fix: improve pull-images explanation text with bandwidth/time info

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/446ad3c6-142d-4e62-adb8-b43a7e548cda

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>

Containers/apache/Caddyfile

@@ -10,7 +10,7 @@
     }
 
     log {
-        level ERROR
+        level {$CADDY_LOG_LEVEL}
     }
 }
 

Containers/apache/Dockerfile

@@ -2,7 +2,7 @@
 FROM caddy:2.11.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.67-alpine3.23
+FROM httpd:2.4.66-alpine3.23
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

Containers/apache/start.sh

@@ -9,6 +9,8 @@ if [ -z "$NC_DOMAIN" ]; then
     exit 1
 fi
 
+CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
+export CADDY_LOG_LEVEL
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     export SUPERVISORD_STDOUT=/dev/stdout
 else

Containers/collabora/start.sh

@@ -6,8 +6,6 @@ fi
 
 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     COLLABORA_LOG_LEVEL="warning"
-elif [ "$AIO_LOG_LEVEL" = "info" ]; then
-    COLLABORA_LOG_LEVEL="notice"
 else
     COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.8-alpine
+FROM haproxy:3.3.7-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:9.4.0
+FROM elasticsearch:9.3.3
 
 USER root
 

Containers/mastercontainer/acme.Caddyfile

@@ -10,7 +10,7 @@
 	}
 
 	log {
-		level ERROR
+		level {$CADDY_LOG_LEVEL}
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host

Containers/mastercontainer/headers.Caddyfile

@@ -18,9 +18,9 @@ header {
     Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
     X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
     Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
+    Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
+    Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
+    Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
 
     # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
     Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"

Containers/mastercontainer/internal.Caddyfile

@@ -9,7 +9,7 @@
 	}
 
 	log {
-		level ERROR
+		level {$CADDY_LOG_LEVEL}
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host

Containers/mastercontainer/start.sh

@@ -338,7 +338,7 @@ else
 fi
 
 # Log level logics
-if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
+if [ -n "$AIO_LOG_LEVEL" ] && ! grep -q "^debug$\|^info$\|^warn$\|^error$"; then
     print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
 It is set to '$AIO_LOG_LEVEL'".
     exit 1
@@ -347,11 +347,13 @@ if [ -z "$AIO_LOG_LEVEL" ]; then
     export AIO_LOG_LEVEL="warn"
 fi
 
+CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     export SUPERVISORD_STDOUT=/dev/stdout
 else
     export SUPERVISORD_STDOUT=NONE
 fi
+export CADDY_LOG_LEVEL
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268

Containers/nextcloud/Dockerfile

@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.3
+ENV NEXTCLOUD_VERSION=33.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

Containers/nextcloud/entrypoint.sh

@@ -671,7 +671,6 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
-php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
 if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
     php /var/www/html/occ config:system:set log_type --value="errorlog"
     php /var/www/html/occ config:system:set log_type_audit --value="errorlog"

Containers/postgresql/Dockerfile

@@ -14,7 +14,6 @@ RUN set -ex; \
         bash \
         openssl \
         shadow \
-        netcat-openbsd \
         grep; \
     \
 # We need to use the same gid and uid as on old installations

Containers/postgresql/healthcheck.sh

@@ -6,9 +6,6 @@ fi
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-# If database import is running, do not continue with the health check
-if nc -z 127.0.0.1 11000; then
-    exit 0
-fi
+PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0
 
 PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.3-alpine
+FROM redis:8.6.2-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/redis/start.sh

@@ -4,11 +4,8 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
     set -x
 fi
 
-# Redis only supports [debug, verbose, notice, warning, nothing] as log level
-if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
+if [ "$AIO_LOG_LEVEL" = "warn" ]; then
     REDIS_LOG_LEVEL="warning"
-elif [ "$AIO_LOG_LEVEL" = "info" ]; then
-    REDIS_LOG_LEVEL="notice"
 else
     REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi

Containers/talk/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.14.0-scratch AS nats
+FROM nats:2.12.8-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus

compose.yaml

@@ -4,7 +4,6 @@ services:
     image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
     init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
     restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
-    cpu_shares: 2048 # This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers. See https://docs.docker.com/reference/compose-file/services/#cpu_shares
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work

manual-install/update-yaml.sh

@@ -100,7 +100,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
+sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warning          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
 sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf

multiple-instances.md

@@ -144,7 +144,6 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
    --name nextcloud-aio-mastercontainer \
    --restart always \
    --publish 8080:8080 \
-   --cpu-shares 2048 \
    --env APACHE_PORT=11000 \
    --env APACHE_IP_BINDING=0.0.0.0 \
    --env TALK_PORT=3478 \

php/containers-schema.json

@@ -141,9 +141,6 @@
 					"shm_size": {
 						"type": "integer"
 					},
-					"cpu_shares": {
-						"type": "integer"
-					},
 					"secrets": {
 						"type": "array",
 						"items": {

php/containers.json

@@ -81,8 +81,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-database",
@@ -139,8 +138,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -282,8 +280,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-notify-push",
@@ -324,8 +321,7 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-redis",
@@ -367,8 +363,7 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-collabora",
@@ -418,8 +413,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-talk",
@@ -490,8 +484,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-talk-recording",
@@ -545,8 +538,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
@@ -617,8 +609,7 @@
       "tmpfs": [
         "/tmp",
         "/nextcloud_aio_volumes"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-watchtower",
@@ -641,8 +632,7 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-domaincheck",
@@ -675,8 +665,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-clamav",
@@ -723,8 +712,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-onlyoffice",
@@ -768,8 +756,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-imaginary",
@@ -811,8 +798,7 @@
       ],
       "secrets": [
         "IMAGINARY_SECRET"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-fulltextsearch",
@@ -864,8 +850,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     },
     {
       "container_name": "nextcloud-aio-docker-socket-proxy",
@@ -892,8 +877,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-harp",
@@ -908,6 +892,7 @@
       "environment": [
         "HP_SHARED_KEY=%HP_SHARED_KEY%",
         "NC_INSTANCE_URL=https://%NC_DOMAIN%",
+        "HP_LOG_LEVEL=%COLLABORA_LOG_LEVEL%",
         "HP_FRP_DISABLE_TLS=true",
         "TZ=%TIMEZONE%"
       ],
@@ -934,8 +919,7 @@
       ],
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 1024
+      ]
     },
     {
       "container_name": "nextcloud-aio-whiteboard",
@@ -981,8 +965,7 @@
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
-      ],
-      "cpu_shares": 512
+      ]
     }
   ]
 }

php/public/index.php

@@ -68,7 +68,7 @@ session_start([
     "use_strict_mode" => true, // Only allow initialized session IDs. See https://www.php.net/manual/en/session.configuration.php#ini.session.use-strict-mode
     "cookie_secure" => true, // Only send cookies over https (not http). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#secure
     "cookie_httponly" => true, // Block the cookie from being read with js in the browser, will still be send for fetch request triggered by js. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#httponly
-    "cookie_samesite" => "Lax", // Send the cookie with same-site requests and top-level cross-site navigations (e.g. redirect after token-based getlogin). "Strict" would block the session cookie on the redirect that follows a cross-site navigation, breaking the getlogin flow from Nextcloud's admin panel. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
+    "cookie_samesite" => "Strict", // Only send the cookie with requests triggered by AIO itself. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value
 ]);
 
 if ($wasAuthenticated) {
@@ -105,6 +105,7 @@ $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':Sta
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
+$app->post('/api/docker/pull-images', AIO\Controller\DockerController::class . ':PullImages');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
 $app->get('/api/auth/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');

php/src/Container/Container.php

@@ -28,7 +28,6 @@ readonly class Container {
         /** @var string[] */
         public array                         $capAdd,
         public int                           $shmSize,
-        public int                           $cpuShares,
         public bool                          $apparmorUnconfined,
         /** @var string[] */
         public array                         $backupVolumes,

php/src/ContainerDefinitionFetcher.php

@@ -303,11 +303,6 @@ readonly class ContainerDefinitionFetcher {
                 $shmSize = $entry['shm_size'];
             }
 
-            $cpuShares = 512;
-            if (isset($entry['cpu_shares'])) {
-                $cpuShares = $entry['cpu_shares'];
-            }
-
             $apparmorUnconfined = false;
             if (isset($entry['apparmor_unconfined'])) {
                 $apparmorUnconfined = $entry['apparmor_unconfined'];
@@ -366,7 +361,6 @@ readonly class ContainerDefinitionFetcher {
                 $enableNvidiaGpu,
                 $capAdd,
                 $shmSize,
-                $cpuShares,
                 $apparmorUnconfined,
                 $backupVolumes,
                 $nextcloudExecCommands,

php/src/Controller/DockerController.php

@@ -45,15 +45,15 @@ readonly class DockerController {
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
-    private function PerformRecursiveImagePull(string $id) : void {
+    private function PerformRecursiveImagePull(string $id, ?\Closure $addToStreamingResponseBody = null) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Pull all dependencies first and then itself
         foreach($container->dependsOn as $dependency) {
-            $this->PerformRecursiveImagePull($dependency);
+            $this->PerformRecursiveImagePull($dependency, $addToStreamingResponseBody);
         }
 
-        $this->dockerActionManager->PullImage($container, true);
+        $this->dockerActionManager->PullImage($container, true, $addToStreamingResponseBody);
     }
 
     public function PullAllContainerImages(): void {
@@ -63,6 +63,19 @@ readonly class DockerController {
         $this->PerformRecursiveImagePull($id);
     }
 
+    public function PullImages(Request $request, Response $response, array $args) : Response {
+        // Get streaming response start and closure
+        $nonbufResp = $this->startStreamingResponse($response);
+        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
+
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveImagePull($id, $addToStreamingResponseBody);
+
+        // End streaming response
+        $this->finalizeStreamingResponse($nonbufResp);
+        return $nonbufResp;
+    }
+
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $requestParams = $request->getQueryParams();

php/src/Docker/DockerActionManager.php

@@ -374,11 +374,6 @@ readonly class DockerActionManager {
             $requestBody['HostConfig']['ShmSize'] = $shmSize;
         }
 
-        $cpuShares = $container->cpuShares;
-        if ($cpuShares > 0) {
-            $requestBody['HostConfig']['CpuShares'] = $cpuShares;
-        }
-
         $tmpfs = [];
         foreach ($container->tmpfs as $tmp) {
             $mode = "";

php/templates/containers.twig

@@ -291,6 +291,14 @@
                         {% if has_update_available == true %}
                             {% if is_mastercontainer_update_available == false %}
                                 <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
+                                {% if isAnyRunning == true and isApacheStarting != true %}
+                                    <p>Alternatively, you can already pull the new images now while the containers are still running. Depending on your internet connection and image sizes, this can take a few minutes. The new images will automatically be used whenever the containers are recreated – either manually via <strong>Stop containers</strong> + <strong>Start and update containers</strong>, or automatically via AIO's daily backup/update schedule.</p>
+                                    <form method="POST" action="api/docker/pull-images" target="overlay-log">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="submit" value="Pull new images" />
+                                    </form>
+                                {% endif %}
                             {% endif %}
                         {% else %}
                             {% if is_mastercontainer_update_available == false %}

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-13.0.3
+13.0.0

readme.md

@@ -202,7 +202,6 @@ sudo docker run \
   --publish 80:80 \
   --publish 8080:8080 \
   --publish 8443:8443 \
-  --cpu-shares 2048 \
   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
   ghcr.io/nextcloud-releases/all-in-one:latest
@@ -219,7 +218,6 @@ sudo docker run \
   - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
   - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
   - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
-  - `--cpu-shares 2048` — gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers.  
   - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  
   - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` — mounts the Docker socket (read-only) so the mastercontainer can manage other containers. On Windows/macOS or when using rootless Docker, this path may need adjustment; see the platform-specific docs. If you change the socket path, also set `WATCHTOWER_DOCKER_SOCKET_PATH` accordingly. If you prefer not to expose the socket, see the manual-install documentation: [Manual install without docker socket access](https://github.com/nextcloud/all-in-one/tree/main/manual-install)  
   - `ghcr.io/nextcloud-releases/all-in-one:latest` — the mastercontainer image.
@@ -705,7 +703,6 @@ docker run ^
 --publish 80:80 ^
 --publish 8080:8080 ^
 --publish 8443:8443 ^
---cpu-shares 2048 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
 ghcr.io/nextcloud-releases/all-in-one:latest

reverse-proxy.md

@@ -1105,7 +1105,6 @@ sudo docker run \
 --name nextcloud-aio-mastercontainer \
 --restart always \
 --publish 8080:8080 \
---cpu-shares 2048 \
 --env APACHE_PORT=11000 \
 --env APACHE_IP_BINDING=0.0.0.0 \
 --env APACHE_ADDITIONAL_NETWORK="" \
@@ -1125,7 +1124,6 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
 - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
 - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
-- `--cpu-shares 2048` This gives the mastercontainer twice the default CPU share weighting (default is 1024), ensuring it stays responsive under heavy load from sibling containers.
 - `--env APACHE_PORT=11000` This is the port that is published on the host that runs Docker and Nextcloud AIO at which the reverse proxy should point at.
 - `--env APACHE_IP_BINDING=0.0.0.0` This can be modified to allow access to the published port on the host only from certain ip-addresses. [See this documentation](#3-limit-the-access-to-the-apache-container)
 - `--env APACHE_ADDITIONAL_NETWORK=""` This can be used to put the sibling apache container that is created by AIO into a specified network - useful if your reverse proxy runs as a container on the same host. [See this documentation](#adapting-the-sample-web-server-configurations-below)
@@ -1156,7 +1154,6 @@ docker run ^
 --name nextcloud-aio-mastercontainer ^
 --restart always ^
 --publish 8080:8080 ^
---cpu-shares 2048 ^
 --env APACHE_PORT=11000 ^
 --env APACHE_IP_BINDING=0.0.0.0 ^
 --env APACHE_ADDITIONAL_NETWORK="" ^