fix: improve pull-images explanation text with bandwidth/time info

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/446ad3c6-142d-4e62-adb8-b43a7e548cda Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
feat: add Pull new images button while containers are running
2026-05-23 03:40:19 +00:00 · 2026-04-28 18:03:27 +00:00 · 2026-04-28 18:02:36 +00:00
18 changed files with 45 additions and 32 deletions
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -10,7 +10,7 @@
    }

    log {
-        level ERROR
+        level {$CADDY_LOG_LEVEL}
    }
 }

--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -9,6 +9,8 @@ if [ -z "$NC_DOMAIN" ]; then
    exit 1
 fi

+CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
+export CADDY_LOG_LEVEL
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
--- a/Containers/collabora/start.sh
+++ b/Containers/collabora/start.sh
@@ -6,8 +6,6 @@ fi

 if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    COLLABORA_LOG_LEVEL="warning"
-elif [ "$AIO_LOG_LEVEL" = "info" ]; then
-    COLLABORA_LOG_LEVEL="notice"
 else
    COLLABORA_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
--- a/Containers/mastercontainer/acme.Caddyfile
+++ b/Containers/mastercontainer/acme.Caddyfile
@@ -10,7 +10,7 @@
 	}

 	log {
-		level ERROR
+		level {$CADDY_LOG_LEVEL}
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host
--- a/Containers/mastercontainer/headers.Caddyfile
+++ b/Containers/mastercontainer/headers.Caddyfile
@@ -18,9 +18,9 @@ header {
    Referrer-Policy "no-referrer" # Tells the browser to never sent a Referer header. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/Referrer-Policy
    X-Robots-Tag "noindex, nofollow" # Tells web crawlers to not index this page. See https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Headers/X-Robots-Tag
    Origin-Agent-Cluster "?1" # Isolates AIO from other same site pages. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin-Agent-Cluster
-    Cross-Origin-Opener-Policy "same-origin" # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
-    Cross-Origin-Embedder-Policy "require-corp" # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
-    Cross-Origin-Resource-Policy "same-origin" # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy
+    Cross-Origin-Opener-Policy "same-origin"; # AIO does not use any popup, still we can isolate its BCG if it is opened as a pop up by another page. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
+    Cross-Origin-Embedder-Policy "require-corp"; # Harder rules for cross origin embeds. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
+    Cross-Origin-Resource-Policy "same-origin"; # Only allow the same origin to load resources. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cross-Origin_Resource_Policy

    # Permissions-Policy disables browser features that AIO does not use. Since there is no "deny all" option, all known features need to be listed explicitly. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy
    Permissions-Policy "accelerometer=(), ambient-light-sensor=(), aria-notify=(), attribution-reporting=(), autoplay=(), bluetooth=(), browsing-topics=(), camera=(), captured-surface-control=(), ch-ua-high-entropy-values=(), compute-pressure=(), cross-origin-isolated=(), deferred-fetch=(), deferred-fetch-minimal=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), local-network=(), local-network-access=(), loopback-network=(), magnetometer=(), microphone=(), midi=(), on-device-speech-recognition=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), private-state-token-redemption=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), storage-access=(), summarizer=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()"
--- a/Containers/mastercontainer/internal.Caddyfile
+++ b/Containers/mastercontainer/internal.Caddyfile
@@ -9,7 +9,7 @@
 	}

 	log {
-		level ERROR
+		level {$CADDY_LOG_LEVEL}
 		# We need to exclude the remote-host plugin from logging as it would spam the logs
 		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
 		exclude http.matchers.remote_host
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -338,7 +338,7 @@ else
 fi

 # Log level logics
-if [ -n "$AIO_LOG_LEVEL" ] && ! echo "$AIO_LOG_LEVEL" | grep -q "^debug$\|^info$\|^warn$\|^error$"; then
+if [ -n "$AIO_LOG_LEVEL" ] && ! grep -q "^debug$\|^info$\|^warn$\|^error$"; then
    print_red "AIO_LOG_LEVEL must be one of 'debug', 'info', 'warn' or 'error'.
 It is set to '$AIO_LOG_LEVEL'".
    exit 1
@@ -347,11 +347,13 @@ if [ -z "$AIO_LOG_LEVEL" ]; then
    export AIO_LOG_LEVEL="warn"
 fi

+CADDY_LOG_LEVEL="$(echo "$AIO_LOG_LEVEL" | tr '[:lower:]' '[:upper:]')"
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    export SUPERVISORD_STDOUT=/dev/stdout
 else
    export SUPERVISORD_STDOUT=NONE
 fi
+export CADDY_LOG_LEVEL

 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0

 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.3
+ENV NEXTCLOUD_VERSION=33.0.2
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -255,13 +255,9 @@ RUN set -ex; \
 # brief quiet period (e.g. desktop-sync clients polling every few seconds), all
 # workers are reaped and the next request burst must wait for fresh forks.  On
 # a loaded host that spawn latency can push Apache past its FastCGI timeout and
-# produce a 502.  Set to PHP_MAX_TIME (default 3600 s / 1 h) so the idle
-# timeout is consistent with the overall upload/execution limit configured via
-# NEXTCLOUD_MAX_TIME: this prevents the rare edge case where a worker handling
-# a very long upload is considered idle and prematurely killed before the
-# request_terminate_timeout can fire, and keeps the warm-pool window aligned
-# with the user-configured upload timeout.
-    sed -i 's/^;*pm.process_idle_timeout\s*=.*/pm.process_idle_timeout = ${PHP_MAX_TIME}s/' /usr/local/etc/php-fpm.d/www.conf; \
+# produce a 502.  300 s (5 min) keeps a warm pool through normal sync-client
+# polling cycles while still reclaiming memory during genuinely idle periods.
+    sed -i 's/^;*pm.process_idle_timeout\s*=.*/pm.process_idle_timeout = 300s/' /usr/local/etc/php-fpm.d/www.conf; \
 # Set request_terminate_timeout so that PHP-FPM forcibly kills workers that
 # exceed the wall-clock limit.  Without this (default = 0 = disabled) a worker
 # stuck on a slow DB query, a stalled Redis connection, or a hung syscall is
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -671,7 +671,6 @@ fi
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
-php /var/www/html/occ config:system:set loglevel --value="$NEXTCLOUD_LOG_LEVEL" --type=integer
 if [ "$NEXTCLOUD_LOG_TYPE" = "errorlog" ]; then
    php /var/www/html/occ config:system:set log_type --value="errorlog"
    php /var/www/html/occ config:system:set log_type_audit --value="errorlog"
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -14,7 +14,6 @@ RUN set -ex; \
        bash \
        openssl \
        shadow \
-        netcat-openbsd \
        grep; \
    \
 # We need to use the same gid and uid as on old installations
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -6,9 +6,6 @@ fi

 test -f "/mnt/data/backup-is-running" && exit 0

-# If database import is running, do not continue with the health check
-if nc -z 127.0.0.1 11000; then
-    exit 0
-fi
+PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 11000 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" && exit 0

 PGPASSWORD="$POSTGRES_PASSWORD" psql -h 127.0.0.1 -p 5432 -U "oc_$POSTGRES_USER" -d "$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -4,11 +4,8 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi

-# Redis only supports [debug, verbose, notice, warning, nothing] as log level
-if [ "$AIO_LOG_LEVEL" = "warn" ] || [ "$AIO_LOG_LEVEL" = "error" ]; then
+if [ "$AIO_LOG_LEVEL" = "warn" ]; then
    REDIS_LOG_LEVEL="warning"
-elif [ "$AIO_LOG_LEVEL" = "info" ]; then
-    REDIS_LOG_LEVEL="notice"
 else
    REDIS_LOG_LEVEL="$AIO_LOG_LEVEL"
 fi
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -100,7 +100,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warn          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
+sed -i 's|AIO_LOG_LEVEL=|AIO_LOG_LEVEL=warning          # Allows to adjust the global AIO log level. Valid values are debug, info, warn and error.|' sample.conf
 sed -i 's|FULLTEXTSEARCH_JAVA_OPTIONS=|FULLTEXTSEARCH_JAVA_OPTIONS="-Xms512M -Xmx512M"          # Allows to adjust the fulltextsearch java options.|' sample.conf
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. You can also disable apps by using a hyphen in front of them. E.g. "-app_api"|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
--- a/php/containers.json
+++ b/php/containers.json
@@ -892,6 +892,7 @@
      "environment": [
        "HP_SHARED_KEY=%HP_SHARED_KEY%",
        "NC_INSTANCE_URL=https://%NC_DOMAIN%",
+        "HP_LOG_LEVEL=%COLLABORA_LOG_LEVEL%",
        "HP_FRP_DISABLE_TLS=true",
        "TZ=%TIMEZONE%"
      ],
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -105,6 +105,7 @@ $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':Sta
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
+$app->post('/api/docker/pull-images', AIO\Controller\DockerController::class . ':PullImages');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
 $app->get('/api/auth/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -45,15 +45,15 @@ readonly class DockerController {
        $this->dockerActionManager->ConnectContainerToNetwork($container);
    }

-    private function PerformRecursiveImagePull(string $id) : void {
+    private function PerformRecursiveImagePull(string $id, ?\Closure $addToStreamingResponseBody = null) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        // Pull all dependencies first and then itself
        foreach($container->dependsOn as $dependency) {
-            $this->PerformRecursiveImagePull($dependency);
+            $this->PerformRecursiveImagePull($dependency, $addToStreamingResponseBody);
        }

-        $this->dockerActionManager->PullImage($container, true);
+        $this->dockerActionManager->PullImage($container, true, $addToStreamingResponseBody);
    }

    public function PullAllContainerImages(): void {
@@ -63,6 +63,19 @@ readonly class DockerController {
        $this->PerformRecursiveImagePull($id);
    }

+    public function PullImages(Request $request, Response $response, array $args) : Response {
+        // Get streaming response start and closure
+        $nonbufResp = $this->startStreamingResponse($response);
+        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
+
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveImagePull($id, $addToStreamingResponseBody);
+
+        // End streaming response
+        $this->finalizeStreamingResponse($nonbufResp);
+        return $nonbufResp;
+    }
+
    public function GetLogs(Request $request, Response $response, array $args) : Response
    {
        $requestParams = $request->getQueryParams();
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -291,6 +291,14 @@
                        {% if has_update_available == true %}
                            {% if is_mastercontainer_update_available == false %}
                                <p>⚠️ Container updates are available. Click on <strong>Stop containers</strong> and <strong>Start and update containers</strong> to update them. You should consider creating a backup first.</p>
+                                {% if isAnyRunning == true and isApacheStarting != true %}
+                                    <p>Alternatively, you can already pull the new images now while the containers are still running. Depending on your internet connection and image sizes, this can take a few minutes. The new images will automatically be used whenever the containers are recreated – either manually via <strong>Stop containers</strong> + <strong>Start and update containers</strong>, or automatically via AIO's daily backup/update schedule.</p>
+                                    <form method="POST" action="api/docker/pull-images" target="overlay-log">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input type="submit" value="Pull new images" />
+                                    </form>
+                                {% endif %}
                            {% endif %}
                        {% else %}
                            {% if is_mastercontainer_update_available == false %}
--- a/php/templates/includes/aio-version.twig
+++ b/php/templates/includes/aio-version.twig
@@ -1 +1 @@
-13.0.1
+13.0.0
@@ -1 +1 @@
 .0.1
 .0.0