fix: prevent mastercontainer race condition and add AIO_LOG_LEVEL defaults in container scripts

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/1b34e6db-7e7c-426e-addf-cce3ef7c5944

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

.editorconfig

@@ -1,20 +0,0 @@
-# https://editorconfig.org
-
-# Tip: to find files violating the rules set out here, run `docker run --rm --volume=$PWD:/check mstruebing/editorconfig-checker`
-
-root = true
-
-[*]
-charset = utf-8
-end_of_line = lf
-indent_size = 4
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.yaml]
-indent_size = 2
-
-
-[*.yml]
-indent_size = 2

.github/workflows/helm-release.yml

@@ -10,9 +10,6 @@ on:
 
 jobs:
   release:
-    # Do not run this workflow on forked repositories, as they might not have the `gh-pages` branch created, or might
-    # want to use it for other purposes than publishing helm charts
-    if: github.repository == 'nextcloud/all-in-one'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout

Containers/apache/nextcloud.conf

@@ -9,6 +9,34 @@ Listen 8000
     ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
     LogLevel ${AIO_LOG_LEVEL}
 
+    # KeepAlive On: allow the same TCP connection to carry multiple HTTP requests.
+    # Without this each asset (JS, CSS, image) would require a full TCP handshake,
+    # which is especially expensive on TLS connections and noticeably slows down
+    # Nextcloud's login page and file manager that load dozens of resources at once.
+    KeepAlive On
+    # KeepAliveTimeout: close an idle keep-alive connection after 5 seconds.
+    # A short timeout frees Apache worker threads quickly so they are available
+    # for new requests; 5 s is long enough to cover the gap between requests
+    # that a browser issues while rendering a page (typically < 1 s), yet short
+    # enough to avoid holding threads open for idle or slow clients.
+    KeepAliveTimeout 5
+    # MaxKeepAliveRequests: allow at most 500 requests per persistent connection.
+    # 100 (the Apache default) is too low for Nextcloud: the desktop and mobile
+    # sync clients issue many small API calls (PROPFIND, GET, PUT, checksums …)
+    # per sync cycle and routinely exceed 100 requests on a single connection.
+    # Hitting the limit forces a new TCP/TLS handshake, adding latency and CPU
+    # overhead. 500 gives sync clients enough headroom while still periodically
+    # recycling threads to contain per-process memory growth.
+    MaxKeepAliveRequests 500
+
+    # sendfile(2) is disabled because it bypasses Apache's output-filter chain: with
+    # it enabled, mod_brotli is silently skipped for static files (JS, CSS, SVG),
+    # negating the compression configured below.  MMAP is also
+    # disabled because files can be replaced by Nextcloud at any time and mmap'd
+    # pages could serve stale data.
+    EnableSendfile Off
+    EnableMMAP Off
+
     # PHP match
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
@@ -17,12 +45,17 @@ Listen 8000
     <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
     </Proxy>
 
-    # Compress JS, CSS and SVG responses with Brotli.
+    # Compress JS, CSS and SVG responses with Brotli (quality 4 gives good
+    # compression with reasonable CPU cost; the default of 0 barely compresses).
     # Other plain-text files are already compressed by Nextcloud itself.
+    # No deflate fallback is needed: every browser that Nextcloud supports
+    # (Chrome 49+, Firefox 44+, Safari 11+, Edge 15+ — all from 2016-2017)
+    # supports Brotli. Internet Explorer, the only browser that never gained
+    # Brotli support, was dropped by Nextcloud with NC15 (2019).
     # Desktop and mobile sync clients never request JS/CSS/SVG assets.
     <IfModule mod_brotli.c>
         AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 0
+        BrotliCompressionQuality 4
     </IfModule>
 
     # Nextcloud dir

Containers/apache/supervisord.conf

@@ -12,7 +12,7 @@ loglevel=%(ENV_AIO_LOG_LEVEL)s
 stdout_logfile=%(ENV_SUPERVISORD_STDOUT)s
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=httpd -DFOREGROUND
+command=apachectl -DFOREGROUND
 
 [program:caddy]
 stdout_logfile=/dev/stdout

Containers/borgbackup/Dockerfile

@@ -31,5 +31,4 @@ LABEL com.centurylinklabs.watchtower.enable="false" \
     org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
     org.opencontainers.image.vendor="Nextcloud" \
     org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
-ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6" \
-    AIO_LOG_LEVEL="warn"
+ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"

Containers/borgbackup/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     BORG_LOG_LEVEL_FLAG="--warning"
 else

Containers/collabora/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     COLLABORA_LOG_LEVEL="warning"
 elif [ "$AIO_LOG_LEVEL" = "info" ]; then

Containers/fulltextsearch/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 ELASTIC_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 
 exec env "logger.level=$ELASTIC_LOG_LEVEL" /usr/local/bin/docker-entrypoint.sh "$@"

Containers/imaginary/start.sh

@@ -4,11 +4,15 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 GOLANG_LOG="$(case "$AIO_LOG_LEVEL" in
     debug) printf 'info' ;;
     info) printf 'info' ;;
     warn) printf 'warning' ;;
     error) printf 'error' ;;
+    *) printf 'warning' ;;
 esac)"
 export GOLANG_LOG
 if [ "$AIO_LOG_LEVEL" = "debug" ]; then

Containers/mastercontainer/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.5.2-cli AS docker
+FROM docker:29.4.3-cli AS docker
 
 ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
 

Containers/mastercontainer/daily-backup.sh

@@ -59,6 +59,15 @@ fi
 
 # Wait for watchtower to stop
 if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    # Give Docker time to register the container as running before checking for it.
+    # Without this, there is a race condition where the check below runs before watchtower
+    # appears in `docker ps`, causing the script to skip the wait and continue with
+    # the potentially outdated mastercontainer code while watchtower is still updating it.
+    count=0
+    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$" && [ "$count" -lt 12 ]; do
+        sleep 5
+        count=$((count + 1))
+    done
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
         echo "Something seems to be wrong: Watchtower should be started at this step."
     fi

Containers/mastercontainer/supervisord.conf

@@ -54,7 +54,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
-user=www-data
+user=root
 
 [program:domain-validator]
 # Logging is disabled as otherwise all attempts will be logged which spams the logs

Containers/nextcloud/config/server.config.php

@@ -1,4 +1,4 @@
 <?php
 $CONFIG = array (
-  'serverid' => hexdec(hash('xxh32', gethostname())) & 0x1FF,
+  'serverid' => crc32(gethostname()) % 512,
 );

Containers/nextcloud/entrypoint.sh

@@ -14,6 +14,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 run_upgrade_if_needed_due_to_app_update() {
     if php /var/www/html/occ status | grep maintenance | grep -q true; then
         php /var/www/html/occ maintenance:mode --off
@@ -29,6 +32,7 @@ NEXTCLOUD_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     info) printf '1' ;;
     warn) printf '2' ;;
     error) printf '3' ;;
+    *) printf '2' ;;
 esac)"
 export NEXTCLOUD_LOG_LEVEL
 

Containers/notify-push/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 export RUST_LOG="$AIO_LOG_LEVEL"
 
 if [ -z "$NEXTCLOUD_HOST" ]; then
@@ -28,7 +31,7 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
 fi
 
 # Add warning
-if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] && ! [ -f /var/www/html/apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
+if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     echo "The notify_push binary was not found."
     echo "Most likely is DNS resolution not working correctly."
     echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
@@ -42,24 +45,9 @@ if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ] &&
     exit 1
 fi
 
-# Logic for ipv6 disabled servers
-BIND="::"
-if grep -q "1" /sys/module/ipv6/parameters/disable \
-|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
-|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
-    BIND="0.0.0.0"
-fi
-export BIND
-
 echo "notify-push was started"
 
-
-if [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
-    PUSH_PATH="/var/www/html/custom_apps/notify_push/bin/$CPU_ARCH/notify_push"
-else
-    PUSH_PATH="/var/www/html/apps/notify_push/bin/$CPU_ARCH/notify_push"
-fi
 # Run it
-exec "$PUSH_PATH" \
+exec /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
     --port 7867 \
     /var/www/html/config/config.php

Containers/postgresql/start.sh

@@ -4,11 +4,15 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 POSTGRES_LOG_MIN_MESSAGES="$(case "$AIO_LOG_LEVEL" in
     debug) printf 'debug1' ;;
     info) printf 'info' ;;
     warn) printf 'warning' ;;
     error) printf 'error' ;;
+    *) printf 'warning' ;;
 esac)"
 export POSTGRES_LOG_MIN_MESSAGES
 

Containers/redis/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 # Redis only supports [debug, verbose, notice, warning, nothing] as log level
 if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
     REDIS_LOG_LEVEL="warning"

Containers/talk-recording/Dockerfile

@@ -35,9 +35,6 @@ RUN set -ex; \
         build-base \
         linux-headers \
         geckodriver; \
-    if [ "$(apk --print-arch)" = "x86_64" ]; then \
-        apk add --no-cache intel-media-driver; \
-    fi; \
     useradd -d /tmp --system recording -u 122; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \

Containers/talk-recording/start.sh

@@ -4,11 +4,15 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 TALK_RECORDING_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     debug) printf '10' ;;
     info) printf '20' ;;
     warn) printf '30' ;;
     error) printf '40' ;;
+    *) printf '30' ;;
 esac)"
 export TALK_RECORDING_LOG_LEVEL
 

Containers/talk/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.14.1-scratch AS nats
+FROM nats:2.14.0-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus

Containers/talk/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     ETURNAL_LOG_LEVEL="warning"
 else
@@ -15,6 +18,7 @@ JANUS_LOG_LEVEL="$(case "$AIO_LOG_LEVEL" in
     info) printf '4' ;;
     warn) printf '3' ;;
     error) printf '1' ;;
+    *) printf '3' ;;
 esac)"
 export JANUS_LOG_LEVEL
 

Containers/watchtower/Dockerfile

@@ -22,8 +22,6 @@ COPY --chmod=775 start.sh /start.sh
 # hadolint ignore=DL3002
 USER root
 
-ENV AIO_LOG_LEVEL="warn"
-
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
     wud.watch="false" \

Containers/watchtower/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 # Check if socket is available and readable
 if ! [ -e "/var/run/docker.sock" ]; then
     echo "Docker socket is not available. Cannot continue."

Containers/whiteboard/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.8
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7
 
 USER root
 RUN set -ex; \

Containers/whiteboard/start.sh

@@ -4,6 +4,9 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
+# Defensive default: ensure AIO_LOG_LEVEL is never empty so log-level mappings below always resolve correctly
+AIO_LOG_LEVEL="${AIO_LOG_LEVEL:-warn}"
+
 export LOG_LEVEL="$AIO_LOG_LEVEL"
 
 # Only start container if nextcloud is accessible

app/.editorconfig

@@ -1,12 +1,19 @@
 # https://editorconfig.org
 
-# note: the files in ./composer actually use 4 spaces instead of tabs
-
 root = true
 
 [*]
 charset = utf-8
 end_of_line = lf
+indent_size = 4
 indent_style = tab
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+[*.feature]
+indent_size = 2
+indent_style = space
+
+[*.yml]
+indent_size = 2
+indent_style = space

app/readme.md

@@ -1,10 +1,7 @@
-# AIO app for Nextcloud
-
-This folder contains a Nextcloud app, which will be automatically installed within the Nextcloud instance.
-It adds a link to the admin settings page that gives access to the AIO interface.
-
 ## How to develop the app?
 
-Please note that in order to check if an app is already downloaded Nextcloud will look for a folder with the same name as the app.
+Please note that in order to check if an app is already downloaded
+Nextcloud will look for a folder with the same name as the app.
 
-Therefore you need to add the app to one of the app directories naming the directory `nextcloud-aio`.
+Therefore you need to add the app to one of the app directories
+naming the directory `nextcloud-aio`.

community-containers/borgbackup-viewer/readme.md

@@ -1,5 +1,5 @@
 ## Borgbackup Viewer
-This container allows to view the local borg backups repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
+This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
 
 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
@@ -14,3 +14,4 @@ https://github.com/szaimen/aio-borgbackup-viewer
 
 ### Maintainer
 https://github.com/szaimen
+

community-containers/caddy/readme.md

@@ -1,13 +1,5 @@
 ## Caddy with geoblocking
-This container bundles [caddy](https://caddyserver.com/) and auto-configures it for you as a reverse proxy. 
-It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. 
-It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. 
-It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. 
-It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. 
-It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. 
-It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. 
-It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. 
-It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!

community-containers/calcardbackup/readme.md

@@ -1,5 +1,5 @@
 ## calcardbackup  
-This container packages [calcardbackup](https://codeberg.org/BernieO/calcardbackup), a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
+This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
   
 ### Notes  
 - Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
@@ -12,3 +12,4 @@ https://github.com/waja/docker-calcardbackup
 
 ### Maintainer
 https://github.com/pailloM
+  

community-containers/container-management/readme.md

@@ -1,11 +1,11 @@
 ## Container-Management
-This container allows to manage other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
+This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
 
 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5804` in order to log in with the user `container-management` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There you can use any docker command. ⚠️ Be very carefully while doing that as can break your instance!
-- There are also some pre-made scripts that make configuring some community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
-- ⚠️ After you are done doing your operations, remove the container from the stack for better security: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- There are also some pre-made scripts that make configuring some of the community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

community-containers/dlna/readme.md

@@ -1,8 +1,8 @@
 ## DLNA server
-This container bundles a DLNA multimedia streaming server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
+This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
 
 ### Notes
-- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on public servers.
+- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
 - If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
@@ -11,3 +11,4 @@ https://github.com/thanek/nextcloud-dlna
 
 ### Maintainer
 https://github.com/thanek
+

community-containers/facerecognition/readme.md

@@ -1,5 +1,5 @@
 ## Facerecognition
-This container bundles a basic facial recognition system and auto-configures it for you.
+This container bundles the external model of facerecognition and auto-configures it for you.
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.

community-containers/fail2ban/readme.md

@@ -1,6 +1,5 @@
 ## Fail2ban
-This container bundles [fail2ban](https://github.com/fail2ban/fail2ban) and auto-configures it for you in order to block ip-addresses automatically.
-It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.

community-containers/glances/readme.md

@@ -1,5 +1,5 @@
 ## Glances
-This container starts [Glances](https://nicolargo.github.io/glances/), a web-based system monitoring dashboard, and auto-configures it for you.
+This container starts Glances, a web-based info-board, and auto-configures it for you.
 
 > [!CAUTION]
 > This container mounts the docker-socket from the host-system.

community-containers/home-assistant/readme.md

@@ -1,13 +1,11 @@
 ## Home Assistant
-This container bundles [Home Assistant](https://www.home-assistant.io/) and auto-configures it for you.
+This container bundles Home Assistant and auto-configures it for you.
 
 ### Notes
 - This container should only be run in home networks since Home Assistant is designed for local home automation.
 - After adding and starting the container, you can visit `http://ip.address.of.this.server:8123` in order to set up your Home Assistant instance.
 - The data of Home Assistant will be automatically included in AIOs backup solution!
 - In order to access your Home Assistant outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
-- And to allow the traffic from the reverse proxy to be accepted by Home Assistant, follow [these instructions](https://www.home-assistant.io/integrations/http/#reverse-proxies) from the Home Assistant documentation. 
-- Or, to use the Caddy with geoblocking community container, follow the following instruction to add your own Caddyfile, to use it for Home Assistant: https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy#notes
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

community-containers/jellyfin/readme.md

@@ -1,5 +1,5 @@
 ## Jellyfin
-This container bundles [Jellyfin](https://jellyfin.org/) and auto-configures it for you.
+This container bundles Jellyfin and auto-configures it for you.
 
 ### Notes
 - This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!

community-containers/jellyseerr/readme.md

@@ -1,5 +1,5 @@
 ## Seerr
-This container bundles [Seerr](https://seerr.dev/) request management and media discovery tool and auto-configures it for you.
+This container bundles Seerr and auto-configures it for you.
 
 ### Notes
 - **Migration from Jellyseerr**: Jellyseer previously ran as the root user. With the migration to Seerr, the container now runs rootless with userid 1000, meaning that if you previously used Jellyseerr, Seerr will not be able to access the config files generated by the old Jellyseerr container. To migrate, execute the following steps: 1. stop all containers using the AIO-interface, 2. run `sudo docker run --rm -v nextcloud_aio_jellyseerr:/data alpine chown -R 1000:1000 /data`

community-containers/languagetool/readme.md

@@ -1,5 +1,5 @@
 ## LanguageTool for Nextcloud Office
-This container bundles [LanguageTool](https://github.com/languagetool-org/languagetool) for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
+This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
 
 ### Notes
 - Make sure to have Nextcloud Office enabled via the AIO interface

community-containers/libretranslate/readme.md

@@ -1,5 +1,5 @@
 ## LibreTranslate
-This container bundles [LibreTranslate](https://github.com/LibreTranslate/LibreTranslate) and auto-configures it for you.
+This container bundles LibreTranslate and auto-configures it for you.
 
 > [!WARNING]
 > The LibreTranslate container and app is deprecated!

community-containers/lldap/lldap.json

@@ -4,8 +4,8 @@
       "container_name": "nextcloud-aio-lldap",
       "display_name": "Light LDAP implementation",
       "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
-      "image": "ghcr.io/lldap/lldap",
-      "image_tag": "latest-alpine",
+      "image": "lldap/lldap",
+      "image_tag": "v0-alpine",
       "internal_port": "17170",
       "restart": "unless-stopped",
       "ports": [

community-containers/lldap/readme.md

@@ -1,5 +1,5 @@
 ## Light LDAP server
-This container bundles an [LLDAP](https://github.com/lldap/lldap) LDAP server and auto-configures your Nextcloud instance for you.
+This container bundles LLDAP server and auto-configures your Nextcloud instance for you.
 
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.

community-containers/local-ai/readme.md

@@ -1,5 +1,5 @@
 ## Local AI
-This container bundles [Local AI](https://localai.io/) and auto-configures it for you. It support hardware acceleration with Vulkan.
+This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan.
 
 ### Notes
 Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback!

community-containers/makemkv/readme.md

@@ -1,5 +1,5 @@
 ## MakeMKV
-This container bundles the [MakeMKV](https://www.makemkv.com/) video converter and auto-configures it for you.
+This container bundles MakeMKV and auto-configures it for you.
 
 ### Notes
 - This container should only be run in home networks

community-containers/minio/readme.md

@@ -1,8 +1,5 @@
 ## Minio
-This container bundles [minio](https://github.com/minio/minio) s3 storage and auto-configures it for you.
-
-> [!CAUTION]
-> The Minio upstream project is no longer maintained. The container should still work in its current form...
+This container bundles minio s3 storage and auto-configures it for you.
 
 >[!WARNING]
 > Enabling this container will remove access to all the files formerly written to the data directory.

community-containers/nocodb/readme.md

@@ -14,7 +14,7 @@
 > - See more here https://github.com/nextcloud/tables/issues/103 
 
 ## NocoDb server
-This container bundles [NocoDb](https://github.com/nocodb/nocodb), an online no-code database solution, without synchronization with Nextcloud.
+This container bundles NocoDb without synchronization with Nextcloud.
 
 This is an alternative of **Airtable**.
 

community-containers/npmplus/readme.md

@@ -1,5 +1,5 @@
 ## NPMplus
-This container contains a fork of [Nginx Proxy Manager](https://nginxproxymanager.com/), which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
+This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
 
 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!

community-containers/pi-hole/readme.md

@@ -1,5 +1,5 @@
 ## Pi-hole
-This container bundles the [pi-hole](https://pi-hole.net/) ad blocker and auto-configures it for you.
+This container bundles pi-hole and auto-configures it for you.
 
 ### Notes
 - You should not run this container on a public VPS! It is only intended to run in home networks!

community-containers/plex/readme.md

@@ -1,5 +1,5 @@
 ## Plex
-This container bundles the [Plex Media Server](https://www.plex.tv/en-gb/personal-media-server/) and auto-configures it for you.
+This container bundles Plex and auto-configures it for you.
 
 ### Notes
 - This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!

community-containers/scrutiny/readme.md

@@ -1,5 +1,5 @@
 ## Scrutiny
-This container bundles [Scrutiny](https://github.com/analogj/scrutiny), a web frontend for SMART stats, and auto-configures it for you.
+This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you.
 
 ### Notes
 - This container should only be run in home networks

community-containers/stalwart/readme.md

@@ -4,7 +4,7 @@
 > Do not use this feature as a main mail server or without a redundancy system and without knowledge.
 
 ## Stalwart mail server
-This container bundles the [Stalwart](https://stalw.art/) mail server and auto-configures it for you.
+This container bundles stalwart mail server and auto-configures it for you.
 
 ### Notes
 Documentation is available on the container repository.

community-containers/vaultwarden/readme.md

@@ -1,5 +1,5 @@
 ## Vaultwarden
-This container bundles the [VaultWarden](https://www.vaultwarden.net/) password manager and auto-configures it for you.
+This container bundles vaultwarden and auto-configures it for you.
 
 ### Notes
 - You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.

compose.yaml

@@ -1,4 +1,4 @@
-name: nextcloud-aio # Add the container to the same compose project to which all the sibling containers are added automatically
+name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
 services:
   nextcloud-aio-mastercontainer:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
@@ -15,10 +15,10 @@ services:
       - "80:80" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - "8080:8080" # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
       - "8443:8443" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-    # security_opt: ["label:disable"] # Needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
-    # environment: # This line is needed (has to be uncommented) when using any of the options below
+    # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
+    # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # APACHE_PORT: 11000 # Needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy

manual-install/latest.yml

@@ -46,6 +46,7 @@ services:
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
       - WHITEBOARD_HOST=nextcloud-aio-whiteboard
+      - HARP_HOST=nextcloud-aio-harp
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw

manual-install/update-yaml.sh

@@ -48,7 +48,6 @@ sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
 sed -i '/HARP_ENABLED/d' containers.yml
-sed -i '/HARP_HOST/d' containers.yml
 sed -i '/HP_SHARED_KEY/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 sed -i '/TURN_DOMAIN/d' containers.yml

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 13.0.4
+version: 13.0.3-1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -65,7 +65,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-apache:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
           command:
             - mkdir
             - "-p"
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -38,9 +38,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260513_090235
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260513_090235
           {{- end }}
           readinessProbe:
             exec:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
           command:
             - mkdir
             - "-p"
@@ -66,7 +66,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
           command:
             - chmod
             - "777"
@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -40,7 +40,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
           command:
             - chmod
             - "777"
@@ -192,7 +192,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260513_090235
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -41,7 +41,7 @@ spec:
               value: nextcloud-aio-nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260513_090235
           command:
             - chmod
             - "777"
@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.AIO_LOG_LEVEL }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -41,7 +41,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-redis:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -56,7 +56,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-talk:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260513_090235
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -52,7 +52,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260515_145717
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260513_090235
           readinessProbe:
             exec:
               command:

php/composer.lock

@@ -64,16 +64,16 @@
         },
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.10.3",
+            "version": "7.10.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "47ba23c7a55247e2e1b7407aca90e9bbed0d9d86"
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/47ba23c7a55247e2e1b7407aca90e9bbed0d9d86",
-                "reference": "47ba23c7a55247e2e1b7407aca90e9bbed0d9d86",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
+                "reference": "b51ac707cfa420b7bfd4e4d5e510ba8008e822b4",
                 "shasum": ""
             },
             "require": {
@@ -91,9 +91,8 @@
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "ext-curl": "*",
                 "guzzle/client-integration-tests": "3.0.2",
-                "guzzlehttp/test-server": "^0.3.2",
                 "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.52 || ^9.6.34",
+                "phpunit/phpunit": "^8.5.39 || ^9.6.20",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -171,7 +170,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.10.3"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.0"
             },
             "funding": [
                 {
@@ -187,20 +186,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-05-20T22:59:19+00:00"
+            "time": "2025-08-23T22:36:01+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.4.1",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "09e8a212562fb1fb6a512c4156ed71525969d6c2"
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/09e8a212562fb1fb6a512c4156ed71525969d6c2",
-                "reference": "09e8a212562fb1fb6a512c4156ed71525969d6c2",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/481557b130ef3790cf82b713667b43030dc9c957",
+                "reference": "481557b130ef3790cf82b713667b43030dc9c957",
                 "shasum": ""
             },
             "require": {
@@ -208,7 +207,7 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "type": "library",
             "extra": {
@@ -254,7 +253,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.4.1"
+                "source": "https://github.com/guzzle/promises/tree/2.3.0"
             },
             "funding": [
                 {
@@ -270,20 +269,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-05-20T22:57:30+00:00"
+            "time": "2025-08-22T14:34:08+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.10.1",
+            "version": "2.9.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361"
+                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/73ab136360b5dfd858006eae9795e8fe43c80361",
-                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/7d0ed42f28e42d61352a7a79de682e5e67fec884",
+                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884",
                 "shasum": ""
             },
             "require": {
@@ -298,9 +297,9 @@
             },
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
-                "http-interop/http-factory-tests": "1.1.0",
+                "http-interop/http-factory-tests": "0.9.0",
                 "jshttp/mime-db": "1.54.0.1",
-                "phpunit/phpunit": "^8.5.52 || ^9.6.34"
+                "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -371,7 +370,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.10.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.9.0"
             },
             "funding": [
                 {
@@ -387,7 +386,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-05-20T09:27:36+00:00"
+            "time": "2026-03-10T16:41:02+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -1785,16 +1784,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.26.0",
+            "version": "v3.24.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc"
+                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
-                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6769aefb305efef849dc25c9fd1653358c148f0",
+                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0",
                 "shasum": ""
             },
             "require": {
@@ -1849,7 +1848,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.26.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.24.0"
             },
             "funding": [
                 {
@@ -1861,7 +1860,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-05-20T07:31:59+00:00"
+            "time": "2026-03-17T21:31:11+00:00"
         }
     ],
     "packages-dev": [
@@ -2177,16 +2176,16 @@
         },
         {
             "name": "amphp/parallel",
-            "version": "v2.4.0",
+            "version": "v2.3.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/amphp/parallel.git",
-                "reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81"
+                "reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/amphp/parallel/zipball/37f5b2754fadc229c00f9416bd68fb8d04529a81",
-                "reference": "37f5b2754fadc229c00f9416bd68fb8d04529a81",
+                "url": "https://api.github.com/repos/amphp/parallel/zipball/3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
+                "reference": "3ad45d1cff1bfbfe832c79671e6a4a1017dd9921",
                 "shasum": ""
             },
             "require": {
@@ -2249,7 +2248,7 @@
             ],
             "support": {
                 "issues": "https://github.com/amphp/parallel/issues",
-                "source": "https://github.com/amphp/parallel/tree/v2.4.0"
+                "source": "https://github.com/amphp/parallel/tree/v2.3.4"
             },
             "funding": [
                 {
@@ -2257,7 +2256,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2026-05-16T16:54:01+00:00"
+            "time": "2026-05-06T19:26:51+00:00"
         },
         {
             "name": "amphp/parser",
@@ -3776,16 +3775,16 @@
         },
         {
             "name": "revolt/event-loop",
-            "version": "v1.0.9",
+            "version": "v1.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/revoltphp/event-loop.git",
-                "reference": "44061cf513e53c6200372fc935ac42271566295d"
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/44061cf513e53c6200372fc935ac42271566295d",
-                "reference": "44061cf513e53c6200372fc935ac42271566295d",
+                "url": "https://api.github.com/repos/revoltphp/event-loop/zipball/b6fc06dce8e9b523c9946138fa5e62181934f91c",
+                "reference": "b6fc06dce8e9b523c9946138fa5e62181934f91c",
                 "shasum": ""
             },
             "require": {
@@ -3795,7 +3794,7 @@
                 "ext-json": "*",
                 "jetbrains/phpstorm-stubs": "^2019.3",
                 "phpunit/phpunit": "^9",
-                "psalm/phar": "6.16.*"
+                "psalm/phar": "^5.15"
             },
             "type": "library",
             "extra": {
@@ -3842,22 +3841,22 @@
             ],
             "support": {
                 "issues": "https://github.com/revoltphp/event-loop/issues",
-                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.9"
+                "source": "https://github.com/revoltphp/event-loop/tree/v1.0.8"
             },
-            "time": "2026-05-16T17:55:38+00:00"
+            "time": "2025-08-27T21:33:23+00:00"
         },
         {
             "name": "sebastian/diff",
-            "version": "8.3.0",
+            "version": "8.2.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/sebastianbergmann/diff.git",
-                "reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47"
+                "reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/b36d33b6e796513de7cb7df053afb3f55eefcd47",
-                "reference": "b36d33b6e796513de7cb7df053afb3f55eefcd47",
+                "url": "https://api.github.com/repos/sebastianbergmann/diff/zipball/cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
+                "reference": "cce1bb200e0062e72f9b85ccfe54d3fd38bbd044",
                 "shasum": ""
             },
             "require": {
@@ -3870,7 +3869,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "8.3-dev"
+                    "dev-main": "8.2-dev"
                 }
             },
             "autoload": {
@@ -3903,7 +3902,7 @@
             "support": {
                 "issues": "https://github.com/sebastianbergmann/diff/issues",
                 "security": "https://github.com/sebastianbergmann/diff/security/policy",
-                "source": "https://github.com/sebastianbergmann/diff/tree/8.3.0"
+                "source": "https://github.com/sebastianbergmann/diff/tree/8.2.1"
             },
             "funding": [
                 {
@@ -3923,7 +3922,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-05-15T04:58:09+00:00"
+            "time": "2026-05-14T05:24:37+00:00"
         },
         {
             "name": "spatie/array-to-xml",
@@ -4899,16 +4898,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "2.4.0",
+            "version": "2.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155"
+                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/9007ea6f45ecf352a9422b36644e4bfc039b9155",
-                "reference": "9007ea6f45ecf352a9422b36644e4bfc039b9155",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
+                "reference": "eb0d790f735ba6cff25c683a85a1da0eadeff9e4",
                 "shasum": ""
             },
             "require": {
@@ -4924,11 +4923,7 @@
             },
             "type": "library",
             "extra": {
-                "psalm": {
-                    "pluginClass": "Webmozart\\Assert\\PsalmPlugin"
-                },
                 "branch-alias": {
-                    "dev-master": "2.0-dev",
                     "dev-feature/2-0": "2.0-dev"
                 }
             },
@@ -4959,9 +4954,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.4.0"
+                "source": "https://github.com/webmozarts/assert/tree/2.3.0"
             },
-            "time": "2026-05-20T13:07:01+00:00"
+            "time": "2026-04-11T10:33:05+00:00"
         }
     ],
     "aliases": [],

php/psalm.xml

@@ -1,29 +1,29 @@
 <?xml version="1.0"?>
 <psalm
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xmlns="https://getpsalm.org/schema/config"
-    xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
-    errorBaseline="psalm-baseline.xml"
-    findUnusedBaselineEntry="true"
-    findUnusedCode="false"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="https://getpsalm.org/schema/config"
+	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
+	errorBaseline="psalm-baseline.xml"
+	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
-    <projectFiles>
-        <directory name="templates"/>
-        <directory name="src"/>
-        <file name="public/index.php"/>
-        <ignoreFiles>
-            <directory name="vendor" />
-        </ignoreFiles>
-    </projectFiles>
-    <extraFiles>
-        <directory name="vendor" />
-    </extraFiles>
-    <issueHandlers>
-        <ClassMustBeFinal errorLevel="suppress" />
+	<projectFiles>
+		<directory name="templates"/>
+		<directory name="src"/>
+		<file name="public/index.php"/>
+		<ignoreFiles>
+			<directory name="vendor" />
+		</ignoreFiles>
+	</projectFiles>
+	<extraFiles>
+		<directory name="vendor" />
+	</extraFiles>
+	<issueHandlers>
+  		<ClassMustBeFinal errorLevel="suppress" />
         <MissingConstructor>
             <errorLevel type="suppress">
                 <file name="src/Data/ConfigurationManager.php" />  <!-- We're using property hooks with virtual properties in that file, which Psalm wrongly complains about. See <https://github.com/vimeo/psalm/issues/11435>.  -->
             </errorLevel>
         </MissingConstructor>
-    </issueHandlers>
+	</issueHandlers>
 </psalm>

php/public/index.php

@@ -181,10 +181,8 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->aioCommunityContainers,
         'bypass_container_update' => $bypass_container_update,
-    // Do not cache the page as it shows credentials
-    ])->withHeader('Cache-Control', 'no-store');
+    ]);
 })->setName('profile');
-
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
@@ -193,7 +191,6 @@ $app->get('/login', function (Request $request, Response $response, array $args)
         'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
-
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
@@ -212,10 +209,8 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
         [
             'password' => $setup->Setup(),
         ]
-    // Do not cache the page as it shows credentials
-    )->withHeader('Cache-Control', 'no-store');
+    );
 });
-
 $app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
     $params = $request->getQueryParams();
     $id = $params['id'] ?? '';
@@ -223,13 +218,7 @@ $app->get('/log', function (Request $request, Response $response, array $args) u
         throw new DI\NotFoundException();
     }
     $view = Twig::fromRequest($request);
-    return $view->render(
-        $response, 'log.twig', 
-        [
-            'id' => $id
-        ]
-    // Do not cache the page as it might shows credentials
-    )->withHeader('Cache-Control', 'no-store');
+    return $view->render($response, 'log.twig', ['id' => $id]);
 });
 
 // Auth Redirector
@@ -256,7 +245,6 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $
     }
 });
 
-// Default error handler
 $errorMiddleware = $app->addErrorMiddleware(false, true, true);
 
 // Set a custom Not Found handler, which doesn't pollute the app output with 404 errors.
@@ -266,17 +254,6 @@ $errorMiddleware->setErrorHandler(
         $response = $app->getResponseFactory()->createResponse();
         $response->getBody()->write('Not Found');
         return $response->withStatus(404);
-    }
-);
-
-// Set another custom error handler, which doesn't pollute the app output with 405 errors.
-$errorMiddleware->setErrorHandler(
-    \Slim\Exception\HttpMethodNotAllowedException::class,
-    function (Request $request, Throwable $exception, bool $displayErrorDetails) use ($app) {
-        $response = $app->getResponseFactory()->createResponse();
-        $response->getBody()->write('Method not allowed');
-        return $response->withStatus(405);
-    }
-);
+    });
 
 $app->run();

php/src/ContainerDefinitionFetcher.php

@@ -52,18 +52,14 @@ readonly class ContainerDefinitionFetcher {
         $standardContainerNames = array_column($data['aio_services_v1'], 'container_name');
 
         $additionalContainerNames = [];
-        $additionalTopLevelContainerNames = [];
         foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) {
             if ($communityContainer !== '') {
                 $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                 $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                 $data = array_merge_recursive($data, $additionalData);
-                foreach ($additionalData['aio_services_v1'] as $additionalEntry) {
-                    $additionalContainerNames[] = $additionalEntry['container_name'];
-                }
                 if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
-                    // Store main container_name of community containers in variable for later
-                    $additionalTopLevelContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
+                    // Store container_name of community containers in variable for later
+                    $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
                 }
             }
         }
@@ -180,7 +176,7 @@ readonly class ContainerDefinitionFetcher {
                 if ($entry['container_name'] === 'nextcloud-aio-apache') {
                     // Add community containers first and default ones last so that aio_variables works correctly
                     $valueDependsOnTemp = [];
-                    foreach ($additionalTopLevelContainerNames as $containerName) {
+                    foreach ($additionalContainerNames as $containerName) {
                         $valueDependsOnTemp[] = $containerName;
                     }
                     $valueDependsOn = array_merge_recursive($valueDependsOnTemp, $valueDependsOn);

php/src/Docker/DockerHubManager.php

@@ -3,6 +3,8 @@ declare(strict_types=1);
 
 namespace AIO\Docker;
 
+use AIO\ContainerDefinitionFetcher;
+use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 
 readonly class DockerHubManager {
@@ -13,16 +15,6 @@ readonly class DockerHubManager {
         $this->guzzleClient = new Client();
     }
 
-
-    // Official Docker Hub images need the library/ prefix when using the registry API directly.
-    private function normalizeImageName(string $name): string {
-        if (!str_contains($name, '/')) {
-            return 'library/' . $name;
-        }
-        return $name;
-    }
-
-
     public function GetLatestDigestOfTag(string $name, string $tag) : ?string {
         $cacheKey = 'dockerhub-manifest-' . $name . $tag;
 
@@ -32,7 +24,6 @@ readonly class DockerHubManager {
         }
 
         // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
-        $name = $this->normalizeImageName($name);
 
         try {
             $authTokenRequest = $this->guzzleClient->request(

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-13.1.0
+13.0.3

php/templates/log.twig

@@ -1,11 +1,9 @@
 <html lang="en">
     <head>
-        <title>AIO</title>
         <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
         <link rel="stylesheet" href="style.css">
         <link rel="stylesheet" href="logs.css">
-        <link rel="icon" href="img/favicon.png">
-        <script src="log-load.js?v1"></script>
+        <script src="log-view.js?v1"></script>
     </head>
     <body data-container-id="{{ id }}">
         <div id="floating-box">