference": "7b52598c2e9105ebcddf247fc523161581930367",
+                "url": "https://api.github.com/repos/amphp/pipeline/zipball/a044733e080940d1483f56caff0c412ad6982776",
+                "reference": "a044733e080940d1483f56caff0c412ad6982776",
                 "shasum": ""
             },
             "require": {
@@ -2339,7 +2344,7 @@
                 "amphp/php-cs-fixer-config": "^2",
                 "amphp/phpunit-util": "^3",
                 "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.18"
+                "psalm/phar": "6.16.1"
             },
             "type": "library",
             "autoload": {
@@ -2373,7 +2378,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/pipeline/issues",
-                "source": "https://github.com/amphp/pipeline/tree/v1.2.3"
+                "source": "https://github.com/amphp/pipeline/tree/v1.2.4"
             },
             "funding": [
                 {
@@ -2381,7 +2386,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2025-03-16T16:33:53+00:00"
+            "time": "2026-05-06T05:37:57+00:00"
         },
         {
             "name": "amphp/process",
@@ -3771,16 +3776,16 @@
         },
         {
             "name": "revolt/event-loop",
-            "version": "v1.0.8",
+            "version": "v1.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/revoltphp/event-loop.git",
-                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c"
+                "reference": "44061cf513e53c6200372fc935ac42271566295d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c",
-                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c",
+                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/44061cf513e53c6200372fc935ac42271566295d",
+                "reference": "44061cf513e53c6200372fc935ac42271566295d",
                 "shasum": ""
             },
             "require": {
@@ -3790,7 +3795,7 @@
                 "ext-json": "*",
                 "jetbrains/phpstorm-stubs": "^2019.3",
                 "phpunit/phpunit": "^9",
-                "psalm/phar": "^5.15"
+                "psalm/phar": "6.16.*"
             },
             "type": "library",
             "extra": {
@@ -3837,22 +3842,22 @@
             ],
             "support": {
                 "issues": "https://github.com/revoltphp/event-loop/issues",
-                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8"
+                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.9"
             },
-            "time": "2025-08-27T21:33:23+00:00"
+            "time": "2026-05-16T17:55:38+00:00"
         },
         {
             "name": "sebastian/diff",
-            "version": "8.1.0",
+            "version": "8.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "9c957d730257f49c873f3761674559bd90098a7d"
+                "reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/9c957d730257f49c873f3761674559bd90098a7d",
-                "reference": "9c957d730257f49c873f3761674559bd90098a7d",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b36d33b6e796513de7cb7df053afb3f55eefcd47",
+                "reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47",
                 "shasum": ""
             },
             "require": {
@@ -3865,7 +3870,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "8.1-dev"
+                    "dev-main": "8.3-dev"
                 }
             },
             "autoload": {
@@ -3898,7 +3903,7 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
                 "security": "https://github.com/sebastianbergmann/diff/security/policy",
-                "source": "https://github.com/sebastianbergmann/diff/tree/8.1.0"
+                "source": "https://github.com/sebastianbergmann/diff/tree/8.3.0"
             },
             "funding": [
                 {
@@ -3918,7 +3923,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-04-05T12:02:33+00:00"
+            "time": "2026-05-15T04:58:09+00:00"
         },
         {
             "name": "spatie/array-to-xml",
@@ -4048,16 +4053,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.36",
+            "version": "v6.4.39",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
-                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+                "url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
                 "shasum": ""
             },
             "require": {
@@ -4122,7 +4127,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.36"
+                "source": "https://github.com/symfony/console/tree/v6.4.39"
             },
             "funding": [
                 {
@@ -4142,20 +4147,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-27T15:30:51+00:00"
+            "time": "2026-05-12T06:50:03+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v8.0.8",
+            "version": "v8.0.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
-                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
                 "shasum": ""
             },
             "require": {
@@ -4192,7 +4197,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.8"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.11"
             },
             "funding": [
                 {
@@ -4212,7 +4217,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-30T15:14:47+00:00"
+            "time": "2026-05-11T16:39:47+00:00"
         },
         {
             "name": "symfony/finder",
@@ -4531,16 +4536,16 @@
         },
         {
             "name": "symfony/service-contracts",
-            "version": "v3.6.1",
+            "version": "v3.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/service-contracts.git",
-                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43"
+                "reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/45112560a3ba2d715666a509a0bc9521d10b6c43",
-                "reference": "45112560a3ba2d715666a509a0bc9521d10b6c43",
+                "url": "https://api.github.com/repos/symfony/service-contracts/zipball/d25d82433a80eba6aa0e6c24b61d7370d99e444a",
+                "reference": "d25d82433a80eba6aa0e6c24b61d7370d99e444a",
                 "shasum": ""
             },
             "require": {
@@ -4558,7 +4563,7 @@
                     "name": "symfony/contracts"
                 },
                 "branch-alias": {
-                    "dev-main": "3.6-dev"
+                    "dev-main": "3.7-dev"
                 }
             },
             "autoload": {
@@ -4594,7 +4599,7 @@
                 "standards"
             ],
             "support": {
-                "source": "https://github.com/symfony/service-contracts/tree/v3.6.1"
+                "source": "https://github.com/symfony/service-contracts/tree/v3.7.0"
             },
             "funding": [
                 {
@@ -4614,20 +4619,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-07-15T11:30:57+00:00"
+            "time": "2026-03-28T09:44:51+00:00"
         },
         {
             "name": "symfony/string",
-            "version": "v7.4.8",
+            "version": "v7.4.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688"
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
-                "reference": "114ac57257d75df748eda23dd003878080b8e688",
+                "url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
                 "shasum": ""
             },
             "require": {
@@ -4685,7 +4690,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.8"
+                "source": "https://github.com/symfony/string/tree/v7.4.11"
             },
             "funding": [
                 {
@@ -4705,7 +4710,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-24T13:12:05+00:00"
+            "time": "2026-05-13T12:04:42+00:00"
         },
         {
             "name": "vimeo/psalm",
@@ -4894,16 +4899,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "2.3.0",
+            "version": "2.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4"
+                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
-                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9007ea6f45ecf352a9422b36644e4bfc039b9155",
+                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155",
                 "shasum": ""
             },
             "require": {
@@ -4919,7 +4924,11 @@
             },
             "type": "library",
             "extra": {
+                "psalm": {
+                    "pluginClass": "Webmozart\\Assert\\PsalmPlugin"
+                },
                 "branch-alias": {
+                    "dev-master": "2.0-dev",
                     "dev-feature/2-0": "2.0-dev"
                 }
             },
@@ -4950,9 +4959,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.3.0"
+                "source": "https://github.com/webmozarts/assert/tree/2.4.0"
             },
-            "time": "2026-04-11T10:33:05+00:00"
+            "time": "2026-05-20T13:07:01+00:00"
         }
     ],
     "aliases": [],

php/containers.json

@@ -892,7 +892,6 @@
       "environment": [
         "HP_SHARED_KEY=%HP_SHARED_KEY%",
         "NC_INSTANCE_URL=https://%NC_DOMAIN%",
-        "HP_LOG_LEVEL=%COLLABORA_LOG_LEVEL%",
         "HP_FRP_DISABLE_TLS=true",
         "TZ=%TIMEZONE%"
       ],

php/psalm.xml

@@ -1,29 +1,29 @@
 <?xml version="1.0"?>
 <psalm
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns="https://getpsalm.org/schema/config"
-	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
-	errorBaseline="psalm-baseline.xml"
-	findUnusedBaselineEntry="true"
-	findUnusedCode="false"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns="https://getpsalm.org/schema/config"
+    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+    errorBaseline="psalm-baseline.xml"
+    findUnusedBaselineEntry="true"
+    findUnusedCode="false"
 >
-	<projectFiles>
-		<directory name="templates"/>
-		<directory name="src"/>
-		<file name="public/index.php"/>
-		<ignoreFiles>
-			<directory name="vendor" />
-		</ignoreFiles>
-	</projectFiles>
-	<extraFiles>
-		<directory name="vendor" />
-	</extraFiles>
-	<issueHandlers>
-  		<ClassMustBeFinal errorLevel="suppress" />
+    <projectFiles>
+        <directory name="templates"/>
+        <directory name="src"/>
+        <file name="public/index.php"/>
+        <ignoreFiles>
+            <directory name="vendor" />
+        </ignoreFiles>
+    </projectFiles>
+    <extraFiles>
+        <directory name="vendor" />
+    </extraFiles>
+    <issueHandlers>
+        <ClassMustBeFinal errorLevel="suppress" />
         <MissingConstructor>
             <errorLevel type="suppress">
                 <file name="src/Data/ConfigurationManager.php" />  <!-- We're using property hooks with virtual properties in that file, which Psalm wrongly complains about. See <https://github.com/vimeo/psalm/issues/11435>.  -->
             </errorLevel>
         </MissingConstructor>
-	</issueHandlers>
+    </issueHandlers>
 </psalm>

php/public/index.php

@@ -68,7 +68,7 @@ session_start([
     "use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
     "cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
     "cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
-    "cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
+    "cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
 ]);
 
 if ($wasAuthenticated) {
@@ -105,7 +105,6 @@ $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':Sta
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
-$app->post('/api/docker/pull-images', AIO\Controller\DockerController::class . ':PullImages');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
 $app->get('/api/auth/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');
@@ -144,6 +143,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
+        'is_ssh_auth_error' => $dockerActionManager->isBorgBackupSshAuthError(),
         'is_instance_restore_attempt' => $configurationManager->instanceRestoreAttempt,
         'borg_backup_mode' => $configurationManager->backupMode,
         'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
@@ -246,6 +246,7 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
     }
 });
 
+// Default error handler
 $errorMiddleware = $app->addErrorMiddleware(false, true, true);
 
 // Set a custom Not Found handler, which doesn't pollute the app output with 404 errors.
@@ -255,6 +256,17 @@ $errorMiddleware->setErrorHandler(
         $response = $app->getResponseFactory()->createResponse();
         $response->getBody()->write('Not Found');
         return $response->withStatus(404);
-    });
+    }
+);
+
+// Set another custom error handler, which doesn't pollute the app output with 405 errors.
+$errorMiddleware->setErrorHandler(
+    \Slim\Exception\HttpMethodNotAllowedException::class,
+    function (Request $request, Throwable $exception, bool $displayErrorDetails) use ($app) {
+        $response = $app->getResponseFactory()->createResponse();
+        $response->getBody()->write('Method not allowed');
+        return $response->withStatus(405);
+    }
+);
 
 $app->run();

php/src/Controller/DockerController.php

@@ -45,15 +45,15 @@ readonly class DockerController {
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
-    private function PerformRecursiveImagePull(string $id, ?\Closure $addToStreamingResponseBody = null) : void {
+    private function PerformRecursiveImagePull(string $id) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Pull all dependencies first and then itself
         foreach($container->dependsOn as $dependency) {
-            $this->PerformRecursiveImagePull($dependency, $addToStreamingResponseBody);
+            $this->PerformRecursiveImagePull($dependency);
         }
 
-        $this->dockerActionManager->PullImage($container, true, $addToStreamingResponseBody);
+        $this->dockerActionManager->PullImage($container, true);
     }
 
     public function PullAllContainerImages(): void {
@@ -63,19 +63,6 @@ readonly class DockerController {
         $this->PerformRecursiveImagePull($id);
     }
 
-    public function PullImages(Request $request, Response $response, array $args) : Response {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
-        $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveImagePull($id, $addToStreamingResponseBody);
-
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
-    }
-
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $requestParams = $request->getQueryParams();

php/src/Data/DataConst.php

@@ -68,6 +68,10 @@ class DataConst {
         return (string)realpath(__DIR__ . '/../../containers.json');
     }
 
+    public static function GetBorgSshAuthErrorFile() : string {
+        return self::GetDataDirectory() . '/borg_ssh_auth_error';
+    }
+
     public static function GetAioVersionFile() : string {
         return (string)realpath(__DIR__ . '/../../templates/includes/aio-version.twig');
     }

php/src/Docker/DockerActionManager.php

@@ -916,6 +916,10 @@ readonly class DockerActionManager {
         }
     }
 
+    public function isBorgBackupSshAuthError(): bool {
+        return file_exists(DataConst::GetBorgSshAuthErrorFile());
+    }
+
     public function GetBackupcontainerExitCode(): int {
         $containerName = 'nextcloud-aio-borgbackup';
         $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));

php/templates/containers.twig

@@ -191,10 +191,17 @@
 
                             {% if not hasBackupLocation or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
                                 {% if borg_remote_repo and backup_exit_code > 0 %}
-                                <p>
-                                You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
-                                To try again, resubmit your location and rerun the test.
-                                </p>
+                                    {% if is_ssh_auth_error %}
+                                        <p>
+                                        ⚠️ <strong>SSH key not authorized on the remote server.</strong> You must add the following SSH public key to the <code>authorized_keys</code> file on your remote backup server before the restore test can succeed:<br><br><strong>{{ borg_public_key }}</strong><br><br>
+                                        Once you have added the key on the remote server, resubmit your location and rerun the test.
+                                        </p>
+                                    {% else %}
+                                        <p>
+                                        You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
+                                        To try again, resubmit your location and rerun the test.
+                                        </p>
+                                    {% endif %}
                                 {% endif %}
 
                                 <p>
@@ -291,14 +298,6 @@
                         {% if has_update_available == true %}
                             {% if is_mastercontainer_update_available == false %}
                                 <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
-                                {% if isAnyRunning == true and isApacheStarting != true %}
-                                    <p>Alternatively, you can already pull the new images now while the containers are still running. Depending on your internet connection and image sizes, this can take a few minutes. The new images will automatically be used whenever the containers are recreated – either manually via <strong>Stop containers</strong> + <strong>Start and update containers</strong>, or automatically via AIO's daily backup/update schedule.</p>
-                                    <form method="POST" action="api/docker/pull-images" target="overlay-log">
-                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input type="submit" value="Pull new images" />
-                                    </form>
-                                {% endif %}
                             {% endif %}
                         {% else %}
                             {% if is_mastercontainer_update_available == false %}
@@ -428,21 +427,28 @@
                                         {% if has_backup_run_once == false %}
                                             <p>The initial backup was not successful.</p>
 
-                                            {% if borg_remote_repo %}
-                                            <p>
-                                            You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
-                                            To try again, click <strong>Create backup</strong>.
-                                            </p>
+                                            {% if borg_remote_repo and is_ssh_auth_error %}
+                                                <p>
+                                                ⚠️ <strong>SSH key not authorized on the remote server.</strong> You must add the following SSH public key to the <code>authorized_keys</code> file on your remote backup server before the backup can succeed:<br><br><strong>{{ borg_public_key }}</strong><br><br>
+                                                Once you have added the key on the remote server, click <strong>Create backup</strong> to try again.
+                                                </p>
+                                            {% else %}
+                                                <p>
+                                                You may want to reset the backup location which allows you to enter a new one afterwards. 
+                                                </p>
+                                                <p>
+                                                If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
+                                                {% if borg_remote_repo %}
+                                                    or the remote repo <strong>{{ borg_remote_repo }}</strong>
+                                                {% endif %}
+                                                is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.
+                                                </p>
+                                                <form method="POST" action="api/docker/backup-reset-location" class="xhr">
+                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                    <input type="submit" value="Reset backup location" data-confirm='Are you sure that you want to reset the backup location?' />
+                                                </form>
                                             {% endif %}
-
-                                            <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
-                                            <form method="POST" action="api/configuration" class="xhr">
-                                                <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
-                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
-                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                <input type="submit" value="Set backup location again" />
-                                            </form>
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
                                         {% if borg_backup_mode == "backup" %}

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-13.0.0
+13.0.4

php/templates/log.twig

@@ -1,9 +1,11 @@
 <html lang="en">
     <head>
+        <title>AIO</title>
         <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
         <link rel="stylesheet" href="style.css">
         <link rel="stylesheet" href="logs.css">
-        <script src="log-view.js?v1"></script>
+        <link rel="icon" href="img/favicon.png">
+        <script src="log-load.js?v1"></script>
     </head>
     <body data-container-id="{{ id }}">
         <div id="floating-box">

tests/QA/004-initial-backup.md

@@ -23,8 +23,10 @@
     - [ ] Both a local backup location and a remote repo URL should not be accepted at the same time
     - [ ] The page should now reload
     - [ ] Now click on `Create backup`
-    - [ ] After the first failed backup attempt with a remote repo, the SSH public key for borg should be shown so it can be authorized on the remote server
-    - [ ] After authorizing the server on the remote, scroll down and click on `Create backup` again to create another backup. This time it should succeed.
+    - [ ] After the first failed backup attempt with a remote repo, the page should show **"The initial backup was not successful."** and one of two things depending on why it failed:
+        - [ ] **SSH auth error** (exit codes 80/81 – connection closed before Borg protocol established): a prominent ⚠️ **"SSH key not authorized on the remote server."** warning should appear with the public key displayed. After adding the key to `~/.ssh/authorized_keys` on the remote server, click **Create backup** again to retry.
+        - [ ] **Other error** (wrong path, unreachable host, etc.): instead of the ⚠️ warning, a **"Reset backup location"** button should appear (with a confirmation prompt) that allows resetting the configured location so a new one can be entered. Note: there are no longer inline text inputs to re-enter the location at this point.
+    - [ ] After authorizing the SSH key on the remote, scroll down and click on `Create backup` again to create another backup. This time it should succeed.
 - [ ] The initial Nextcloud credentials on top of the page that are visible when the containers are running should now be hidden in a details tag
 - [ ] After a while and a few automatic reloads (as long as the side is focused), you should be redirected to the usual page and seen in the Backup and restore section that the last backup was successful.
 - [ ] Below that you should see a details tag that allows to reveal all backup options

tests/QA/010-restore-instance.md

@@ -22,7 +22,9 @@ For the below to work, you need a backup archive of an AIO instance and the loca
     - [ ] Enter an invalid remote repo URL (e.g. `user` without `@` and `:`) which should send an error
     - [ ] Enter a valid remote borg repo URL and the correct backup password:
         - [ ] Should reload and should hide all options except the option to test the path and password
-        - [ ] After the first failed connection attempt, the SSH public key for borg should be shown so it can be authorized on the remote server
+        - [ ] After the first failed connection attempt, the behavior depends on the failure reason:
+            - [ ] **SSH auth error** (exit codes 80/81 – connection closed before Borg protocol established): a prominent ⚠️ **"SSH key not authorized on the remote server."** warning should appear with the SSH public key displayed and instructions to add it to `~/.ssh/authorized_keys` on the remote server. After adding the key, scroll down and click on the test button again.
+            - [ ] **Other error** (wrong path, unreachable host, etc.): a generic message should appear noting the public key that may still need to be authorized on the remote.
         - [ ] After authorizing the key on the remote server, scroll down and click on the test button again. This time it should succeed and show the options to check the integrity and list backup archives
         - [ ] After the test you should see the options to check the integrity of the backup and a list of backup archives that you can choose from to restore your instance
         - [ ] Clicking on either option should show a window prompt that lets you cancel the operation