Add dev convenience script for building containers

2026-05-22 11:20:13 +00:00 · 2026-04-02 10:31:30 -07:00
292 changed files with 1575 additions and 5195 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,8 +1,3 @@
-<!--
-SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
 ---
 name: 🐛 Bug report - no questions and no support!
 about: Help us improving by reporting a bug - this category is not for questions and also not for support! Please use one of the options below for questions and support
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,8 +1,3 @@
-<!--
-SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
 ---
 name: 📖 Existing feature/documentation enhancement
 about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 blank_issues_enabled: false
 contact_links:
    - name: 📘 Documentation on Nextcloud AIO
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 version: 2
 updates:
 - package-ecosystem: "github-actions"
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,8 +1,3 @@
-<!--
-SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
 <!--
  - 🚨 SECURITY INFO
  -
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 changelog:
  categories:
    - title: 🏕 New features and other improvements
--- a/.github/workflows/collabora.yml
+++ b/.github/workflows/collabora.yml
@@ -18,7 +18,7 @@ jobs:
        mv cool-seccomp-profile.json php/
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: collabora-seccomp-update automated change
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -53,7 +53,7 @@ jobs:
        sed -i "s|^ARG CADDY_REMOTE_HOST_HASH.*$|ARG CADDY_REMOTE_HOST_HASH=$CADDY_REMOTE_HOST_HASH|" ./Containers/mastercontainer/Dockerfile

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: php dependency updates
--- a/.github/workflows/fail-on-prerelease.yml
+++ b/.github/workflows/fail-on-prerelease.yml
@@ -11,7 +11,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: "Check latest published release isn't a prerelease"
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v6
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v6
        with:
          script: |
            const tags = await github.rest.repos.listTags({
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -32,7 +32,7 @@ jobs:

      # See https://github.com/helm/chart-releaser-action/issues/6
      - name: Set up Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          version: v3.6.3

--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: imaginary-update automated change
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
          fetch-depth: 0

      - name: Install Helm
-        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
+        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4
        with:
          version: v3.11.1

--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -41,7 +41,7 @@ jobs:
          persist-credentials: false

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
        with:
          php-version: ${{ matrix.php-versions }}
          coverage: none
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
            line-length: warning

      - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0

      - name: Check GitHub actions
        run: uvx zizmor --min-severity medium .github/workflows/*.yml
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -79,7 +79,7 @@ jobs:
        fi

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: nextcloud-update automated change
--- a/.github/workflows/playwright-on-push.yml
+++ b/.github/workflows/playwright-on-push.yml
@@ -4,15 +4,11 @@ on:
  pull_request:
    paths:
      - 'php/**'
-      - 'Containers/mastercontainer/*.Caddyfile'
-      - 'Containers/mastercontainer/start.sh'
  push:
    branches:
      - main
    paths:
      - 'php/**'
-      - 'Containers/mastercontainer/*.Caddyfile'
-      - 'Containers/mastercontainer/start.sh'

 concurrency:
  group: playwright-${{ github.head_ref || github.run_id }}
@@ -41,7 +37,7 @@ jobs:
        run: cd php/tests && npx playwright install --with-deps chromium

      - name: Set up php 8.5
-        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
        with:
          extensions: apcu
          php-version: 8.5
@@ -57,7 +53,7 @@ jobs:
          rm -r ./session
          composer install --no-dev
          composer clear-cache
-          sudo chmod 777 -R ../
+          sudo chmod 777 -R ./

      - name: Start fresh development server
        run: |
@@ -72,9 +68,6 @@ jobs:
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume ./php:/var/www/docker-aio/php \
-            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
-            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
-            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=true \
            --env APACHE_PORT=11000 \
@@ -104,9 +97,6 @@ jobs:
            --publish 8080:8080 \
            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
            --volume ./php:/var/www/docker-aio/php \
-            --volume ./Containers/mastercontainer/internal.Caddyfile:/internal.Caddyfile \
-            --volume ./Containers/mastercontainer/headers.Caddyfile:/headers.Caddyfile \
-            --volume ./Containers/mastercontainer/start.sh:/start.sh \
            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
            --env SKIP_DOMAIN_VALIDATION=false \
            --env APACHE_PORT=11000 \
@@ -124,7 +114,7 @@ jobs:
            exit 1
          fi

-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: ${{ !cancelled() }}
        with:
          name: playwright-report
--- a/.github/workflows/playwright-on-workflow-dispatch.yml
+++ b/.github/workflows/playwright-on-workflow-dispatch.yml
@@ -82,7 +82,7 @@ jobs:
            exit 1
          fi

-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        if: ${{ !cancelled() }}
        with:
          name: playwright-report
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -31,7 +31,7 @@ jobs:
        continue-on-error: true

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: Update psalm baseline
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -37,7 +37,7 @@ jobs:
          persist-credentials: false

      - name: Set up php
-        uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2.37.0
+        uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
        with:
          php-version: 8.5
          extensions: apcu
--- a/.github/workflows/sync-workflow-templates.yml
+++ b/.github/workflows/sync-workflow-templates.yml
@@ -1,140 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-# This workflow will update all workflow templates
-# Additionally it will reapply `workflow.yml.patch` files after syncing and only then commit the result
-name: Update workflows
-on:
-  workflow_dispatch:
-  schedule:
-      - cron: "5 2 * * 0"
-
-permissions:
-  contents: read
-
-jobs:
-  dispatch:
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        branches:
-          - ${{ github.event.repository.default_branch }}
-          - 'stable33'
-          - 'stable32'
-
-    name: Update workflows in ${{ matrix.branches }}
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Check actor permission
-        uses: skjnldsv/check-actor-permission@69e92a3c4711150929bca9fcf34448c5bf5526e7 # v3.0
-        with:
-          require: admin
-
-      - name: Checkout workflow repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          path: source
-          repository: nextcloud/.github
-
-      - name: Checkout app
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-          path: target
-          ref: ${{ matrix.branches }}
-
-      - name: Copy all workflow templates
-        run: |
-          echo 'SUMMARY<<EOF' >> $GITHUB_ENV
-          draft_only=0
-          for workflow in ./source/workflow-templates/*.yml; do
-            echo "❓ Looking for $workflow"
-            if [ -f "$workflow" ]; then
-              filename=$(basename "$workflow")
-              target_file="./target/.github/workflows/$filename"
-
-              # Only copy if the file exists in the target repository
-              if [ -f "$target_file" ]; then
-                if [ -f "./target/.github/actions-lock.txt" ]; then
-                  locked_version=$(grep " $filename" ./target/.github/actions-lock.txt | cat)
-                else
-                  echo "# SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors" >> ./target/.github/actions-lock.txt
-                  echo "# SPDX-License""-Identifier: MIT" >> ./target/.github/actions-lock.txt
-                  locked_version=""
-                fi
-                locked_version=$(echo $locked_version | cut -f 1 -d " ")
-                new_version=$(md5sum $workflow | cut -f 1 -d " ")
-
-                # Only update if the action changes
-                if [[ "$locked_version" != "$new_version" ]]; then
-                  echo "ℹ️ Locked version: $locked_version"
-                  echo "ℹ️ Current version: $new_version"
-                  echo "🆙 Updating existing workflow: $filename"
-                  echo "- 🆙 Updated [$filename](https://github.com/nextcloud/.github/commits/master/workflow-templates/$filename)" >> $GITHUB_ENV
-
-                  cp "$workflow" "$target_file"
-
-                  # Apply patch if one exists
-                  if [ -f "$target_file.patch" ]; then
-                    echo "🩹 Applying patch"
-                    cd ./target
-                    set +e
-                    patch -p1 < ".github/workflows/$filename.patch"
-                    patch_worked=$?
-                    set -e
-                    cd -
-                    if [[ "$patch_worked" == "0" ]]; then
-                      echo "  - Patch applied" >> $GITHUB_ENV
-                    else
-                      echo "  - [ ] ❌ Patch failed" >> $GITHUB_ENV
-                      draft_only=1
-                    fi
-                  fi
-
-                  if [[ "$locked_version" != "" ]]; then
-                    sed -i "s/$locked_version $filename/$new_version $filename/" ./target/.github/actions-lock.txt
-                  else
-                    echo "$new_version $filename" >> ./target/.github/actions-lock.txt
-                  fi
-                else
-                  echo "✅ Skipping $filename: already up to date"
-                fi
-              else
-                echo "⏭️ Skipping $filename: does not exist in target repository"
-              fi
-            fi
-          done
-          echo 'EOF' >> $GITHUB_ENV
-          echo "DRAFT_ONLY=${draft_only}" >> $GITHUB_ENV
-
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
-        with:
-          token: ${{ secrets.COMMAND_BOT_WORKFLOWS }} # zizmor: ignore[secrets-outside-env]
-          commit-message: 'ci(actions): Update workflow templates from organization template repository'
-          committer: GitHub <noreply@github.com>
-          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
-          path: target
-          signoff: true
-          branch: 'automated/noid/${{ matrix.branches }}-update-workflows'
-          title: '[${{ matrix.branches }}] ci(actions): Update workflow templates from organization template repository'
-          draft: ${{ env.DRAFT_ONLY == 1 }}
-          add-paths: .github/workflows/*.yml,.github/actions-lock.txt
-          body: |
-            Automated update of all workflow templates from [nextcloud/.github](https://github.com/nextcloud/.github)
-            ${{ env.SUMMARY }}
-          labels: |
-            dependencies
-            3. to review
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: talk-update automated change
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -23,7 +23,7 @@ jobs:
            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
          fi
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
        with:
          commit-message: Helm Chart updates
          signoff: true
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
        run: |
          sudo bash manual-install/update-yaml.sh
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
        with:
          commit-message: Yaml updates
          signoff: true
--- a/.github/workflows/watchtower-update.yml
+++ b/.github/workflows/watchtower-update.yml
@@ -26,7 +26,7 @@ jobs:
        sed -i "s|\$WATCHTOWER_COMMIT_HASH.*$|\$WATCHTOWER_COMMIT_HASH # $watchtower_version|" ./Containers/watchtower/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v7
+      uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
      with:
        token: ${{ secrets.GITHUB_TOKEN }}
        commit-message: watchtower-update automated change
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -1,202 +0,0 @@
-<!--
-SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
-# Authors
-
-All contributors to the Nextcloud All-in-One project. Thank you!
-
-<!-- Generated from git log -->
-
- -Denux <timon.klinkert@gmail.com>
- 41it <137164547+41it@users.noreply.github.com>
- Adam Monsen <haircut@gmail.com>
- Adrian Gebhart <adrian@pestotoast.de>
- AiroPi (Pierre) <47398145+AiroPi@users.noreply.github.com>
- Alan Savage <asavageiv@users.noreply.github.com>
- Alexander Hörl <alexander.horl2@live.de>
- Alexander Müller <28591861+alexanderdd@users.noreply.github.com>
- Alexander Piskun <bigcat88@icloud.com>
- Alison McCue <gh@maladroit.me>
- Andrey Borysenko <andrey18106x@gmail.com>
- Andy George <andygeorge@users.noreply.github.com>
- Anth0rx <pascal@dengconsult.systems>
- Anton Podlozny <47890723+apodl1@users.noreply.github.com>
- Anupam Kumar <kyteinsky@gmail.com>
- Anvil5465 <119350594+Anvil5465@users.noreply.github.com>
- Apoorv Parle <19315187+apparle@users.noreply.github.com>
- Arman The Parman <77603167+ArmanTheParman@users.noreply.github.com>
- Aytsuqi <141279848+Aytsuqi@users.noreply.github.com>
- BP <busta.pipes@gmail.com>
- Basti Qdoba <sebastian.chudoba@googlemail.com>
- Bastian <48765834+Cloudboom@users.noreply.github.com>
- Bastian Derigs <155444921+derigs@users.noreply.github.com>
- Ben Iofel <1713819+benwaffle@users.noreply.github.com>
- Benjamin Brahmer <info@b-brahmer.de>
- Braiden Psiuk <mail@braiden.dev>
- Brian Philipp <66728496+BR14Nx@users.noreply.github.com>
- Brouware <63195347+Brouware@users.noreply.github.com>
- Caio Barros <cgbarros@users.noreply.github.com>
- Copilot <198982749+Copilot@users.noreply.github.com>
- Daniel Calviño Sánchez <danxuliu@gmail.com>
- Daniel Hartmann <60435198+hartmann-daniel@users.noreply.github.com>
- David <142408439+LinuxSpielKind@users.noreply.github.com>
- David Bradette <87823519+DavidBradette@users.noreply.github.com>
- David Hund <david.hund@gmail.com>
- David Mehren <git@herrmehren.de>
- Dennis R <dennis@elsysweyr.com>
- Duvio <can2004kaya@gmail.com>
- Emil Marklund <emil@btlcomputing.com>
- Erwan Hervé <62173453+Erwan-loot@users.noreply.github.com>
- FaySmash <30392780+FaySmash@users.noreply.github.com>
- Felix Schäfer <felix@thegcat.net>
- Felix Stupp <felix.stupp@banananet.work>
- Fernando Ribeiro <fribeiro@fribeiro.org>
- Florian Latifi <mail@florian-latifi.at>
- Florian Wallner <asdf@walura.eu>
- Francesco Saltori <francescosaltori@gmail.com>
- FreDTV <70434961+Fred-DTV@users.noreply.github.com>
- Frederik Berg <fberg@posteo.de>
- Gerald Krause <gerald.d.krause@t-online.de>
- Gonçalo Pereira <goncalo_pereira@outlook.pt>
- Hannes Franke <hannes.franke@tu-dortmund.de>
- HedgeShot <HedgeShot@users.noreply.github.com>
- Hoang Pham <hoangmaths96@gmail.com>
- Ikko Eltociear Ashimine <eltociear@gmail.com>
- ItsQuadrus <quadrus.yt@gmail.com>
- JL102 <jordanlees@mailbox.org>
- JMarcosHP (Jehu Marcos Herrera Puentes) <jehuherrerap@hotmail.com>
- Jean-Yves <7360784+docjyJ@users.noreply.github.com>
- Jimmy Everling <jimmy@jimmyk.se>
- Jo <jonassauge@gmail.com>
- Joas Schilling <coding@schilljs.com>
- Joe Hanson <joe@veri.dev>
- John Molakvoæ <skjnldsv@protonmail.com>
- Jos Poortvliet <jospoortvliet@gmail.com>
- Joseph <jturnism@gmail.com>
- Josh <josh.t.richards@gmail.com>
- Joshua Hesketh <josh@hesketh.net.au>
- Julius Härtl <jus@bitgrid.net>
- Kai Biebel <38378574+seclution@users.noreply.github.com>
- Kain <26943220+kaincenteno@users.noreply.github.com>
- Kasim <kasim@rafique.co.uk>
- Killiane Letellier <killiane.letellier@mailo.com>
- Klaus15 <le_kluus@web.de>
- Lance <Gero3977@gmail.com>
- Lorenzo Marroccoli <lollo0296@gmail.com>
- Lorenzo Moscati <lorenzo@moscati.page>
- Lukas Reschke <lukas@statuscode.ch>
- Luotio <juha@luotio.net>
- ManOki <ManOki@users.noreply.github.com>
- Marc <github@wuast24.de>
- Marco Ambrosini <marcoambrosini@proton.me>
- Marius Quabeck <marius.quabeck@nextcloud.com>
- Martin Ligabue <martinligabue@gmail.com>
- Marvin von Papen <79196690+MarvvanPal@users.noreply.github.com>
- Maximilian Jakob Maag <maximilian.maag@outlook.de>
- Michael Keck <git@cr0ydon.com>
- Miguel Guthridge <hdsq@outlook.com.au>
- Mihai Coman <mihai.cmn@gmail.com>
- MondoGao <mondogao@gmail.com>
- Morrow Shore <97566823+MorrowShore@users.noreply.github.com>
- MrAn0nym <63542658+MrAn0nym@users.noreply.github.com>
- Mustapha Zorgati <15628173+mustaphazorgati@users.noreply.github.com>
- Nextcloud Team <contact@nextcloud.com>
- Nextcloud bot <bot@nextcloud.com>
- Nikolas Rimikis <25266387+Leptopoda@users.noreply.github.com>
- Nils K <24257556+septatrix@users.noreply.github.com>
- Oleksandr Piskun <oleksandr2088@icloud.com>
- Oleksii Zolotarevskyi <15846984+roundoutandabout@users.noreply.github.com>
- Olicorne (thiswillbeyourgithub) <26625900+thiswillbeyourgithub@users.noreply.github.com>
- Pablo Zmdl <pablo@nextcloud.com>
- Paul <devnoname120@gmail.com>
- Perlover <perlover@perlover.com>
- Peter van Dijk <peter@7bits.nl>
- Phil Mocek <pmocek-github@mocek.org>
- Philipp Fruck <dev@p-fruck.de>
- Pi-Farm <43029891+pi-farm@users.noreply.github.com>
- PreciousChicken <hello@preciouschicken.com>
- Prokop Schield <76836484+prokopschield@users.noreply.github.com>
- Quentin Lemeasle <quentinlemcode@gmail.com>
- Rahammetoela Toekiman <fusekai@outlook.com>
- Richard Steinmetz <richard@steinmetz.cloud>
- Robert Riemann <robert.riemann@edps.europa.eu>
- Robert Zilke <robert@zilke.dev>
- Ruben D. <ruben@winterrific.net>
- S1m <git@sgougeon.fr>
- Samuel Plumppu <6125097+Greenheart@users.noreply.github.com>
- Sergio Casero Hernández <soy@sergiocasero.es>
- Seth Deegan <jayandseth@gmail.com>
- Shantanu Tushar <shaan7in@gmail.com>
- Simon L. (szaimen) <szaimen@e.mail.de>
- SomeMichael <43578183+SomeMichael@users.noreply.github.com>
- Surfict <allexandre@itis.swiss>
- Syed Mishar Newaz <misharex.sezan@gmail.com>
- TheManchineel <37479927+TheManchineel@users.noreply.github.com>
- Thijs van der Woude <31108288+thijsvanderwoude@users.noreply.github.com>
- Thomas Lavocat <tlavocat@redhat.com>
- Thor Galle <thorgalle@gmail.com>
- Thorsten Schaefer <github@npath.de>
- Tim Diels <tim@diels.me>
- Tomas <16553087+michnovka@users.noreply.github.com>
- Tony F <goldstar611@hotmail.com>
- Valeriy Sotnikov <sotnikov.link@mail.ru>
- Varun Patil <varunpatil@ucla.edu>
- Verhoeckx <64807887+Verhoeckx@users.noreply.github.com>
- William Wong <46506352+tar-xz@users.noreply.github.com>
- Yannik Buerkle <mail@yannik-buerkle.de>
- Zakmaf <100925791+Zakmaf@users.noreply.github.com>
- Zhao Guangyu <62810902+ZhaoGY-N@users.noreply.github.com>
- Zoey <zoey@z0ey.de>
- Zxhir <98621617+Imzxhir@users.noreply.github.com>
- alexenica <alexenica@live.com>
- autoantwort <Leander.schulten@rwth-aachen.de>
- bentongxyz <60358804+bentongxyz@users.noreply.github.com>
- blu3acid <michael.muschner@mailbox.org>
- craigkh <74493036+craigkh@users.noreply.github.com>
- dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- derStephan <derStephan@users.noreply.github.com>
- derhagen <2806328+derhagen@users.noreply.github.com>
- dienteperro <dienteperro1207@yahoo.com>
- ernolf <raphael.gradenwitz@googlemail.com>
- esmith443 <119460913+esmith443@users.noreply.github.com>
- foegra <foegra@yahoo.com>
- gggeek <giunta.gaetano@gmail.com>
- grossamos <email@amosgross.com>
- hunhejj <hunhejj@gmail.com>
- iraklis10 <1414477+iraklis10@users.noreply.github.com>
- jameskimmel <17176225+jameskimmel@users.noreply.github.com>
- jr_blue_551 <johnrowe551@gmail.com>
- kri164 <52274164+kri164@users.noreply.github.com>
- kurt-mcrae <83569406+kurt-mcrae@users.noreply.github.com>
- lll <2844835+flll@users.noreply.github.com>
- marekschneider <marek@kms.onl>
- martin.mueller <martin.mueller@model-engineers.com>
- masterwoot <company+github.com@maganti.se>
- matiasdelellis <mati86dl@gmail.com>
- ncguk <inglenook@duck.com>
- nextcloud-command <nextcloud-command@users.noreply.github.com>
- ninoppp <101364396+ninoppp@users.noreply.github.com>
- notEvil <not_evil@rappold1.at>
- pailloM <56462552+pailloM@users.noreply.github.com>
- ph00lt0 <15004290+ph00lt0@users.noreply.github.com>
- ph818 <71797925+ph818@users.noreply.github.com>
- pun kyard <59349105+punkyard@users.noreply.github.com>
- roelofz <11368363+roelofz@users.noreply.github.com>
- roib20 <66280613+roib20@users.noreply.github.com>
- rugk <rugk+git@posteo.de>
- sjjh <2787214+sjjh@users.noreply.github.com>
- spatterlight <81454789+spatterIight@users.noreply.github.com>
- stefano99 <falchi.stefi@gmail.com>
- steffenmalisi <steffenmalisi@users.noreply.github.com>
- sunjam <sunjam@users.noreply.github.com>
- ten0hira <85587841+ten0hira@users.noreply.github.com>
- thigg <thigg@users.noreply.github.com>
- tofuwabohu <66644064+tofuwabohu@users.noreply.github.com>
- turtleinarock <s.senn14@gmail.com>
- tyleraharrison <tyleraharrison@gmail.com>
- wky0211 <46506352+wky0211@users.noreply.github.com>
- xis <xis@schowek.net>
- zybster <zybster@gmail.com>
- Álvaro Brey <alvaro.brey@nextcloud.com>
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,14 +1,7 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM alpine:3.23.4
+FROM alpine:3.23.3

 RUN set -ex; \
    apk upgrade --no-cache -a

-LABEL org.opencontainers.image.title="Alpine for Nextcloud AIO" \
-    org.opencontainers.image.description="Minimal Alpine Linux image for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+LABEL org.label-schema.vendor="Nextcloud"
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-{
 {
    auto_https disable_redirects

@@ -20,13 +17,8 @@
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
-        Strict-Transport-Security max-age=31536000;
-
-        -Server
-        -X-Powered-By
-        -Via
-    }
-
+    header -Server
+    header -X-Powered-By

    # Collabora
    route /browser/* {
@@ -73,6 +65,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req

    # Nextcloud
    route {
+        header Strict-Transport-Security max-age=31536000;
        reverse_proxy 127.0.0.1:8000
    }
    redir /.well-known/carddav /remote.php/dav/ 301
@@ -81,9 +74,6 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
    # TLS options
    tls {
        issuer acme {
-            # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
-            # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
-            disable_http_challenge
            disable_http_challenge
        }
    }
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,10 +1,8 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 FROM caddy:2.11.2-alpine AS caddy

 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.67-alpine3.23
+FROM httpd:2.4.66-alpine3.23

 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy

@@ -62,19 +60,6 @@ RUN set -ex; \
    grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
 # ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
    sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# Pin ThreadsPerChild so the value is deterministic regardless of the httpd base-image
-# defaults; 25 threads per process balances concurrency against per-process memory use.
-    sed -i 's|ThreadsPerChild.*|ThreadsPerChild 25|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# Start two server processes on boot to absorb the first requests without spawning
-# new processes on the critical path, while avoiding unnecessary memory overhead.
-    sed -i 's|StartServers.*|StartServers 2|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# Keep at least 25 idle threads (one full process worth) so traffic bursts can be
-# absorbed immediately without triggering new process creation.
-    sed -i 's|MinSpareThreads.*|MinSpareThreads 25|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# Retire idle threads above 50 to reclaim memory during quiet periods. 50 is the
-# minimum valid value (MinSpareThreads + ThreadsPerChild = 25 + 25) and is enough
-# to absorb typical bursts without respawning a new process.
-    sed -i 's|MaxSpareThreads.*|MaxSpareThreads 50|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
    \
    rm -rf /usr/local/apache2/conf/original /var/www; \
    mkdir -p /var/www; \
@@ -105,9 +90,4 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Apache and Caddy for Nextcloud AIO" \
-    org.opencontainers.image.description="Apache HTTP server with Caddy for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z 127.0.0.1 8000 || exit 1
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 Listen 8000
 <VirtualHost *:8000>
    ServerName localhost
@@ -10,35 +7,7 @@ Listen 8000
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
    ErrorLog /proc/self/fd/2
    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel ${AIO_LOG_LEVEL}
-
-    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
-    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
-    # which is especially expensive on TLS connections and noticeably slows down
-    # Nextcloud's login page and file manager that load dozens of resources at once.
-    KeepAlive On
-    # KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
-    # A short timeout frees Apache worker threads quickly so they are available
-    # for new requests; 5 s is long enough to cover the gap between requests
-    # that a browser issues while rendering a page (typically < 1 s), yet short
-    # enough to avoid holding threads open for idle or slow clients.
-    KeepAliveTimeout 5
-    # MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
-    # 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
-    # sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
-    # per sync cycle and routinely exceed 100 requests on a single connection.
-    # Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
-    # overhead. 500 gives sync clients enough headroom while still periodically
-    # recycling threads to contain per-process memory growth.
-    MaxKeepAliveRequests 500
-
-    # sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
-    # it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
-    # negating the compression configured below.  MMAP is also
-    # disabled because files can be replaced by Nextcloud at any time and mmap'd
-    # pages could serve stale data.
-    EnableSendfile Off
-    EnableMMAP Off
+    LogLevel warn

    # PHP match
    <FilesMatch "\.php$">
@@ -48,25 +17,20 @@ Listen 8000
    <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
    </Proxy>

-    # Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
-    # compression with reasonable CPU cost; the default of 0 barely compresses).
-    # Other plain-text files are already compressed by Nextcloud itself.
-    # No deflate fallback is needed: every browser that Nextcloud supports
-    # (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
-    # supports Brotli. Internet Explorer, the only browser that never gained
-    # Brotli support, was dropped by Nextcloud with NC15 (2019).
-    # Desktop and mobile sync clients never request JS/CSS/SVG assets.
+    # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
    <IfModule mod_brotli.c>
        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 4
+        BrotliCompressionQuality 0
    </IfModule>

    # Nextcloud dir
    DocumentRoot /var/www/html/
    <Directory /var/www/html/>
-        Options FollowSymLinks MultiViews
+        Options Indexes FollowSymLinks
        Require all granted
        AllowOverride All
+        Options FollowSymLinks MultiViews
+        Satisfy Any
        <IfModule mod_dav.c>
            Dav off
        </IfModule>
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -1,23 +1,10 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [ -z "$NC_DOMAIN" ]; then
    echo "NC_DOMAIN and NEXTCLOUD_HOST need to be provided. Exiting!"
    exit 1
 fi

-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    export SUPERVISORD_STDOUT=/dev/stdout
-else
-    export SUPERVISORD_STDOUT=NONE
-fi
-
 # Need write access to /mnt/data
 if ! [ -w /mnt/data ]; then
    echo "Cannot write to /mnt/data"
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -1,25 +1,23 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-[supervisord]
-nodaemon=true
-logfile=/var/log/supervisord/supervisord.log
-pidfile=/var/run/supervisord/supervisord.pid
-childlogdir=/var/log/supervisord/
-logfile_maxbytes=50MB                           
-logfile_backups=10                              
-loglevel=%(ENV_AIO_LOG_LEVEL)s
-
-[program:apache]
-# Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=apachectl -DFOREGROUND
-
-[program:caddy]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /tmp/Caddyfile
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:apache]
+# Stdout logging is disabled as otherwise the logs are spammed
+stdout_logfile=NONE
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apachectl -DFOREGROUND
+
+[program:caddy]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/bin/caddy run --config /tmp/Caddyfile
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,7 +1,5 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM alpine:3.23.4
+FROM alpine:3.23.3

 RUN set -ex; \
    \
@@ -27,10 +25,5 @@ USER root

 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Borgbackup for Nextcloud AIO" \
-    org.opencontainers.image.description="BorgBackup-based backup service for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 # Functions
 get_start_time(){
@@ -47,7 +40,7 @@ if [ -z "$BORG_REMOTE_REPO" ] && ! mountpoint -q "$MOUNT_DIR"; then
 fi

 # Check if repo is uninitialized
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg info > /dev/null; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
        echo "The repository is uninitialized or cannot connect to remote. Cannot perform check or restore."
    else
@@ -130,7 +123,7 @@ if [ "$BORG_MODE" = backup ]; then
    fi

    # Initialize the repository if can't get info from target
-    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+    if ! borg info > /dev/null; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            if [ -n "$BORG_REMOTE_REPO" ]; then
@@ -147,14 +140,14 @@ if [ "$BORG_MODE" = backup ]; then

        echo "Initializing repository..."
        NEW_REPOSITORY=1
-        if ! borg "$BORG_LOG_LEVEL_FLAG" init --encryption=repokey-blake2; then
+        if ! borg init --debug --encryption=repokey-blake2; then
            echo "Could not initialize borg repository."
            exit 1
        fi

        if [ -z "$BORG_REMOTE_REPO" ]; then
            # borg config only works for local repos; it's up to the remote to ensure the disk isn't full
-            borg "$BORG_LOG_LEVEL_FLAG" config :: additional_free_space 2G
+            borg config :: additional_free_space 2G

            # Fix too large Borg cache
            # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
@@ -163,7 +156,7 @@ if [ "$BORG_MODE" = backup ]; then
            touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
        fi

-        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+        if ! borg info > /dev/null; then
            echo "Borg can't get info from the repo it created. Something is wrong."
            exit 1
        fi
@@ -223,9 +216,9 @@ if [ "$BORG_MODE" = backup ]; then
    # Create the backup
    echo "Starting the backup..."
    get_start_time
-    if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
+    if ! borg create "${BORG_OPTS[@]}" "${BORG_INCLUDE[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
        echo "Deleting the failed backup archive..."
-        borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
        echo "You might want to check the backup integrity via the AIO interface."
        if [ "$NEW_REPOSITORY" = 1 ]; then
@@ -244,14 +237,14 @@ if [ "$BORG_MODE" = backup ]; then

    # Prune archives
    echo "Pruning the archives..."
-    if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi

    # Compact archives
    echo "Compacting the archives..."
-    if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
+    if ! borg compact; then
        echo "Failed to compact archives!"
        exit 1
    fi
@@ -268,19 +261,19 @@ if [ "$BORG_MODE" = backup ]; then
                fi
            done
            echo "Starting the backup for additional volumes..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+            if ! borg create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
-                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-docker-volumes"
+                borg delete --stats "::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
            echo "Pruning additional volumes..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
            echo "Compacting additional volumes..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
+            if ! borg compact; then
                echo "Failed to compact additional docker-volume archives!"
                exit 1
            fi
@@ -298,19 +291,19 @@ if [ "$BORG_MODE" = backup ]; then
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
            echo "Starting the backup for additional host mounts..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
-                borg "$BORG_LOG_LEVEL_FLAG" delete --stats "::$CURRENT_DATE-additional-host-mounts"
+                borg delete --stats "::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
            echo "Pruning additional host mounts..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
            echo "Compacting additional host mounts..."
-            if ! borg "$BORG_LOG_LEVEL_FLAG" compact; then
+            if ! borg compact; then
                echo "Failed to compact additional host-mount archives!"
                exit 1
            fi
@@ -392,7 +385,7 @@ if [ "$BORG_MODE" = restore ]; then

    if [ -z "$BORG_REMOTE_REPO" ]; then
        mkdir -p /tmp/borg
-        if ! borg "$BORG_LOG_LEVEL_FLAG" mount "::$SELECTED_ARCHIVE" /tmp/borg; then
+        if ! borg mount "::$SELECTED_ARCHIVE" /tmp/borg; then
            echo "Could not mount the backup!"
            exit 1
        fi
@@ -439,7 +432,7 @@ if [ "$BORG_MODE" = restore ]; then
        #
        # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
        cd /  # borg extract has no destination arg and extracts to CWD
-        if ! borg "$BORG_LOG_LEVEL_FLAG" extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
+        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
        then
            RESTORE_FAILED=1
            echo "Failed to extract backup archive."
@@ -471,7 +464,7 @@ if [ "$BORG_MODE" = restore ]; then
                    \) \
                    | LC_ALL=C sort \
                    | LC_ALL=C comm -23 - \
-                        <(borg "$BORG_LOG_LEVEL_FLAG" list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
+                        <(borg list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
                    > /tmp/local_files_not_in_backup
            then
                RESTORE_FAILED=1
@@ -559,7 +552,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg "$BORG_LOG_LEVEL_FLAG" check -v --verify-data; then
+    if ! borg check -v --verify-data; then
        echo "Some errors were found while checking the backup integrity!"
        echo "Check the AIO interface for advice on how to proceed now!"
        exit 1
@@ -577,7 +570,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then
    echo "Checking the backup integrity and repairing it..."

    # Perform the check-repair
-    if ! echo YES | borg "$BORG_LOG_LEVEL_FLAG" check -v --repair; then
+    if ! echo YES | borg check -v --repair; then
        echo "Some errors were found while checking and repairing the backup integrity!"
        exit 1
    fi
@@ -591,7 +584,7 @@ fi
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+        if ! borg info > /dev/null; then
            echo "Borg could not get info from the remote repo."
            echo "See the above borg info output for details."
            exit 1
@@ -612,12 +605,12 @@ if [ "$BORG_MODE" = test ]; then
        fi
    fi

-    if ! borg "$BORG_LOG_LEVEL_FLAG" list >/dev/null; then
+    if ! borg list >/dev/null; then
        echo "The entered path seems to be valid but could not open the backup archive."
        echo "Most likely the entered password was wrong so please adjust it accordingly!"
        exit 1
    else
-        if ! borg "$BORG_LOG_LEVEL_FLAG" list | grep "nextcloud-aio"; then
+        if ! borg list | grep "nextcloud-aio"; then
            echo "The backup archive does not contain a valid Nextcloud AIO backup."
            echo "Most likely was the archive not created via Nextcloud AIO."
            exit 1
@@ -630,7 +623,7 @@ fi

 if [ "$BORG_MODE" = list ]; then
    echo "Updating backup list..."
-    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+    if ! borg info > /dev/null; then
        echo "Could not update the backup list."
        exit 1
    fi
--- a/Containers/borgbackup/borg_excludes
+++ b/Containers/borgbackup/borg_excludes
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 # These patterns need to be kept in sync with rsync and find excludes in backupscript.sh,
 # which use a different syntax (patterns appear in 3 places in total)
 nextcloud_aio_volumes/nextcloud_aio_apache/caddy/
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -1,18 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-if [ "$AIO_LOG_LEVEL" = "warn" ]; then
-    BORG_LOG_LEVEL_FLAG="--warning"
-else
-    BORG_LOG_LEVEL_FLAG="--$AIO_LOG_LEVEL"
-fi
-export BORG_LOG_LEVEL_FLAG

 # Variables
 export MOUNT_DIR="/mnt/borgbackup"
@@ -62,7 +48,7 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"

 # Get a list of all available borg archives
-if borg "$BORG_LOG_LEVEL_FLAG" list &>/dev/null; then
+if borg list &>/dev/null; then
    borg list | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 else
    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,7 +1,5 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM alpine:3.23.4
+FROM alpine:3.23.3

 RUN set -ex; \
    apk upgrade --no-cache -a; \
@@ -15,15 +13,6 @@ RUN set -ex; \
    sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize 2000M|g" /etc/clamav/clamd.conf; \
 # StreamMaxLength must be synced with av_stream_max_length inside the Nextcloud files_antivirus plugin
    sed -i "s|#\?StreamMaxLength.*|StreamMaxLength 2000M|g" /etc/clamav/clamd.conf; \
-# By default clamd keeps the old signature database in RAM while loading the new one,
-# briefly doubling memory usage (~1 GB extra) during each freshclam update cycle.
-# Setting ConcurrentDatabaseReload to "no" makes clamd unload the old database first,
-# eliminating that transient peak and significantly reducing maximum RAM consumption.
-    sed -i "s|#\?ConcurrentDatabaseReload.*|ConcurrentDatabaseReload no|g" /etc/clamav/clamd.conf; \
-# The default thread pool is 10-12 threads, each reserving its own stack and scan buffers.
-# The Nextcloud antivirus plugin sends one file at a time, so 2 threads are sufficient
-# and avoids the idle per-thread memory overhead of the larger default pool.
-    sed -i "s|#\?MaxThreads.*|MaxThreads 2|g" /etc/clamav/clamd.conf; \
    sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
    sed -i "s|Example| |g" /etc/clamav/clamav-milter.conf; \
@@ -45,10 +34,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="ClamAV for Nextcloud AIO" \
-    org.opencontainers.image.description="ClamAV antivirus scanner for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
--- a/Containers/clamav/healthcheck.sh
+++ b/Containers/clamav/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [ "$(echo "PING" | nc 127.0.0.1 3310)" != "PONG" ]; then
 	echo "ERROR: Unable to contact server"
--- a/Containers/clamav/start.sh
+++ b/Containers/clamav/start.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-	set -x
-fi

 # Print out clamav version for compliance reasons
 clamscan --version
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -1,14 +1,12 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 [supervisord]
 nodaemon=true
+nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                              
-loglevel=%(ENV_AIO_LOG_LEVEL)s
+loglevel=error

 [program:freshclam]
 stdout_logfile=/dev/stdout
--- a/Containers/collabora-online/Dockerfile
+++ b/Containers/collabora-online/Dockerfile
@@ -1,6 +1,4 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 # From https://gitlab.collabora.com/collabora-online/docker
 # hadolint ignore=DL3007
 FROM registry.gitlab.collabora.com/collabora-online/docker:latest
@@ -15,9 +13,4 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Collabora Online for Nextcloud AIO" \
-    org.opencontainers.image.description="Collabora Online document editor from upstream for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/collabora-online/healthcheck.sh
+++ b/Containers/collabora-online/healthcheck.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-

 # Unfortunately, no curl and no nc is installed in the container 
 # and packages can also not be added as the package list is broken.
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,13 +1,10 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
 FROM collabora/code:25.04.9.4.1

 USER root
 ARG DEBIAN_FRONTEND=noninteractive

-COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

 USER 1001
@@ -15,11 +12,4 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Collabora for Nextcloud AIO" \
-    org.opencontainers.image.description="Collabora CODE document editor for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
-
-ENTRYPOINT ["/start.sh"]
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/collabora/healthcheck.sh
+++ b/Containers/collabora/healthcheck.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-

 # Unfortunately, no curl and no nc is installed in the container 
 # and packages can also not be added as the package list is broken.
--- a/Containers/collabora/start.sh
+++ b/Containers/collabora/start.sh
@@ -1,22 +0,0 @@
-#!/bin/bash
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-if [ "$AIO_LOG_LEVEL" = "warn" ]; then
-    COLLABORA_LOG_LEVEL="warning"
-elif [ "$AIO_LOG_LEVEL" = "info" ]; then
-    COLLABORA_LOG_LEVEL="notice"
-else
-    COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
-fi
-
-# Replace the hardcoded log level in extra_params with the translated one
-extra_params+=" --o:logging.level=$COLLABORA_LOG_LEVEL --o:logging.level_startup=$COLLABORA_LOG_LEVEL"
-export extra_params
-
-exec /start-collabora-online.sh "$@"
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,7 +1,5 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM haproxy:3.3.8-alpine
+FROM haproxy:3.3.6-alpine

 # hadolint ignore=DL3002
 USER root
@@ -22,9 +20,4 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Docker Socket Proxy for Nextcloud AIO" \
-    org.opencontainers.image.description="HAProxy-based Docker socket proxy for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 # Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg

 global
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
 nc -z 127.0.0.1 2375 || exit 1
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -1,11 +1,4 @@
 #!/bin/sh
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 # Only start container if nextcloud is accessible
 while ! nc -z "$NEXTCLOUD_HOST" 9001; do
@@ -25,8 +18,6 @@ else
    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
 fi
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-    set +x
-fi
+set +x

 haproxy -f /tmp/haproxy.cfg -db
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,7 +1,5 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM alpine:3.23.4
+FROM alpine:3.23.3
 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache bash lighttpd netcat-openbsd; \
@@ -21,9 +19,4 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Domain Check for Nextcloud AIO" \
-    org.opencontainers.image.description="Domain validation service for Nextcloud All-in-One setup" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/domaincheck/lighttpd.conf
+++ b/Containers/domaincheck/lighttpd.conf
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 server.document-root = "/var/www/domaincheck/" 

 server.port = env.APACHE_PORT
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [ -z "$INSTANCE_ID" ]; then
    echo "You need to provide an instance id."
@@ -21,20 +14,6 @@ fi
 CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf

-# shellcheck disable=SC2235
-if ([ "$AIO_LOG_LEVEL" = 'debug' ] || [ "$AIO_LOG_LEVEL" = 'info' ]) && ! grep -q debug.log-request-handling /etc/lighttpd/lighttpd.conf; then
-    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
-debug.log-request-handling = "enable"
-CONF_FILE
-fi
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ] && ! grep -q debug.log-request-header /etc/lighttpd/lighttpd.conf; then
-    cat << CONF_FILE >> /etc/lighttpd/lighttpd.conf
-debug.log-request-header = "enable"
-debug.log-response-header = "enable"
-CONF_FILE
-fi
-
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf

--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,34 +1,27 @@
-# syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-# Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:9.4.0
-
-USER root
-
-# hadolint ignore=DL3041
-RUN set -ex; \
-    \
-    microdnf update -y; \
-    microdnf install -y --setopt=tsflags=nodocs \
-        tzdata \
-    ; \
-    microdnf clean all;
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-USER 1000:0
-
-HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false" \
-    wud.watch="false" \
-    org.opencontainers.image.title="Full Text Search for Nextcloud AIO" \
-    org.opencontainers.image.description="Elasticsearch-based full-text search for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
-ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
-
-ENTRYPOINT ["/start.sh"]
+# syntax=docker/dockerfile:latest
+# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
+FROM elasticsearch:8.19.13
+
+USER root
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# hadolint ignore=DL3008
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get upgrade -y; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*;
+
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+USER 1000:0
+
+HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
+    org.label-schema.vendor="Nextcloud"
+ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"
--- a/Containers/fulltextsearch/healthcheck.sh
+++ b/Containers/fulltextsearch/healthcheck.sh
@@ -1,10 +1,3 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only

-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
+nc -z 127.0.0.1 9200 || exit 1
--- a/Containers/fulltextsearch/start.sh
+++ b/Containers/fulltextsearch/start.sh
@@ -1,12 +0,0 @@
-#!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
-
-exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,55 +1,47 @@
-# syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM golang:1.26.2-alpine3.23 AS go
-
+# syntax=docker/dockerfile:latest
+FROM golang:1.26.1-alpine3.23 AS go
+
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        vips-dev \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        build-base; \
-    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
-
-FROM alpine:3.23.4
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        tzdata \
-        ca-certificates \
-        netcat-openbsd \
-        vips \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        ttf-dejavu \
-        bash
-
-COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-ENV PORT=9000 \
-    AIO_LOG_LEVEL=warn
-
-USER 65534
-
-# https://github.com/h2non/imaginary#memory-issues
-ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false" \
-    wud.watch="false" \
-    org.opencontainers.image.title="Imaginary for Nextcloud AIO" \
-    org.opencontainers.image.description="High-performance image processing service for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        vips-dev \
+        vips-magick \
+        vips-heif \
+        vips-jxl \
+        vips-poppler \
+        build-base; \
+    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
+
+FROM alpine:3.23.3
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        tzdata \
+        ca-certificates \
+        netcat-openbsd \
+        vips \
+        vips-magick \
+        vips-heif \
+        vips-jxl \
+        vips-poppler \
+        ttf-dejavu \
+        bash
+
+COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+ENV PORT=9000
+
+USER 65534
+
+# https://github.com/h2non/imaginary#memory-issues
+ENV MALLOC_ARENA_MAX=2
+ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    wud.watch="false" \
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/imaginary/healthcheck.sh
+++ b/Containers/imaginary/healthcheck.sh
@@ -1,10 +1,3 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 nc -z 127.0.0.1 "$PORT" || exit 1
--- a/Containers/imaginary/start.sh
+++ b/Containers/imaginary/start.sh
@@ -1,29 +1,8 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
-    debug) printf 'info' ;;
-    info) printf 'info' ;;
-    warn) printf 'warning' ;;
-    error) printf 'error' ;;
-esac)"
-export GOLANG_LOG
-if [ "$AIO_LOG_LEVEL" = "debug" ]; then
-    export DEBUG='*'
-fi

 echo "Imaginary has started"
-
-IMAGINARY_ARGS=(-return-size -max-allowed-resolution 222.2)
-
-if [ -n "$IMAGINARY_SECRET" ]; then
-    IMAGINARY_ARGS+=(-key "$IMAGINARY_SECRET")
+if [ -z "$IMAGINARY_SECRET" ]; then
+    imaginary -return-size -max-allowed-resolution 222.2 "$@"
+else
+    imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
 fi
-
-exec imaginary "${IMAGINARY_ARGS[@]}" "$@"
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,8 +1,6 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 # Docker CLI is a requirement
-FROM docker:29.4.1-cli AS docker
+FROM docker:29.3.1-cli AS docker

 ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276

@@ -13,7 +11,7 @@ RUN set -ex; \
    /usr/bin/caddy list-modules

 # From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.5-fpm-alpine3.23
+FROM php:8.5.4-fpm-alpine3.23

 EXPOSE 80
 EXPOSE 8080
@@ -55,16 +53,6 @@ RUN set -ex; \
        build-base; \
    pecl install APCu-5.1.28; \
    docker-php-ext-enable apcu; \
-    { \
-        echo 'apc.shm_size=32M'; \
-    } >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
-    { \
-        echo 'opcache.enable=1'; \
-        echo 'opcache.memory_consumption=32'; \
-        echo 'opcache.interned_strings_buffer=8'; \
-        echo 'opcache.max_accelerated_files=4000'; \
-        echo 'opcache.validate_timestamps=0'; \
-    } > /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini; \
    rm -r /tmp/pear; \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
@@ -102,12 +90,7 @@ RUN set -ex; \
    mkdir /var/run/supervisord;

 # hadolint ignore=DL3048
-LABEL org.opencontainers.image.title="Nextcloud All-in-One Mastercontainer" \
-    org.opencontainers.image.description="Easy deployment and maintenance of a Nextcloud server with all dependencies and optional services" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md" \
+LABEL org.label-schema.vendor="Nextcloud" \
    wud.watch="false" \
    com.docker.compose.project="nextcloud-aio"

--- a/Containers/mastercontainer/README.md
+++ b/Containers/mastercontainer/README.md
@@ -1,8 +1,3 @@
-<!--
-SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
 # Nextcloud All-in-One `mastercontainer`

 This folder contains the OCI/Docker container definition, along with associated resources and
--- a/Containers/mastercontainer/acme.Caddyfile
+++ b/Containers/mastercontainer/acme.Caddyfile
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 {
 	admin off

@@ -36,9 +33,6 @@ http://:80 {
 }

 https://:8443 {
-    import headers.Caddyfile
-    header Strict-Transport-Security max-age=31536000;
-
 	@denied {
 		path /api/auth/login /api/auth/getlogin
 		remote_host nextcloud-aio-nextcloud
@@ -52,7 +46,6 @@ https://:8443 {
 	tls {
 		on_demand
 		issuer acme {
-            profile shortlived
 			disable_tlsalpn_challenge
 		}
 	}
--- a/Containers/mastercontainer/backup-time-file-watcher.sh
+++ b/Containers/mastercontainer/backup-time-file-watcher.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 restart_process() {
    echo "Restarting cron.sh because daily backup time was set, changed or unset."
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
@@ -24,9 +17,7 @@ while true; do
        else
            export SEND_SUCCESS_NOTIFICATIONS=0
        fi
-        if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-            set +x
-        fi
+        set +x
        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
            export LOCK_FILE_PRESENT=1
        else
@@ -68,9 +59,8 @@ while true; do
        sudo -E -u www-data docker container remove nextcloud-aio-domaincheck
    fi

-    # Remove dangling images (support both deprecated label-schema and OCI standard vendor label)
+    # Remove dangling images
    sudo -E -u www-data docker image prune --filter "label=org.label-schema.vendor=Nextcloud" --force
-    sudo -E -u www-data docker image prune --filter "label=org.opencontainers.image.vendor=Nextcloud" --force

    # Check for available free space
    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 echo "Daily backup script has started"

--- a/Containers/mastercontainer/headers.Caddyfile
+++ b/Containers/mastercontainer/headers.Caddyfile
@@ -1,34 +0,0 @@
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-header {
-    # CSP limits which features can be used. By default we allow nothing and only allow required options. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy
-    # default-src 'none'; Allow nothing by default
-    # script-src-elem/style-src-elem 'self'; Only allow loading css/js files from same origin (AIO itself) while blocking all inline css/js
-    # img-src 'self'; Only allow loading images from same origin (from AIO itself)
-    # connect-src 'self'; Allow fetch to only connect same origin (to AIO itself)
-    # frame-src 'self'; Allow AIO to only embed itself "what can be embedded"
-    # base-uri 'none'; This does not fallback to default-src, AIO does not use the html base tag
-    # form-action 'self'; Html forms are only allowed to submit to AIO and not cross origin
-    # frame-ancestors 'self'; Only allow AIO itself to embed it self "who can embed"
-    # upgrade-insecure-requests; Upgrade all http embedings to https
-    # require-trusted-types-for 'script'; trusted-types 'none'; Blocks DOM changes via js
-    Content-Security-Policy "default-src 'none'; script-src-elem 'self'; style-src-elem 'self'; img-src 'self'; connect-src 'self'; frame-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; require-trusted-types-for 'script'; trusted-types 'none';"
-    X-Content-Type-Options "nosniff" # This forces the browser to use the MIME type of the Content-Type header. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Content-Type-Options
-    X-Frame-Options "SAMEORIGIN" # Only allow AIO itself to embed itself, this is also enforced as part of the CSP frame-ancestors. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Frame-Options
-    X-Permitted-Cross-Domain-Policies "none" # We block all cross origin request, including ones from Adobe Acrobat or Microsoft Silverlight and Adobe Flash Player. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-Permitted-Cross-Domain-Policies
-    X-DNS-Prefetch-Control "off" # Tells the browser to not pre-fetch the DNS of linked pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control
-    Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
-    X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
-    Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
-
-    # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
-    Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
-
-    -Server
-    -X-Powered-By
-    -Via
-}
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
    nc -z 127.0.0.1 80 || exit 1
--- a/Containers/mastercontainer/internal.Caddyfile
+++ b/Containers/mastercontainer/internal.Caddyfile
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 {
 	admin off

@@ -27,8 +24,6 @@
 }

 https://:8080 {
-    import headers.Caddyfile
-
 	@denied {
 		path /api/auth/login /api/auth/getlogin
 		remote_host nextcloud-aio-nextcloud
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-

 deduplicate_sessions() {
    echo "Deleting duplicate sessions"
@@ -19,10 +16,6 @@ compare_times() {
    fi
 }

-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
 while true; do
    compare_times
    sleep 2
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-

 # Function to show text in green
 print_green() {
@@ -23,10 +20,6 @@ case "${1}" in
 esac
 }

-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
 # Check if running as root user
 if [ "$EUID" != "0" ]; then
    print_red "Container does not run as root user. This is not supported."
@@ -176,7 +169,7 @@ elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nex
    print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
    exit 1
-elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format '{{.Mounts}}' | grep -q " nextcloud_aio_mastercontainer "; then
+elif ! sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
    print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
    exit 1
@@ -319,42 +312,6 @@ if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
    print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
 The community containers get managed via the AIO interface now."
 fi
-if [ -n "$NEXTCLOUD_ENABLE_DRI_DEVICE" ]; then
-    print_red "The environmental variable NEXTCLOUD_ENABLE_DRI_DEVICE is deprecated. Please mount the /dev/dri device into the mastercontainer instead and remove NEXTCLOUD_ENABLE_DRI_DEVICE. It will then be set automatically."
-fi
-
-# Automatically enable the /dev/dri device if it is mounted into the mastercontainer
-if [ -d "/dev/dri" ]; then
-    export NEXTCLOUD_ENABLE_DRI_DEVICE="true"
-    if [ -e "/dev/dri/renderD128" ]; then
-        NEXTCLOUD_DRI_GID="$(stat -c '%g' /dev/dri/renderD128)"
-        export NEXTCLOUD_DRI_GID
-    else
-        export NEXTCLOUD_DRI_GID=""
-    fi
-else
-    if [ -z "$NEXTCLOUD_ENABLE_DRI_DEVICE" ]; then
-        # Force the unset of the env if it was not externally overwritten already
-        export NEXTCLOUD_ENABLE_DRI_DEVICE="false"
-    fi
-    export NEXTCLOUD_DRI_GID=""
-fi
-
-# Log level logics
-if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
-    print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
-It is set to '$AIO_LOG_LEVEL'".
-    exit 1
-fi
-if [ -z "$AIO_LOG_LEVEL" ]; then
-    export AIO_LOG_LEVEL="warn"
-fi
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    export SUPERVISORD_STDOUT=/dev/stdout
-else
-    export SUPERVISORD_STDOUT=NONE
-fi

 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
@@ -446,11 +403,5 @@ caddy fmt --overwrite /internal.Caddyfile
 # Fix caddy log 
 chmod 777 /root

-# Create Twig template cache directory (path must match TWIG_CACHE_PATH in php/public/index.php)
-mkdir -p /tmp/twig-cache
-rm -rf /tmp/twig-cache/*
-chown www-data:www-data /tmp/twig-cache
-chmod 770 /tmp/twig-cache
-
 # Start supervisord
 exec /usr/bin/supervisord -c /supervisord.conf
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
@@ -8,12 +5,12 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
-loglevel=%(ENV_AIO_LOG_LEVEL)s
+loglevel=error
 user=root

 [program:php-fpm]
 # Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
+stdout_logfile=NONE
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
@@ -61,7 +58,7 @@ user=root

 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs
-stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
-stderr_logfile=%(ENV_SUPERVISORD_STDOUT)s
+stdout_logfile=NONE
+stderr_logfile=NONE
 command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
 user=www-data
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,6 +1,4 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 FROM php:8.3.30-fpm-alpine3.23

 ENV PHP_MEMORY_LIMIT=512M
@@ -10,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0

 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.3
+ENV NEXTCLOUD_VERSION=32.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -116,18 +114,18 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/server_tuning.html#enable-php-opcache and below
    { \
-        echo 'opcache.max_accelerated_files=20000'; \
+        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=256'; \
        echo 'opcache.interned_strings_buffer=64'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    { \
        echo 'apc.enable_cli=1'; \
-        echo 'apc.shm_size=128M'; \
+        echo 'apc.shm_size=64M'; \
    } >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
    \
    { \
@@ -137,20 +135,14 @@ RUN set -ex; \
        echo 'max_execution_time=${PHP_MAX_TIME}'; \
        echo 'max_input_time=-1'; \
        echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
-        echo 'output_buffering=0'; \
-        echo 'realpath_cache_size=8M'; \
-        echo 'realpath_cache_ttl=600'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
    { \
        echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}&timeout=3.0&read_timeout=10.0"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:${REDIS_PORT}?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
        echo 'redis.session.locking_enabled = 1'; \
        echo 'redis.session.lock_retries = -1'; \
-        echo '; 100ms in microseconds - prevents timeout on long requests such as large file uploads'; \
-        echo 'redis.session.lock_wait_time = 100000'; \
-        echo '; prevents stale locks from crashed workers (seconds)'; \
-        echo 'redis.session.lock_expire = 60'; \
+        echo 'redis.session.lock_wait_time = 10000'; \
        echo 'session.gc_maxlifetime = 86400'; \
    } > /usr/local/etc/php/conf.d/redis-session.ini; \
    \
@@ -252,21 +244,6 @@ RUN set -ex; \
 # We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
 # Also children will usually be terminated again after the process is done due to the ondemand setting
    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
-# With pm = ondemand, workers are killed after pm.process_idle_timeout seconds
-# of inactivity.  The upstream default is 10 s, which is aggressive: after a
-# brief quiet period (e.g. desktop-sync clients polling every few seconds), all
-# workers are reaped and the next request burst must wait for fresh forks.  On
-# a loaded host that spawn latency can push Apache past its FastCGI timeout and
-# produce a 502.  300 s (5 min) keeps a warm pool through normal sync-client
-# polling cycles while still reclaiming memory during genuinely idle periods.
-    sed -i 's/^;*pm.process_idle_timeout\s*=.*/pm.process_idle_timeout = 300s/' /usr/local/etc/php-fpm.d/www.conf; \
-# Set request_terminate_timeout so that PHP-FPM forcibly kills workers that
-# exceed the wall-clock limit.  Without this (default = 0 = disabled) a worker
-# stuck on a slow DB query, a stalled Redis connection, or a hung syscall is
-# never reaped.  Over time these zombies fill up pm.max_children, leaving no
-# free slots for legitimate requests and causing Apache to return 502 Bad
-# Gateway upstream.
-    sed -i "s|^;*request_terminate_timeout = .*|request_terminate_timeout = \${PHP_MAX_TIME}|" /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
    \
    echo "[ -n \"\$TERM\" ] && [ -f /root.motd ] && cat /root.motd" >> /root/.bashrc; \
@@ -288,9 +265,4 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Nextcloud for Nextcloud AIO" \
-    org.opencontainers.image.description="Nextcloud server with all required PHP extensions for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/nextcloud/README.md
+++ b/Containers/nextcloud/README.md
@@ -1,8 +1,3 @@
-<!--
-SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-SPDX-License-Identifier: AGPL-3.0-only
-->
-
 # Nextcloud All-in-One ``nextcloud`` Container

 This folder contains the OCI/Docker container definition, along with associated resources and configuration files, for building the `nextcloud` container as part of the [Nextcloud All-in-One](https://github.com/nextcloud/all-in-one) project. This container hosts PHP and the Nextcloud Server application.
--- a/Containers/nextcloud/config/aio.config.php
+++ b/Containers/nextcloud/config/aio.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 $CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
--- a/Containers/nextcloud/config/apcu.config.php
+++ b/Containers/nextcloud/config/apcu.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 $CONFIG = array (
  'memcache.local' => '\OC\Memcache\APCu',
 );
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 $CONFIG = array (
  'apps_paths' => array (
      0 => array (
@@ -19,12 +16,6 @@ $CONFIG = array (
 if (getenv('APPS_ALLOWLIST')) {
    $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
 }
-
-$appStoreUrl = getenv('NEXTCLOUD_APP_STORE_URL');
-if ($appStoreUrl) {
-    if ($appStoreUrl === 'no') {
-        $CONFIG['appstoreenabled '] = false;
-    } else {
-        $CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL');
-    }
+if (getenv('NEXTCLOUD_APP_STORE_URL')) {
+    $CONFIG['appstoreurl'] = getenv('NEXTCLOUD_APP_STORE_URL');
 }
--- a/Containers/nextcloud/config/certificates-bundle.config.php
+++ b/Containers/nextcloud/config/certificates-bundle.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 // Check if NEXTCLOUD_TRUSTED_CERTIFICATES_ are configured
 if (str_contains(implode(' ', array_keys(getenv())), 'NEXTCLOUD_TRUSTED_CERTIFICATES_')) {
  $CONFIG['default_certificates_bundle_path'] = '/var/www/html/data/certificates/ca-bundle.crt';
--- a/Containers/nextcloud/config/postgres.config.php
+++ b/Containers/nextcloud/config/postgres.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2025 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_POSTGRES')) {
  $CONFIG = array(
    'pgsql_ssl' => array(
--- a/Containers/nextcloud/config/proxy.config.php
+++ b/Containers/nextcloud/config/proxy.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 if (getenv('HTTP_PROXY')) {
    $CONFIG['proxy'] = getenv('HTTP_PROXY');
 }
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 if (getenv('REDIS_MODE') !== 'rediscluster') {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
@@ -10,8 +7,6 @@ if (getenv('REDIS_MODE') !== 'rediscluster') {

  if (getenv('REDIS_HOST')) {
    $CONFIG['redis']['host'] = (string) getenv('REDIS_HOST');
-    $CONFIG['redis']['timeout'] = 3.0;
-    $CONFIG['redis']['read_timeout'] = 10.0;
  }

  if (getenv('REDIS_HOST_PASSWORD')) {
@@ -26,10 +21,6 @@ if (getenv('REDIS_MODE') !== 'rediscluster') {
    $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
  }

-  if (getenv('REDIS_PREFIX')) {
-    $CONFIG['redis']['memcache_customprefix'] = getenv('REDIS_PREFIX');
-  }
-
  if (getenv('REDIS_USER_AUTH')) {
    $CONFIG['redis']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
  }
@@ -67,10 +58,6 @@ if (getenv('REDIS_MODE') !== 'rediscluster') {
    $CONFIG['redis.cluster']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
  }

-  if (getenv('REDIS_PREFIX')) {
-    $CONFIG['redis.cluster']['memcache_customprefix'] = getenv('REDIS_PREFIX');
-  }
-
  if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_REDIS')) {
    $CONFIG['redis.cluster']['ssl_context']['cafile'] = '/var/www/html/data/certificates/ca-bundle.crt';
  }
--- a/Containers/nextcloud/config/reverse-proxy.config.php
+++ b/Containers/nextcloud/config/reverse-proxy.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -1,50 +1,47 @@
-<?php
-// SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'multibucket' => $multibucket === 'true',
-        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
-        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
-        'use_ssl' => strtolower($use_ssl) !== 'false',
-        // required for some non Amazon S3 implementations
-        'use_path_style' => strtolower($use_path) === 'true',
-        // required for older protocol versions
-        'legacy_auth' => strtolower($use_legacyauth) === 'true',
-        'use_nextcloud_bundle' => 1,
-      )
-    )
-  );
-
-  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  if ($sse_c_key) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
-  }
-
-  $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION');
-  if ($requestChecksumValidation) {
-    $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation;
-  }
-
-  $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION');
-  if ($responseChecksumValidation) {
-    $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation;
-  }
-}
+<?php
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $multibucket = getenv('OBJECTSTORE_S3_MULTIBUCKET');
+  $CONFIG = array(
+    'objectstore' => array(
+      'class' => '\OC\Files\ObjectStore\S3',
+      'arguments' => array(
+        'multibucket' => $multibucket === 'true',
+        'num_buckets' => (int)getenv('OBJECTSTORE_S3_NUM_BUCKETS') ?: 64,
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
+        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'autocreate' => strtolower($autocreate) !== 'false',
+        'use_ssl' => strtolower($use_ssl) !== 'false',
+        // required for some non Amazon S3 implementations
+        'use_path_style' => strtolower($use_path) === 'true',
+        // required for older protocol versions
+        'legacy_auth' => strtolower($use_legacyauth) === 'true',
+        'use_nextcloud_bundle' => 1,
+      )
+    )
+  );
+
+  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+  if ($sse_c_key) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
+  }
+
+  $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION');
+  if ($requestChecksumValidation) {
+    $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation;
+  }
+
+  $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION');
+  if ($responseChecksumValidation) {
+    $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation;
+  }
+}
--- a/Containers/nextcloud/config/server.config.php
+++ b/Containers/nextcloud/config/server.config.php
@@ -1,7 +0,0 @@
-<?php
-// SPDX-FileCopyrightText: 2026 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
-$CONFIG = array (
-  'serverid' => crc32(gethostname()) % 512,
-);
--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -1,7 +1,4 @@
 <?php
-// SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
--- a/Containers/nextcloud/config/swift.config.php
+++ b/Containers/nextcloud/config/swift.config.php
@@ -1,34 +1,31 @@
-<?php
-// SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-// SPDX-License-Identifier: AGPL-3.0-only
-
-if (getenv('OBJECTSTORE_SWIFT_URL')) {
-    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => [
-      'class' => 'OC\\Files\\ObjectStore\\Swift',
-      'arguments' => [
-        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
-        'user' => [
-          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
-          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
-          'domain' => [
-            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
-          ],
-        ],
-        'scope' => [
-          'project' => [
-            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
-            'domain' => [
-              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
-            ],
-          ],
-        ],
-        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
-        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
-        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
-        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
-      ]
-    ]
-  );
-}
+<?php
+if (getenv('OBJECTSTORE_SWIFT_URL')) {
+    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => [
+      'class' => 'OC\\Files\\ObjectStore\\Swift',
+      'arguments' => [
+        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
+        'user' => [
+          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
+          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
+          'domain' => [
+            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
+          ],
+        ],
+        'scope' => [
+          'project' => [
+            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
+            'domain' => [
+              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
+            ],
+          ],
+        ],
+        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
+        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
+        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
+        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
+      ]
+    ]
+  );
+}
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,12 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
 wait_for_cron() {
    set -x
    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-

 # version_greater A B returns whether A > B
 version_greater() {
@@ -13,10 +10,6 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }

-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
 run_upgrade_if_needed_due_to_app_update() {
    if php /var/www/html/occ status | grep maintenance | grep -q true; then
        php /var/www/html/occ maintenance:mode --off
@@ -27,14 +20,6 @@ run_upgrade_if_needed_due_to_app_update() {
    fi
 }

-NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
-    debug) printf '0' ;;
-    info) printf '1' ;;
-    warn) printf '2' ;;
-    error) printf '3' ;;
-esac)"
-export NEXTCLOUD_LOG_LEVEL
-
 # Create cert bundle
 if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then

@@ -90,9 +75,7 @@ if env | grep -q NEXTCLOUD_TRUSTED_CERTIFICATES_; then
    cat "$CERTIFICATE_BUNDLE"

    # Disable debug mode
-    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-        set +x
-    fi
+    set +x
 fi

 # Adjust DATABASE_TYPE to by Nextcloud supported value
@@ -132,11 +115,6 @@ rm -f "$test_file"
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-    if [ -z "$installed_version" ]; then
-        echo "Could not determine the installed Nextcloud version via php -r. The PHP installation might be broken."
-        echo "Please check the container logs and your PHP installation."
-        exit 1
-    fi
 else
    installed_version="0.0.0.0"
 fi
@@ -239,9 +217,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                if grep -q appstoreurl /var/www/html/config/config.php; then
                    set -x
                    APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
-                    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-                        set +x
-                    fi
+                    set +x
                fi
                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
@@ -308,9 +284,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                    "$SOURCE_LOCATION/custom_apps/" \
                    /var/www/html/custom_apps/
            done
-            if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-                set +x
-            fi
+            set +x
        fi

        # Copy these from Nextcloud archive if they don't exist yet (i.e. new install)
@@ -463,20 +437,12 @@ EOF
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
-            if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
-                php /var/www/html/occ config:system:set log_type --value="errorlog"
-                php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
-                php /var/www/html/occ app:disable logreader
-            else
-                php /var/www/html/occ config:system:set log_type --value="file"
-                php /var/www/html/occ config:system:set log_type_audit --value="file"
-                php /var/www/html/occ app:enable logreader
-                php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
-                php /var/www/html/occ config:system:set logfile_audit --value="/var/www/html/data/audit.log"
-            fi
+            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
+            php /var/www/html/occ config:system:set log_type --value="file"
+            php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
            php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer
            php /var/www/html/occ app:enable admin_audit
+            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
            php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"

            # Apply preview settings
@@ -674,18 +640,8 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
-php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
-if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
-    php /var/www/html/occ config:system:set log_type --value="errorlog"
-    php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
-    php /var/www/html/occ app:disable logreader
-else
-    php /var/www/html/occ config:system:set log_type --value="file"
-    php /var/www/html/occ config:system:set log_type_audit --value="file"
-    php /var/www/html/occ app:enable logreader
-    php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
-    php /var/www/html/occ config:system:set logfile_audit --value="/var/www/html/data/audit.log"
-fi
+php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
+php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 if [ -n "$NEXTCLOUD_SKELETON_DIRECTORY" ]; then
    if [ "$NEXTCLOUD_SKELETON_DIRECTORY" = "empty" ]; then
@@ -786,9 +742,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
        COLLABORA_HOST="$NC_DOMAIN"
    fi
-    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-        set +x
-    fi
+    set +x
    # Remove richdcoumentscode if it should be incorrectly installed
    if [ -d "/var/www/html/custom_apps/richdocumentscode" ]; then
        php /var/www/html/occ app:remove richdocumentscode
@@ -909,9 +863,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    if [ -z "$TURN_DOMAIN" ]; then
        TURN_DOMAIN="$TALK_HOST"
    fi
-    if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-        set +x
-    fi
+    set +x
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -919,20 +871,16 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update spreed
    fi
-    # Add turn server
-    # shellcheck disable=SC2153
-    if ! php /var/www/html/occ talk:turn:list --output="plain" | grep server | grep -q " $TURN_DOMAIN:$TALK_PORT"; then
+    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
+    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
+        # shellcheck disable=SC2153
        php /var/www/html/occ talk:turn:add turn "$TURN_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
    fi
-    # Add stun server
    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
-    if ! echo "$STUN_SERVER" | grep -q " $TURN_DOMAIN:$TALK_PORT"; then
-        php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
-    fi
    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+        php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
    fi
-    # Add HPB
    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then
        php /var/www/html/occ talk:signaling:add "https://$TALK_HOST$HPB_PATH" "$SIGNALING_SECRET" --verify
    fi
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if [[ "$EUID" = 0 ]]; then
    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 # Wait until the apache container is ready
 while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 # Set a default value for POSTGRES_PORT
 if [ -z "$POSTGRES_PORT" ]; then
@@ -32,7 +25,7 @@ fi
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
    sleep 2
-    while ! sudo -E -u www-data env PGPASSWORD="$POSTGRES_PASSWORD" psql -h "$POSTGRES_HOST" -p "$POSTGRES_PORT" -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -E -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
        echo "Waiting for the database to start..."
        sleep 5
    done
@@ -60,9 +53,7 @@ if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindept
    usermod -aG "$GROUP" www-data
    touch "/dev-dri-group-was-added"
 fi
-if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-    set +x
-fi
+set +x

 # Check datadir permissions
 sudo -E -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
@@ -179,8 +170,6 @@ if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
 fi
-if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
-    set +x
-fi
+set +x

 exec "$@"
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -1,6 +1,3 @@
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
 # From https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm/supervisord.conf
 [supervisord]
 nodaemon=true
@@ -9,7 +6,7 @@ pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
-loglevel=%(ENV_AIO_LOG_LEVEL)s
+loglevel=error
 user=root

 [program:php-fpm]
@@ -28,14 +25,6 @@ stderr_logfile_maxbytes=0
 command=/cron.sh
 user=www-data

-[program:taskprocessing-worker]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=php /var/www/html/occ taskprocessing:worker --timeout 300
-user=www-data
-
 [program:run-exec-commands]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,7 +1,5 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-FROM alpine:3.23.4
+FROM alpine:3.23.3

 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
@@ -25,9 +23,4 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="Notify Push for Nextcloud AIO" \
-    org.opencontainers.image.description="Nextcloud notify_push high-performance backend for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/notify-push/healthcheck.sh
+++ b/Containers/notify-push/healthcheck.sh
@@ -1,11 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 if ! nc -z "$NEXTCLOUD_HOST" 9001; then
    exit 0
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -1,13 +1,4 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
-export RUST_LOG="$AIO_LOG_LEVEL"

 if [ -z "$NEXTCLOUD_HOST" ]; then
    echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
@@ -48,6 +39,8 @@ fi
 echo "notify-push was started"

 # Run it
-exec /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
+/var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
    --port 7867 \
    /var/www/html/config/config.php
+
+exec "$@"
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,4 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
 FROM onlyoffice/documentserver:9.3.1.2

@@ -11,9 +9,4 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="OnlyOffice for Nextcloud AIO" \
-    org.opencontainers.image.description="OnlyOffice Document Server for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/onlyoffice/healthcheck.sh
+++ b/Containers/onlyoffice/healthcheck.sh
@@ -1,10 +1,3 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 nc -z 127.0.0.1 80 || exit 1
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,10 +1,6 @@
 # syntax=docker/dockerfile:latest
-# SPDX-FileCopyrightText: 2021 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-# From https://github.com/docker-library/postgres/blob/master/18/alpine3.23/Dockerfile
-FROM postgres:18.3-alpine
-
-ENV PGDATA=/var/lib/postgresql/data
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
+FROM postgres:17.9-alpine

 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
@@ -16,7 +12,6 @@ RUN set -ex; \
        bash \
        openssl \
        shadow \
-        netcat-openbsd \
        grep; \
    \
 # We need to use the same gid and uid as on old installations
@@ -27,7 +22,6 @@ RUN set -ex; \
    apk del --no-cache shadow; \
    \
 # Fix default permissions
-    mkdir -p /var/lib/postgresql/data; \
    chown -R postgres:postgres /var/lib/postgresql; \
    chown -R postgres:postgres /var/run/postgresql; \
    chmod -R 777 /var/run/postgresql; \
@@ -51,9 +45,4 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
-    org.opencontainers.image.title="PostgreSQL for Nextcloud AIO" \
-    org.opencontainers.image.description="PostgreSQL database for Nextcloud All-in-One" \
-    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
-    org.opencontainers.image.vendor="Nextcloud" \
-    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
+    org.label-schema.vendor="Nextcloud"
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -1,17 +1,7 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2023 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi

 test -f "/mnt/data/backup-is-running" && exit 0

-# If database import is running, do not continue with the health check
-if nc -z 127.0.0.1 11000; then
-    exit 0
-fi
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()" && exit 0

-PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,19 +1,10 @@
 #!/bin/bash
-# SPDX-FileCopyrightText: 2022 Nextcloud GmbH <https://nextcloud.com>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-
-if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
-    set -x
-fi
-
 set -ex

 touch "$DUMP_DIR/initialization.failed"

-psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" \
-	-v "pg_new_password=$POSTGRES_PASSWORD" <<-EOSQL
-	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD :'pg_new_password' CREATEDB;
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 	GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "oc_$POSTGRES_USER";
 	GRANT ALL PRIVILEGES ON SCHEMA public TO "oc_$POSTGRES_USER";
--- a/Show More
+++ b/Show More