fix: use named volume for OpenVPMS Redis /data instead of tmpfs

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/5f263bfa-a9fe-4ec7-b788-5f51a75ea0fc

.github/workflows/lint-yaml.yml

@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

Containers/apache/Caddyfile

@@ -15,7 +15,7 @@
 }
 
 https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
-http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see containers.json
+http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI requests, see containers.json
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
     header -Server
     header -X-Powered-By

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.9.3.1
+FROM collabora/code:25.04.9.4.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/mastercontainer/acme.Caddyfile

@@ -17,7 +17,8 @@
 	}
 
 	servers {
-		protocols h1 h2 h2c
+		# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
+		protocols h1
 	}
 
 	on_demand_tls {
@@ -39,7 +40,6 @@ https://:8443 {
 	abort @denied
 
 	root * /var/www/docker-aio/php/public
-	encode
 	php_fastcgi unix//run/php.sock
 	file_server
 

Containers/mastercontainer/internal.Caddyfile

@@ -13,7 +13,8 @@
 	}
 
 	servers {
-		protocols h1 h2
+		# Only h1 is allowed as we prevent `ERR_NETWORK_CHANGED` from happening
+		protocols h1
 	}
 
 	skip_install_trust
@@ -27,7 +28,6 @@ https://:8080 {
 	abort @denied
 
 	root * /var/www/docker-aio/php/public
-	encode
 	php_fastcgi unix//run/php.sock
 	file_server
 

community-containers/caddy/readme.md

@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed. It also covers [OpenVPMS](https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms) by listening on `vpms.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -15,6 +15,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr.
 - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
+- If you want to use this with [OpenVPMS](https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms), make sure that you point `vpms.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for OpenVPMS.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup. **Please note:** If you do not have CLI access to the server, you can now run docker commands via a web session by using this community container: https://github.com/nextcloud/all-in-one/tree/main/community-containers/container-management
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

community-containers/fail2ban/fail2ban.json

@@ -35,6 +35,11 @@
                     "source": "nextcloud_aio_jellyseerr",
                     "destination": "/jellyseerr",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_openvpms_logs",
+                    "destination": "/openvpms",
+                    "writeable": false
                 }
             ]
         }

community-containers/fail2ban/readme.md

@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.

community-containers/openvpms/Dockerfile

@@ -0,0 +1,73 @@
+# syntax=docker/dockerfile:latest
+FROM tomcat:9.0-jdk17-temurin-alpine
+
+ARG OPENVPMS_VERSION=2.4.0.1
+ARG MARIADB_DRIVER_VERSION=3.4.1
+ARG REDISSON_VERSION=4.3.0
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        bash \
+        curl \
+        mariadb-client \
+        redis \
+        unzip; \
+    \
+    # Change Tomcat's connector port from 8080 to 11001
+    sed -i 's/port="8080"/port="11001"/' /usr/local/tomcat/conf/server.xml; \
+    \
+    # Download MariaDB JDBC driver into Tomcat's shared lib directory
+    curl -fsSL -o /usr/local/tomcat/lib/mariadb-java-client.jar \
+        "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/${MARIADB_DRIVER_VERSION}/mariadb-java-client-${MARIADB_DRIVER_VERSION}.jar"; \
+    \
+    # Download Redisson JARs for Redis-backed Tomcat session management
+    curl -fsSL -o /usr/local/tomcat/lib/redisson-all.jar \
+        "https://repo1.maven.org/maven2/org/redisson/redisson-all/${REDISSON_VERSION}/redisson-all-${REDISSON_VERSION}.jar"; \
+    curl -fsSL -o /usr/local/tomcat/lib/redisson-tomcat-9.jar \
+        "https://repo1.maven.org/maven2/org/redisson/redisson-tomcat-9/${REDISSON_VERSION}/redisson-tomcat-9-${REDISSON_VERSION}.jar"; \
+    \
+    # Remove default webapps
+    rm -rf /usr/local/tomcat/webapps/*; \
+    \
+    # Download and extract OpenVPMS release archive
+    curl -fsSL -o /tmp/openvpms-release.zip \
+        "https://repository.openvpms.org/releases/org/openvpms/openvpms-release/${OPENVPMS_VERSION}/openvpms-release-${OPENVPMS_VERSION}.zip"; \
+    unzip -q /tmp/openvpms-release.zip -d /tmp/openvpms-release; \
+    \
+    # Extract and deploy the WAR file — fail explicitly if not exactly one WAR is found
+    WAR_COUNT="$(find /tmp/openvpms-release -name '*.war' | wc -l)"; \
+    if [ "${WAR_COUNT}" -ne 1 ]; then \
+        echo "Expected exactly 1 WAR file, found ${WAR_COUNT}"; exit 1; \
+    fi; \
+    find /tmp/openvpms-release -name '*.war' \
+        -exec cp {} /usr/local/tomcat/webapps/openvpms.war \;; \
+    \
+    # Copy DB setup scripts — fail explicitly if the db directory is not found
+    DB_DIR="$(find /tmp/openvpms-release -type d -name 'db' | head -1)"; \
+    if [ -z "${DB_DIR}" ]; then \
+        echo "DB setup directory not found in release archive"; exit 1; \
+    fi; \
+    mkdir -p /setup/db; \
+    cp -r "${DB_DIR}/"* /setup/db/; \
+    \
+    # Clean up
+    rm -rf /tmp/openvpms-release /tmp/openvpms-release.zip
+
+COPY --chmod=755 entrypoint.sh /entrypoint.sh
+COPY --chmod=755 healthcheck.sh /healthcheck.sh
+
+RUN mkdir -p /opt/openvpms/data
+
+VOLUME /opt/openvpms/data
+
+EXPOSE 11001
+
+HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 \
+    CMD /healthcheck.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+LABEL org.opencontainers.image.title="aio-openvpms" \
+      org.opencontainers.image.description="OpenVPMS for Nextcloud AIO" \
+      org.opencontainers.image.source="https://github.com/szaimen/aio-openvpms"

community-containers/openvpms/entrypoint.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+set -e
+
+# Wait for the MariaDB database to be ready
+echo "Waiting for database at ${DB_HOST} to be ready..."
+until mariadb -h "${DB_HOST}" -u "${DB_USER}" -p"${DB_PASSWORD}" "${DB_NAME}" -e "SELECT 1" >/dev/null 2>&1; do
+    echo "Database not yet available, retrying in 3 seconds..."
+    sleep 3
+done
+echo "Database is ready."
+
+# Wait for Redis to be ready
+echo "Waiting for Redis at ${REDIS_HOST}:6379 to be ready..."
+until redis-cli -h "${REDIS_HOST}" ping 2>/dev/null | grep -q "PONG"; do
+    echo "Redis not yet available, retrying in 3 seconds..."
+    sleep 3
+done
+echo "Redis is ready."
+
+# Write the Redisson configuration for Redis-backed session management
+cat > /usr/local/tomcat/conf/redisson.yaml <<EOF
+singleServerConfig:
+  address: "redis://${REDIS_HOST}:6379"
+EOF
+
+# Write the JNDI datasource configuration, substituting env vars at runtime
+cat > /usr/local/tomcat/conf/context.xml <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<Context>
+    <Resource name="jdbc/openvpms"
+              auth="Container"
+              type="javax.sql.DataSource"
+              driverClassName="org.mariadb.jdbc.Driver"
+              url="jdbc:mariadb://${DB_HOST}/${DB_NAME}?useSSL=false&amp;allowPublicKeyRetrieval=true&amp;characterEncoding=UTF-8"
+              username="${DB_USER}"
+              password="${DB_PASSWORD}"
+              maxTotal="20"
+              maxIdle="10"
+              maxWaitMillis="-1"/>
+    <Manager className="org.redisson.tomcat.RedissonSessionManager"
+             configPath="/usr/local/tomcat/conf/redisson.yaml"
+             readMode="REDIS"
+             updateMode="DEFAULT"/>
+</Context>
+EOF
+
+# Initialise the database schema on first run only
+INIT_FLAG="/opt/openvpms/data/.db-initialized"
+if [ ! -f "${INIT_FLAG}" ]; then
+    echo "First run detected – initialising OpenVPMS database schema..."
+    SQL_SCRIPTS="$(find /setup/db -name '*.sql' | sort)"
+    if [ -n "${SQL_SCRIPTS}" ]; then
+        while IFS= read -r sql_file; do
+            echo "Applying ${sql_file}..."
+            mariadb -h "${DB_HOST}" -u "${DB_USER}" -p"${DB_PASSWORD}" "${DB_NAME}" < "${sql_file}"
+        done <<< "${SQL_SCRIPTS}"
+        touch "${INIT_FLAG}"
+        echo "Database schema initialised successfully."
+    else
+        echo "Warning: no SQL setup scripts found under /setup/db"
+    fi
+fi
+
+echo "Starting OpenVPMS on port 11001..."
+exec catalina.sh run

community-containers/openvpms/healthcheck.sh

@@ -0,0 +1,2 @@
+#!/bin/bash
+curl -sf http://localhost:11001/openvpms/ -o /dev/null || exit 1

community-containers/openvpms/openvpms.json

@@ -0,0 +1,84 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-openvpms",
+            "display_name": "OpenVPMS",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/openvpms",
+            "image": "ghcr.io/szaimen/aio-openvpms",
+            "image_tag": "latest",
+            "internal_port": "11001",
+            "restart": "unless-stopped",
+            "depends_on": [
+                "nextcloud-aio-openvpms-db",
+                "nextcloud-aio-openvpms-redis"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "DB_HOST=nextcloud-aio-openvpms-db",
+                "DB_NAME=openvpms",
+                "DB_USER=openvpms",
+                "DB_PASSWORD=%OPENVPMS_DB_PASSWORD%",
+                "REDIS_HOST=nextcloud-aio-openvpms-redis"
+            ],
+            "secrets": [
+                "OPENVPMS_DB_PASSWORD"
+            ],
+            "ui_secret": "OPENVPMS_DB_PASSWORD",
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms",
+                    "destination": "/opt/openvpms/data",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_openvpms_logs",
+                    "destination": "/usr/local/tomcat/logs",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_openvpms"
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-openvpms-redis",
+            "display_name": "OpenVPMS Redis",
+            "image": "redis",
+            "image_tag": "7-alpine",
+            "hide_from_list": true,
+            "restart": "unless-stopped",
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms_redis",
+                    "destination": "/data",
+                    "writeable": true
+                }
+            ]
+        },
+        {
+            "container_name": "nextcloud-aio-openvpms-db",
+            "display_name": "OpenVPMS Database",
+            "image": "mariadb",
+            "image_tag": "lts",
+            "hide_from_list": true,
+            "restart": "unless-stopped",
+            "environment": [
+                "MYSQL_DATABASE=openvpms",
+                "MYSQL_USER=openvpms",
+                "MYSQL_PASSWORD=%OPENVPMS_DB_PASSWORD%",
+                "MYSQL_RANDOM_ROOT_PASSWORD=yes"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_openvpms_db",
+                    "destination": "/var/lib/mysql",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_openvpms_db"
+            ]
+        }
+    ]
+}

community-containers/openvpms/readme.md

@@ -0,0 +1,16 @@
+## OpenVPMS
+This container bundles [OpenVPMS](https://openvpms.org) — an open-source veterinary practice management system — and auto-configures it for you. It includes a dedicated MariaDB database container.
+
+### Notes
+- You need to enable the [Caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) as it is required to expose the OpenVPMS web interface. The web interface will be available at `https://vpms.your-nc-domain.com/openvpms` once Caddy is running.
+- You need to point `vpms.your-nc-domain.com` to your server using a CNAME or A/AAAA record so that Caddy can obtain a TLS certificate automatically.
+- It is recommended to also enable the [Fail2ban community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban) to automatically block IP addresses with too many failed login attempts.
+- A dedicated Redis instance is automatically started alongside OpenVPMS to store HTTP sessions externally, reducing JVM heap pressure and improving overall throughput.
+- The data of OpenVPMS and its database will be automatically included in AIO's backup solution!
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-openvpms
+
+### Maintainer
+https://github.com/szaimen

php/containers.json

@@ -379,7 +379,7 @@
       ],
       "internal_port": "9980",
       "environment": [
-        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
+        "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache.nextcloud-aio:23973",
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
@@ -389,7 +389,7 @@
       "restart": "unless-stopped",
       "nextcloud_exec_commands": [
         "echo 'Activating Collabora config...'",
-        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache:23973' --callback-url='http://nextcloud-aio-apache:23973'"
+        "php /var/www/html/occ richdocuments:activate-config --wopi-url='http://nextcloud-aio-apache.nextcloud-aio:23973' --callback-url='http://nextcloud-aio-apache.nextcloud-aio:23973'"
       ],
       "profiles": [
         "collabora"

php/templates/containers.twig

@@ -353,6 +353,9 @@
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
+                                        {% if bypass_container_update == true %}
+                                            <input type="hidden" name="bypass_container_update" value="true">
+                                        {% endif %}
                                         <input type="submit" value="Start containers" />
                                     </form>
                                 {% else %}
@@ -361,7 +364,7 @@
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
                                         {% if bypass_container_update == true %}
-                                            <input type="hidden" name="bypass_container_update" value="{{bypass_container_update}}">
+                                            <input type="hidden" name="bypass_container_update" value="true">
                                         {% endif %}
                                         <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
                                     </form>

reverse-proxy.md

@@ -169,8 +169,8 @@ The process to run Nextcloud AIO behind a reverse proxy has three required steps
 
     The reverse-proxy container needs to be connected to the nextcloud containers. This can be achieved one of these 3 ways:
     1. Utilize host networking instead of docker bridge networking: Specify `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. With this setup, the default sample configurations with reverse-proxy pointing to `localhost:$APACHE_PORT` should work directly.
-    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
-    1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache:$APACHE_PORT` .
+    1. Connect nextcloud's external-facing containers to the reverse-proxy's docker network by specifying env variable APACHE_ADDITIONAL_NETWORK. With this setup, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT`. ⚠️⚠️⚠️ Note, the specified network must already exist before Nextcloud AIO is started. Otherwise it will fail to start the container because the network is not existing.
+    1. Connect the reverse-proxy container to the `nextcloud-aio` network by specifying it as a secondary (external) network for the reverse proxy container. With this setup also, the reverse proxy can utilize Docker bridge network's DNS name resolution to access nextcloud at `http://nextcloud-aio-apache.nextcloud-aio:$APACHE_PORT` .
 
     </details>