Restore backup_volumes and fix secrets declarations in MySQL DB containers

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/729f8a52-a9df-49b9-b95f-20103c416d52

.github/workflows/lint-yaml.yml

@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

Containers/apache/Caddyfile

@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
+http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.9.3.1
+FROM collabora/code:25.04.9.4.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/mastercontainer/acme.Caddyfile

@@ -17,7 +17,8 @@
 	}
 
 	servers {
-		protocols h1 h2 h2c
+		# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
+		protocols h1
 	}
 
 	on_demand_tls {
@@ -39,7 +40,6 @@ https://:8443 {
 	abort @denied
 
 	root * /var/www/docker-aio/php/public
-	encode
 	php_fastcgi unix//run/php.sock
 	file_server
 

Containers/mastercontainer/internal.Caddyfile

@@ -13,7 +13,8 @@
 	}
 
 	servers {
-		protocols h1 h2
+		# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
+		protocols h1
 	}
 
 	skip_install_trust
@@ -27,7 +28,6 @@ https://:8080 {
 	abort @denied
 
 	root * /var/www/docker-aio/php/public
-	encode
 	php_fastcgi unix//run/php.sock
 	file_server
 

community-containers/bahmni-lite/bahmni-lite.json

@@ -0,0 +1,460 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-bahmni-openmrs",
+            "display_name": "Bahmni Lite",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite",
+            "image": "bahmni/openmrs",
+            "image_tag": "latest",
+            "internal_port": "8080",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "OMRS_DB_NAME=openmrs",
+                "OMRS_DB_HOSTNAME=nextcloud-aio-bahmni-openmrsdb",
+                "OMRS_DB_USERNAME=openmrs-user",
+                "OMRS_DB_PASSWORD=%BAHMNI_OPENMRS_DB_PASSWORD%",
+                "OMRS_CREATE_TABLES=false",
+                "OMRS_AUTO_UPDATE_DATABASE=true",
+                "OMRS_MODULE_WEB_ADMIN=false",
+                "OMRS_JAVA_SERVER_OPTS=",
+                "OMRS_JAVA_MEMORY_OPTS=",
+                "SEND_MAIL=false",
+                "MAIL_TRANSPORT_PROTOCOL=smtps",
+                "MAIL_SMTP_AUTH=true",
+                "MAIL_SMTP_STARTTLS_ENABLE=true",
+                "MAIL_SMTP_SSL_ENABLE=true",
+                "MAIL_DEBUG=false",
+                "MAIL_FROM=",
+                "MAIL_USER=",
+                "MAIL_PASSWORD=",
+                "MAIL_SMTP_HOST=",
+                "MAIL_SMTP_PORT=",
+                "OMRS_DOCKER_ENV=true",
+                "OMRS_C3P0_MAX_SIZE=50",
+                "LUCENE_MATCH_TYPE=START",
+                "DOCUMENT_MAX_SIZE_MB=7",
+                "WEIGHT_CONCEPT_UUID=5089AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
+                "HEIGHT_CONCEPT_UUID=5090AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+            ],
+            "secrets": [
+                "BAHMNI_OPENMRS_DB_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_config",
+                    "destination": "/etc/bahmni_config/",
+                    "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_lab_results",
+                    "destination": "/home/bahmni/uploaded_results",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_uploaded_files",
+                    "destination": "/home/bahmni/uploaded-files",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_patient_images",
+                    "destination": "/home/bahmni/patient_images",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_document_images",
+                    "destination": "/home/bahmni/document_images",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_clinical_forms",
+                    "destination": "/home/bahmni/clinical_forms",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_configuration_checksums",
+                    "destination": "/openmrs/data/configuration_checksums",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_openmrs_logs",
+                    "destination": "/openmrs/data/logs",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_patient_images",
+                "nextcloud_aio_bahmni_document_images",
+                "nextcloud_aio_bahmni_clinical_forms",
+                "nextcloud_aio_bahmni_lab_results",
+                "nextcloud_aio_bahmni_uploaded_files",
+                "nextcloud_aio_bahmni_configuration_checksums",
+                "nextcloud_aio_bahmni_openmrs_logs"
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-openmrsdb",
+                "nextcloud-aio-bahmni-config"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-openmrsdb",
+            "image": "bahmni/openmrs-db",
+            "image_tag": "1.0.0-lite-mysql5.6",
+            "internal_port": "3306",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "MYSQL_ROOT_PASSWORD=%BAHMNI_MYSQL_ROOT_PASSWORD%",
+                "MYSQL_DATABASE=openmrs",
+                "MYSQL_USER=openmrs-user",
+                "MYSQL_PASSWORD=%BAHMNI_OPENMRS_DB_PASSWORD%"
+            ],
+            "secrets": [
+                "BAHMNI_MYSQL_ROOT_PASSWORD",
+                "BAHMNI_OPENMRS_DB_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_openmrsdb",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_configuration_checksums",
+                    "destination": "/configuration_checksums",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_openmrsdb"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-config",
+            "image": "bahmni/clinic-config",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_config",
+                    "destination": "/usr/local/bahmni_config",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_config"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-web",
+            "image": "bahmni/bahmni-web",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_config",
+                    "destination": "/usr/local/apache2/htdocs/bahmni_config/",
+                    "writeable": false
+                }
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-openmrs"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-apps-frontend",
+            "image": "bahmni/bahmni-apps-frontend",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-lab",
+            "image": "bahmni/bahmni-lab",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-implementer-interface",
+            "image": "bahmni/implementer-interface",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-openmrs"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-reportsdb",
+            "image": "mysql",
+            "image_tag": "8.0",
+            "internal_port": "3306",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "MYSQL_ROOT_PASSWORD=%BAHMNI_MYSQL_ROOT_PASSWORD%",
+                "MYSQL_DATABASE=bahmni-reports",
+                "MYSQL_USER=reports-user",
+                "MYSQL_PASSWORD=%BAHMNI_REPORTS_DB_PASSWORD%"
+            ],
+            "secrets": [
+                "BAHMNI_MYSQL_ROOT_PASSWORD",
+                "BAHMNI_REPORTS_DB_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_reportsdb",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_reportsdb"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-reports",
+            "image": "bahmni/reports",
+            "image_tag": "latest",
+            "internal_port": "8080",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "OPENMRS_DB_HOST=nextcloud-aio-bahmni-openmrsdb",
+                "OPENMRS_DB_NAME=openmrs",
+                "OPENMRS_DB_USERNAME=openmrs-user",
+                "OPENMRS_DB_PASSWORD=%BAHMNI_OPENMRS_DB_PASSWORD%",
+                "OPENMRS_HOST=nextcloud-aio-bahmni-openmrs",
+                "OPENMRS_PORT=8080",
+                "REPORTS_DB_SERVER=nextcloud-aio-bahmni-reportsdb",
+                "REPORTS_DB_NAME=bahmni-reports",
+                "REPORTS_DB_USERNAME=reports-user",
+                "REPORTS_DB_PASSWORD=%BAHMNI_REPORTS_DB_PASSWORD%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_config",
+                    "destination": "/etc/bahmni_config/",
+                    "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_queued_reports",
+                    "destination": "/home/bahmni/reports",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_queued_reports"
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-reportsdb",
+                "nextcloud-aio-bahmni-openmrs"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-patient-documents",
+            "image": "bahmni/patient-documents",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "OPENMRS_HOST=nextcloud-aio-bahmni-openmrs"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_document_images",
+                    "destination": "/usr/share/nginx/html/document_images",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_lab_results",
+                    "destination": "/usr/share/nginx/html/uploaded_results",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_uploaded_files",
+                    "destination": "/usr/share/nginx/html/uploaded-files",
+                    "writeable": true
+                }
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-openmrs"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-appointments",
+            "image": "bahmni/appointments",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-craterdb",
+            "image": "mysql",
+            "image_tag": "8.0",
+            "internal_port": "3306",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "MYSQL_ROOT_PASSWORD=%BAHMNI_MYSQL_ROOT_PASSWORD%",
+                "MYSQL_DATABASE=crater",
+                "MYSQL_USER=crater",
+                "MYSQL_PASSWORD=%BAHMNI_CRATER_DB_PASSWORD%"
+            ],
+            "secrets": [
+                "BAHMNI_MYSQL_ROOT_PASSWORD",
+                "BAHMNI_CRATER_DB_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_craterdb",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_craterdb"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-crater-php",
+            "image": "bahmni/crater-php",
+            "image_tag": "latest",
+            "internal_port": "9000",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "APP_URL=http://nextcloud-aio-bahmni-crater-nginx",
+                "DB_HOST=nextcloud-aio-bahmni-craterdb",
+                "DB_PORT=3306",
+                "DB_DATABASE=crater",
+                "DB_USERNAME=crater",
+                "DB_PASSWORD=%BAHMNI_CRATER_DB_PASSWORD%",
+                "SANCTUM_STATEFUL_DOMAINS=nextcloud-aio-bahmni-crater-nginx",
+                "SESSION_DOMAIN=nextcloud-aio-bahmni-crater-nginx",
+                "AUTO_INSTALL=true",
+                "ADMIN_NAME=Super Admin",
+                "ADMIN_EMAIL=admin@bahmni.org",
+                "ADMIN_PASSWORD=%BAHMNI_CRATER_ADMIN_PASSWORD%",
+                "COMPANY_NAME=Bahmni",
+                "COMPANY_SLUG=bahmni",
+                "COUNTRY_ID=101",
+                "CRATER_DEFAULT_CURRENCY=USD",
+                "APP_DEBUG=false"
+            ],
+            "secrets": [
+                "BAHMNI_CRATER_ADMIN_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_crater_app",
+                    "destination": "/var/www/storage/app/public",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_crater_app"
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-craterdb"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-crater-nginx",
+            "image": "bahmni/crater-nginx",
+            "image_tag": "latest",
+            "internal_port": "80",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_crater_app",
+                    "destination": "/var/www/public/storage",
+                    "writeable": true
+                }
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-crater-php"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-crater-atomfeed-db",
+            "image": "mysql",
+            "image_tag": "8.0",
+            "internal_port": "3306",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "MYSQL_ROOT_PASSWORD=%BAHMNI_MYSQL_ROOT_PASSWORD%",
+                "MYSQL_DATABASE=crater-atomfeed",
+                "MYSQL_USER=crater-atomfeed-user",
+                "MYSQL_PASSWORD=%BAHMNI_CRATER_ATOMFEED_DB_PASSWORD%"
+            ],
+            "secrets": [
+                "BAHMNI_MYSQL_ROOT_PASSWORD",
+                "BAHMNI_CRATER_ATOMFEED_DB_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_bahmni_crater_atomfeed_db",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_bahmni_crater_atomfeed_db"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-bahmni-crater-atomfeed",
+            "image": "bahmni/crater-atomfeed",
+            "image_tag": "latest",
+            "internal_port": "8080",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "OPENMRS_HOST=nextcloud-aio-bahmni-openmrs",
+                "OPENMRS_PORT=8080",
+                "OPENMRS_ATOMFEED_USER=admin",
+                "OPENMRS_ATOMFEED_PASSWORD=Admin123",
+                "CRATER_ATOMFEED_DB_HOST=nextcloud-aio-bahmni-crater-atomfeed-db",
+                "CRATER_ATOMFEED_DB_PORT=3306",
+                "CRATER_USERNAME=admin@bahmni.org",
+                "CRATER_PASSWORD=%BAHMNI_CRATER_ADMIN_PASSWORD%",
+                "CRATER_ATOMFEED_DB_USERNAME=crater-atomfeed-user",
+                "CRATER_ATOMFEED_DB_PASSWORD=%BAHMNI_CRATER_ATOMFEED_DB_PASSWORD%",
+                "CRATER_ATOMFEED_DB_NAME=crater-atomfeed",
+                "CRATER_URL=http://nextcloud-aio-bahmni-crater-nginx"
+            ],
+            "depends_on": [
+                "nextcloud-aio-bahmni-openmrs",
+                "nextcloud-aio-bahmni-crater-nginx",
+                "nextcloud-aio-bahmni-crater-atomfeed-db"
+            ]
+        }
+    ]
+}

community-containers/bahmni-lite/readme.md

@@ -0,0 +1,40 @@
+## Bahmni Lite
+This container bundle sets up [Bahmni Lite](https://www.bahmni.org/), an open-source Electronic Medical Record (EMR) and hospital management system, and auto-configures it for you.
+
+Bahmni Lite includes the following services:
+- **OpenMRS** – core EMR application
+- **OpenMRS Database** – pre-seeded MySQL database (Bahmni Lite schema)
+- **Bahmni Config** – clinic configuration (init container)
+- **Bahmni Web** – classic Bahmni EMR frontend (AngularJS)
+- **Bahmni Apps Frontend** – new React-based Bahmni frontend
+- **Bahmni Lab** – lab results module
+- **Implementer Interface** – form/concept builder
+- **Reports** + **Reports DB** – reporting service and its database
+- **Patient Documents** – document storage and serving
+- **Appointments** – appointments module
+- **Crater** (PHP + Nginx + DB) – billing/invoicing system
+- **Crater Atomfeed** + **Crater Atomfeed DB** – OpenMRS ↔ Crater sync service
+
+### Notes
+- You need to configure a reverse proxy in order to use this container bundle, since Bahmni needs a dedicated (sub)domain! The easiest way is to install the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy), which auto-configures `bahmni.your-nc-domain.com` for you — just point a CNAME record for `bahmni.your-nc-domain.com` at your server before enabling Caddy. Caddy will automatically route all Bahmni paths (`/openmrs/`, `/bahmni/`, `/bahmni-new/`, `/bahmni-lab/`, `/implementer-interface/`, `/document_images/`, `/uploaded_results/`, `/uploaded-files/`, `/appointments/`, `/reports/`) to the correct backend containers. Alternatively, you can follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and configure your own reverse proxy manually using the path-to-container mapping documented below.
+- The core Bahmni EMR is accessible at `/openmrs/` on the OpenMRS container (`nextcloud-aio-bahmni-openmrs`, port `8080`). After starting, visit `http://<your-domain>/openmrs/` and log in with the default credentials: username `admin`, password `Admin123`. **⚠️ Change the default OpenMRS admin password immediately after first login.** The Bahmni database image ships with this well-known default — leaving it in place is a serious security risk. Note: after changing the OpenMRS admin password, you must also update `OPENMRS_ATOMFEED_PASSWORD` in the `nextcloud-aio-bahmni-crater-atomfeed` container to match the new password, otherwise the Crater billing sync will stop working.
+- For the full Bahmni UI experience (Bahmni Web, Bahmni Apps Frontend etc.), a reverse proxy must be set up to route the following paths to the correct containers:
+  - `/openmrs/` → `nextcloud-aio-bahmni-openmrs:8080`
+  - `/bahmni/` → `nextcloud-aio-bahmni-web:80`
+  - `/bahmni-new/` → `nextcloud-aio-bahmni-apps-frontend:80`
+  - `/bahmni-lab/` → `nextcloud-aio-bahmni-lab:80`
+  - `/implementer-interface/` → `nextcloud-aio-bahmni-implementer-interface:80`
+  - `/document_images/`, `/uploaded_results/`, `/uploaded-files/` → `nextcloud-aio-bahmni-patient-documents:80`
+  - `/appointments/` → `nextcloud-aio-bahmni-appointments:80`
+  - `/reports/` → `nextcloud-aio-bahmni-reports:8080`
+- The Crater billing system can be reached at `nextcloud-aio-bahmni-crater-nginx:80`. The Crater admin email is `admin@bahmni.org` and the password is shown next to the container in the AIO interface.
+- All Bahmni data (patient images, documents, clinical forms, databases) will be automatically included in AIOs backup solution!
+- The [Fail2ban community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban) auto-configures brute-force protection for Bahmni/OpenMRS login attempts when both containers are enabled.
+- This container bundle requires significant system resources. A minimum of **4 GB RAM** and **2 CPU cores** is recommended; **8 GB RAM** is preferred for production use.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack.
+
+### Repository
+https://github.com/Bahmni/bahmni-docker
+
+### Maintainer
+https://github.com/Bahmni

community-containers/caddy/readme.md

@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. It also covers [Bahmni Lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite) by listening on `bahmni.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -15,6 +15,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr.
 - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
+- If you want to use this with [Bahmni Lite](https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite), make sure that you point `bahmni.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for Bahmni Lite.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

community-containers/fail2ban/fail2ban.json

@@ -35,6 +35,11 @@
                     "source": "nextcloud_aio_jellyseerr",
                     "destination": "/jellyseerr",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_bahmni_openmrs_logs",
+                    "destination": "/bahmni-openmrs",
+                    "writeable": false
                 }
             ]
         }

community-containers/fail2ban/readme.md

@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/bahmni-lite, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.

php/containers-schema.json

@@ -216,7 +216,7 @@
 							"properties": {
 								"destination": {
 									"type": "string",
-									"pattern": "^((/[a-z_/.-]+)|(%[A-Z_]+%))$"
+									"pattern": "^((/[a-z0-9_/.-]+)|(%[A-Z_]+%))$"
 								},
 								"source": {
 									"type": "string",

php/containers.json

@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache.nextcloud-aio:23973' --callback-url='http://nextcloud-aio-apache.nextcloud-aio:23973'"
       ],
       "profiles": [
         "collabora"

php/templates/containers.twig

@@ -353,6 +353,9 @@
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
+                                        {% if bypass_container_update == true %}
+                                            <input type="hidden" name="bypass_container_update" value="true">
+                                        {% endif %}
                                         <input type="submit" value="Start containers" />
                                     </form>
                                 {% else %}
@@ -361,7 +364,7 @@
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if bypass_container_update == true %}
-                                            <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                            <input type="hidden" name="bypass_container_update" value="true">
                                         {% endif %}
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>

reverse-proxy.md

@@ -169,8 +169,8 @@ The process to run Nextcloud AIO behind a reverse proxy has three required steps
 
     The reverse-proxy container needs to be connected to the nextcloud containers. This can be achieved one of these 3 ways:
     1. Utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. With this setup, the default sample configurations with reverse-proxy pointing to `localhost:$APACHE_PORT` should work directly.
-    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
-    1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT` .
+    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
+    1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT` .
 
     </details>