docs(apps): tidy up comments on constants/php settings

Signed-off-by: Josh Richards <josh.t.richards@gmail.com>

.github/workflows/collabora.yml

@@ -20,7 +20,6 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: collabora-seccomp-update automated change
         signoff: true
         title: collabora seccomp update

.github/workflows/dependency-updates.yml

@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
     - uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
       with:
-        php-version: 8.5
+        php-version: 8.4
         extensions: apcu
     - name: Run dependency update script
       run: |
@@ -43,19 +43,9 @@ jobs:
             | tail -1
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
-
-        # CADDY_REMOTE_HOST_HASH
-        CADDY_REMOTE_HOST_HASH="$(
-          git ls-remote https://github.com/muety/caddy-remote-host master \
-            | cut -f1 \
-            | tail -1
-        )"
-        sed -i "s|^ARG CADDY_REMOTE_HOST_HASH.*$|ARG CADDY_REMOTE_HOST_HASH=$CADDY_REMOTE_HOST_HASH|" ./Containers/mastercontainer/Dockerfile
-
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: php dependency updates
         signoff: true
         title: PHP dependency updates

.github/workflows/imaginary-update.yml

@@ -24,7 +24,6 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: imaginary-update automated change
         signoff: true
         title: Imaginary update

.github/workflows/lint-php.yml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.5" ]
+        php-versions: [ "8.4" ]
 
     name: php-lint
 

.github/workflows/lint-yaml.yml

@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 # v7.3.1
+        uses: astral-sh/setup-uv@803947b9bd8e9f986429fa0c5a41c367cd732b41 # v7.2.1
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

.github/workflows/nextcloud-update.yml

@@ -81,7 +81,6 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: nextcloud-update automated change
         signoff: true
         title: Nextcloud dependency update

.github/workflows/php-deprecation-detector.yml

@@ -20,7 +20,7 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
-          php-version: 8.5
+          php-version: 8.4
           extensions: apcu
           coverage: none
 

.github/workflows/playwright-on-push.yml

@@ -26,7 +26,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
           node-version: lts/*
 
@@ -36,11 +36,11 @@ jobs:
       - name: Install Playwright Browsers
         run: cd php/tests && npx playwright install --with-deps chromium
 
-      - name: Set up php 8.5
+      - name: Set up php 8.4
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
           extensions: apcu
-          php-version: 8.5
+          php-version: 8.4
           coverage: none
           ini-file: development
         env:
@@ -114,7 +114,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

.github/workflows/playwright-on-workflow-dispatch.yml

@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6
         with:
           node-version: lts/*
 
@@ -82,7 +82,7 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6
         if: ${{ !cancelled() }}
         with:
           name: playwright-report

.github/workflows/psalm-update-baseline.yml

@@ -15,10 +15,9 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
-          php-version: 8.5
+          php-version: 8.4
           extensions: apcu
           coverage: none
-          ini-file: development
 
       - name: Run script
         run: |
@@ -33,7 +32,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
           committer: GitHub <noreply@github.com>
           author: nextcloud-command <nextcloud-command@users.noreply.github.com>

.github/workflows/psalm.yml

@@ -39,11 +39,12 @@ jobs:
       - name: Set up php
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2.36.0
         with:
-          php-version: 8.5
+          php-version: 8.4
           extensions: apcu
           coverage: none
           ini-file: development
-
+          # Temporary workaround for missing pcntl_* in PHP 8.3
+          ini-values: disable_functions=
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/talk.yml

@@ -47,7 +47,6 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: talk-update automated change
         signoff: true
         title: talk container update

.github/workflows/twig-lint.yml

@@ -29,7 +29,7 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@7bf05c6b704e0b9bfee22300130a31b5ea68d593 # v2
         with:
-          php-version: 8.5
+          php-version: 8.4
           extensions: apcu
           coverage: none
 

.github/workflows/watchtower-update.yml

@@ -28,7 +28,6 @@ jobs:
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
       with:
-        token: ${{ secrets.GITHUB_TOKEN }}
         commit-message: watchtower-update automated change
         signoff: true
         title: watchtower container update

Containers/apache/Caddyfile

@@ -58,11 +58,6 @@ http://{$APACHE_HOST}:23973, # For Collabora callback and WOPI requests, see con
         reverse_proxy {$WHITEBOARD_HOST}:3002
     }
 
-    # HaRP (ExApps)
-    route /exapps/* {
-        reverse_proxy {$HARP_HOST}:8780
-    }
-
     # Nextcloud
     route {
         header Strict-Transport-Security max-age=31536000;

Containers/apache/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.11.2-alpine AS caddy
+FROM caddy:2.10.2-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.66-alpine3.23

Containers/borgbackup/backupscript.sh

@@ -77,10 +77,6 @@ if [ "$BORG_MODE" = backup ]; then
     if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json" ]; then
         echo "configuration.json not present. Cannot perform the backup!"
         exit 1
-    elif ! grep -q '"domain"' "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json" \
-    || ! grep -q '"wasStartButtonClicked"' "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json"; then
-        echo "It seems like the configuration.json setup was not done correctly. Something is wrong! (Most likely the provided configuration.json is invalid)"
-        exit 1
     elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/config/config.php" ]; then
         echo "config.php is missing. Cannot perform backup!"
         exit 1
@@ -518,10 +514,6 @@ if [ "$BORG_MODE" = restore ]; then
 
     if [ "$RESTORE_FAILED" = 1 ]; then
         exit 1
-    elif ! grep -q '"domain"' "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json" \
-    || ! grep -q '"wasStartButtonClicked"' "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json"; then
-        echo "It seems like the restore of the configuration.json was not done correctly. Something is wrong! (Most likely is the restore archive already incorrect)!"
-        exit 1
     fi
 
     # Inform user

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.9.3.1
+FROM collabora/code:25.04.8.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.3.6-alpine
+FROM haproxy:3.3.3-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.19.13
+FROM elasticsearch:8.19.11
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.1-alpine3.23 AS go
+FROM golang:1.26.0-alpine3.23 AS go
 
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
 

Containers/mastercontainer/Caddyfile

@@ -0,0 +1,37 @@
+{
+    # auto_https will create redirects for https://{host}:8443 instead of https://{host}
+    # https redirects are added manually in the http://:80 block
+    auto_https disable_redirects
+
+    storage file_system {
+        root /mnt/docker-aio-config/caddy/
+    }
+
+    log {
+        level ERROR
+    }
+
+    servers {
+        protocols h1 h2 h2c
+    }
+
+    on_demand_tls {
+        ask http://127.0.0.1:9876/
+    }
+}
+
+http://:80 {
+    redir https://{host}{uri} permanent
+}
+
+https://:8443 {
+
+    reverse_proxy 127.0.0.1:8000
+
+    tls {
+        on_demand
+        issuer acme {
+            disable_tlsalpn_challenge
+        }
+    }
+}

Containers/mastercontainer/Dockerfile

@@ -1,17 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.3.0-cli AS docker
-
-ARG CADDY_REMOTE_HOST_HASH=b21775afa730ffb52a24ddff310c8a6d1fd37276
+FROM docker:29.2.1-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.11.2-builder-alpine AS caddy
-RUN set -ex; \
-    xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
-    /usr/bin/caddy list-modules
+FROM caddy:2.10.2-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.5/alpine3.23/fpm/Dockerfile
-FROM php:8.5.4-fpm-alpine3.23
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.23/fpm/Dockerfile
+FROM php:8.4.17-fpm-alpine3.23
 
 EXPOSE 80
 EXPOSE 8080
@@ -26,8 +21,9 @@ COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
 COPY community-containers /var/www/docker-aio/community-containers
 COPY php /var/www/docker-aio/php
 COPY --chmod=775 Containers/mastercontainer/*.sh /
-COPY --chmod=664 Containers/mastercontainer/*.Caddyfile /
+COPY --chmod=664 Containers/mastercontainer/Caddyfile /Caddyfile
 COPY --chmod=664 Containers/mastercontainer/supervisord.conf /supervisord.conf
+COPY Containers/mastercontainer/mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
 WORKDIR /var/www/docker-aio
 
@@ -41,8 +37,13 @@ RUN set -ex; \
     apk add --no-cache \
         util-linux-misc \
         ca-certificates \
+        wget \
         bash \
+        apache2 \
+        apache2-proxy \
+        apache2-ssl \
         supervisor \
+        openssl \
         sudo \
         netcat-openbsd \
         curl \
@@ -66,12 +67,11 @@ RUN set -ex; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    grep -q '^listen =' /usr/local/etc/php-fpm.d/docker.conf; \
-    sed -i 's|listen =.*|listen = /run/php.sock|' /usr/local/etc/php-fpm.d/docker.conf; \
-    echo "listen.owner = www-data" | tee -a /usr/local/etc/php-fpm.d/docker.conf; \
+    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
     \
     apk add --no-cache git; \
-    curl https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer; \
+    wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     rm -r ./php/tests; \
@@ -86,6 +86,42 @@ RUN set -ex; \
     rm -r php/data; \
     rm -r php/session; \
     \
+    mkdir -p /etc/apache2/certs; \
+    cd /etc/apache2/certs; \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
+    \
+    sed -i \
+            -e '/^Listen /d' \
+            -e 's/^LogLevel .*/LogLevel error/' \
+            -e 's|^ErrorLog .*|ErrorLog /proc/self/fd/2|' \
+            -e 's/User apache/User www-data/g' \
+            -e 's/Group apache/Group www-data/g' \
+            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+            -e 's/\(ScriptAlias \)/#\1/' \
+        /etc/apache2/httpd.conf; \
+        mkdir -p /etc/apache2/logs; \
+        rm /etc/apache2/conf.d/ssl.conf; \
+        echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
+        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
+        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
+        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
+    \
+    rm -f /etc/apache2/conf.d/default.conf \
+          /etc/apache2/conf.d/userdir.conf \
+          /etc/apache2/conf.d/info.conf; \
+    \
+    rm -rf /var/www/localhost/cgi-bin/; \
     mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 

Containers/mastercontainer/README.md

@@ -12,8 +12,8 @@ The mastercontainer acts as the central orchestration service for the deployment
 of all other containers in the Nextcloud All-in-One stack. It hosts:
 
 - A dedicated PHP SAPI/backend (php-fpm) for AIO itself (not Nextcloud Server)
-- A Caddy server enabling self-signed HTTPS access to the AIO frontend on port 8080/tcp.
-- A Caddy server enabling trusted HTTPS access to the AIO frontend on port 8443/tcp.
+- An Apache service for accessing the AIO interface via a self-signed HTTPS VirtualHost on 8080/tcp
+- A Caddy reverse proxy service enabling HTTPS access to the AIO frontend on port 8443/tcp.
   - Caddy will automatically issue a Let's Encrypt issued certificate if port 80 and 8443
     is open/forwarded and a domain pointer is in place; then, simply open the Nextcloud AIO interface using the
     domain (`https://your-domain-that-points-to-this-server.tld:8443`). The Let's Encrypt certificate request will

Containers/mastercontainer/acme.Caddyfile

@@ -1,52 +0,0 @@
-{
-	admin off
-
-	# auto_https will create redirects for https://{host}:8443 instead of https://{host}
-	# https redirects are added manually in the http://:80 block
-	auto_https disable_redirects
-
-	storage file_system {
-		root /mnt/docker-aio-config/caddy/
-	}
-
-	log {
-		level ERROR
-		# We need to exclude the remote-host plugin from logging as it would spam the logs
-		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
-		exclude http.matchers.remote_host
-	}
-
-	servers {
-		protocols h1 h2 h2c
-	}
-
-	on_demand_tls {
-		ask http://127.0.0.1:9876/
-	}
-
-	skip_install_trust
-}
-
-http://:80 {
-	redir https://{host}{uri} permanent
-}
-
-https://:8443 {
-	@denied {
-		path /api/auth/login /api/auth/getlogin
-		remote_host nextcloud-aio-nextcloud
-	}
-	abort @denied
-
-	root * /var/www/docker-aio/php/public
-	encode
-	php_fastcgi unix//run/php.sock
-	file_server
-
-	tls {
-		on_demand
-		issuer acme {
-			disable_tlsalpn_challenge
-		}
-	}
-}

Containers/mastercontainer/healthcheck.sh

@@ -2,8 +2,9 @@
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
     nc -z 127.0.0.1 80 || exit 1
+    nc -z 127.0.0.1 8000 || exit 1
     nc -z 127.0.0.1 8080 || exit 1
     nc -z 127.0.0.1 8443 || exit 1
-    test -S /run/php.sock || exit 1
+    nc -z 127.0.0.1 9000 || exit 1
     nc -z 127.0.0.1 9876 || exit 1
 fi

Containers/mastercontainer/internal.Caddyfile

@@ -1,38 +0,0 @@
-{
-	admin off
-
-	storage file_system {
-		root /mnt/docker-aio-config/caddy/
-	}
-
-	log {
-		level ERROR
-		# We need to exclude the remote-host plugin from logging as it would spam the logs
-		# See https://github.com/nextcloud/all-in-one/pull/7006#issuecomment-4003238239 
-		exclude http.matchers.remote_host
-	}
-
-	servers {
-		protocols h1 h2
-	}
-
-	skip_install_trust
-}
-
-https://:8080 {
-	@denied {
-		path /api/auth/login /api/auth/getlogin
-		remote_host nextcloud-aio-nextcloud
-	}
-	abort @denied
-
-	root * /var/www/docker-aio/php/public
-	encode
-	php_fastcgi unix//run/php.sock
-	file_server
-
-	tls {
-		on_demand
-		issuer internal
-	}
-}

Containers/mastercontainer/mastercontainer.conf

@@ -0,0 +1,62 @@
+Listen 127.0.0.1:8000
+Listen 8080 https
+
+# Deny access to .ht files
+<Files ".ht*">
+    Require all denied
+</Files>
+
+# Http host
+<VirtualHost 127.0.0.1:8000>
+    ServerName 127.0.0.1
+
+    # Add error log
+    CustomLog /proc/self/fd/1 proxy
+    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    ErrorLog /proc/self/fd/2
+    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
+    LogLevel warn
+
+    # PHP match
+    <FilesMatch "\.php$">
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
+    </FilesMatch>
+    # Master dir
+    DocumentRoot /var/www/docker-aio/php/public/
+    <Directory /var/www/docker-aio/php/public/>
+        RewriteEngine On
+        RewriteCond %{REQUEST_FILENAME} !-f
+        RewriteRule ^ index.php [QSA,L]
+        Options Indexes FollowSymLinks
+        Require all granted
+        AllowOverride All
+        Options FollowSymLinks MultiViews
+        Satisfy Any
+        <IfModule mod_dav.c>
+            Dav off
+        </IfModule>
+    </Directory>
+</VirtualHost>
+
+# Https host
+<VirtualHost *:8080>
+    # Proxy to https
+    ProxyPass / http://127.0.0.1:8000/
+    ProxyPassReverse / http://127.0.0.1:8000/
+    ProxyPreserveHost On
+    # SSL
+    SSLCertificateKeyFile /etc/apache2/certs/ssl.key
+    SSLCertificateFile /etc/apache2/certs/ssl.crt
+    SSLEngine               on
+    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
+</VirtualHost>
+
+# Increase timeout in case e.g. the initial download takes a long time
+Timeout 7200
+ProxyTimeout 7200
+
+# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+TraceEnable Off

Containers/mastercontainer/start.sh

@@ -162,9 +162,6 @@ if ! sudo -E -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-a
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
-elif sudo -E -u www-data docker inspect nextcloud-aio-mastercontainer --format "{{.Config.Image}}" | grep -q '@'; then
-    print_red "It seems like you used a hash for the mastercontainer image tag. This is not supported!"
-    exit 1
 elif ! sudo -E -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
@@ -364,6 +361,7 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
+mkdir -p /mnt/docker-aio-config/certs/ 
 
 # Adjust permissions for all instances
 chmod 770 -R /mnt/docker-aio-config
@@ -371,6 +369,37 @@ chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
+chown root:root -R /mnt/docker-aio-config/certs/
+
+# Don't allow access to the AIO interface from the Nextcloud container
+# Probably more cosmetic than anything but at least an attempt
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/httpd.conf; then
+    cat << APACHE_CONF >> /etc/apache2/httpd.conf
+# nextcloud-aio-block-start
+<Location />
+order allow,deny
+deny from nextcloud-aio-nextcloud.nextcloud-aio
+allow from all
+</Location>
+# nextcloud-aio-block-end
+APACHE_CONF
+fi
+
+# Adjust certs
+GENERATED_CERTS="/mnt/docker-aio-config/certs"
+TMP_CERTS="/etc/apache2/certs"
+mkdir -p "$GENERATED_CERTS"
+cd "$GENERATED_CERTS" || exit 1
+if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
+fi
+if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
+    cd "$TMP_CERTS" || exit 1
+    rm ./ssl.crt
+    rm ./ssl.key
+    cp "$GENERATED_CERTS/ssl.crt" ./
+    cp "$GENERATED_CERTS/ssl.key" ./
+fi
 
 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
@@ -383,11 +412,8 @@ https://your-domain-that-points-to-this-server.tld:8443"
 # Set the timezone to Etc/UTC
 export TZ=Etc/UTC
 
-# Remove unused certs
-rm -vrf /mnt/docker-aio-config/certs
-
-# Remove the php socket as safeguard
-rm -vf /run/php.sock
+# Fix apache startup
+rm -f /var/run/apache2/httpd.pid
 
 # Fix caddy startup
 if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
@@ -395,8 +421,7 @@ if [ -d "/mnt/docker-aio-config/caddy/locks" ]; then
 fi
 
 # Fix the Caddyfile format
-caddy fmt --overwrite /acme.Caddyfile
-caddy fmt --overwrite /internal.Caddyfile
+caddy fmt --overwrite /Caddyfile
 
 # Fix caddy log 
 chmod 777 /root

Containers/mastercontainer/supervisord.conf

@@ -16,20 +16,20 @@ stderr_logfile_maxbytes=0
 command=php-fpm
 user=root
 
-[program:caddy-internal]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+[program:apache]
+# Stdout logging is disabled as otherwise the logs are spammed
+stdout_logfile=NONE
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /internal.Caddyfile
-user=www-data
+command=httpd -DFOREGROUND
+user=root
 
-[program:caddy-acme]
+[program:caddy]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /acme.Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
 user=www-data
 
 [program:cron]

Containers/nextcloud/config/redis.config.php

@@ -1,18 +1,14 @@
 <?php
-if (getenv('REDIS_MODE') !== 'rediscluster') {
+if (getenv('REDIS_HOST')) {
   $CONFIG = array(
     'memcache.distributed' => '\OC\Memcache\Redis',
     'memcache.locking' => '\OC\Memcache\Redis',
+    'redis' => array(
+      'host' => getenv('REDIS_HOST'),
+      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+    ),
   );
 
-  if (getenv('REDIS_HOST')) {
-    $CONFIG['redis']['host'] = (string) getenv('REDIS_HOST');
-  }
-
-  if (getenv('REDIS_HOST_PASSWORD')) {
-    $CONFIG['redis']['password'] = (string) getenv('REDIS_HOST_PASSWORD');
-  }
-
   if (getenv('REDIS_PORT')) {
     $CONFIG['redis']['port'] = (int) getenv('REDIS_PORT');
   }
@@ -21,44 +17,7 @@ if (getenv('REDIS_MODE') !== 'rediscluster') {
     $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
   }
 
-  if (getenv('REDIS_USER_AUTH')) {
+  if (getenv('REDIS_USER_AUTH') !== false) {
     $CONFIG['redis']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
   }
-
-  if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_REDIS')) {
-    $CONFIG['redis']['ssl_context']['cafile'] = '/var/www/html/data/certificates/ca-bundle.crt';
-  }
-} else {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis.cluster' => array(
-      'timeout' => 0.0,
-      'read_timeout' => 0.0,
-      'failover_mode' => \RedisCluster::FAILOVER_ERROR,
-      'seeds' => array_values(array_filter(array(
-        (getenv('REDIS_HOST') && getenv('REDIS_PORT')) ? (getenv('REDIS_HOST') . ':' . (string)getenv('REDIS_PORT')) : null,
-        (getenv('REDIS_HOST_2') && getenv('REDIS_PORT_2')) ? (getenv('REDIS_HOST_2') . ':' . (string)getenv('REDIS_PORT_2')) : null,
-        (getenv('REDIS_HOST_3') && getenv('REDIS_PORT_3')) ? (getenv('REDIS_HOST_3') . ':' . (string)getenv('REDIS_PORT_3')) : null,
-        (getenv('REDIS_HOST_4') && getenv('REDIS_PORT_4')) ? (getenv('REDIS_HOST_4') . ':' . (string)getenv('REDIS_PORT_4')) : null,
-        (getenv('REDIS_HOST_5') && getenv('REDIS_PORT_5')) ? (getenv('REDIS_HOST_5') . ':' . (string)getenv('REDIS_PORT_5')) : null,
-        (getenv('REDIS_HOST_6') && getenv('REDIS_PORT_6')) ? (getenv('REDIS_HOST_6') . ':' . (string)getenv('REDIS_PORT_6')) : null,
-        (getenv('REDIS_HOST_7') && getenv('REDIS_PORT_7')) ? (getenv('REDIS_HOST_7') . ':' . (string)getenv('REDIS_PORT_7')) : null,
-        (getenv('REDIS_HOST_8') && getenv('REDIS_PORT_8')) ? (getenv('REDIS_HOST_8') . ':' . (string)getenv('REDIS_PORT_8')) : null,
-        (getenv('REDIS_HOST_9') && getenv('REDIS_PORT_9')) ? (getenv('REDIS_HOST_9') . ':' . (string)getenv('REDIS_PORT_9')) : null,
-      ))),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PASSWORD')) {
-    $CONFIG['redis.cluster']['password'] = (string) getenv('REDIS_HOST_PASSWORD');
-  }
-
-  if (getenv('REDIS_USER_AUTH')) {
-    $CONFIG['redis.cluster']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
-  }
-
-  if (getenv('NEXTCLOUD_TRUSTED_CERTIFICATES_REDIS')) {
-    $CONFIG['redis.cluster']['ssl_context']['cafile'] = '/var/www/html/data/certificates/ca-bundle.crt';
-  }
 }

Containers/nextcloud/config/s3.config.php

@@ -34,14 +34,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
   if ($sse_c_key) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
   }
-
-  $requestChecksumValidation = getenv('OBJECTSTORE_S3_REQUEST_CHECKSUM_VALIDATION');
-  if ($requestChecksumValidation) {
-    $CONFIG['objectstore']['arguments']['request_checksum_calculation'] = $requestChecksumValidation;
-  }
-
-  $responseChecksumValidation = getenv('OBJECTSTORE_S3_RESPONSE_CHECKSUM_VALIDATION');
-  if ($responseChecksumValidation) {
-    $CONFIG['objectstore']['arguments']['response_checksum_validation'] = $responseChecksumValidation;
-  }
 }

Containers/nextcloud/entrypoint.sh

@@ -669,12 +669,8 @@ php /var/www/html/occ config:system:set documentation_url.server_logs --value="h
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess
 
-# Handle db persistent settings
-if [ "$NEXTCLOUD_PERSIST_DATABASE_CONNECTIONS" = "yes" ]; then
-    php /var/www/html/occ config:system:set dbpersistent --value=true --type=bool
-else
-    php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
-fi
+# Revert dbpersistent setting to check if it fixes too many db connections
+php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
 
 if [ "$DISABLE_BRUTEFORCE_PROTECTION" = yes ]; then
     php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=false
@@ -1029,13 +1025,13 @@ else
     fi
 fi
 
-# Docker socket proxy / HaRP
+# Docker socket proxy
 # app_api is a shipped app
 if [ -d "/var/www/html/custom_apps/app_api" ]; then
     php /var/www/html/occ app:disable app_api
     rm -r "/var/www/html/custom_apps/app_api"
 fi
-if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ] || [ "$HARP_ENABLED" = 'yes' ]; then
+if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
     if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable app_api
     fi

Containers/nextcloud/upgrade.exclude

@@ -3,4 +3,3 @@
 /custom_apps/
 /themes/
 /version.php
-/lost+found

Containers/notify-push/Dockerfile

@@ -11,6 +11,7 @@ RUN set -ex; \
         netcat-openbsd \
         tzdata \
         bash \
+        jq \
         openssl; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \

Containers/notify-push/start.sh

@@ -3,6 +3,12 @@
 if [ -z "$NEXTCLOUD_HOST" ]; then
     echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
     exit 1
+elif [ -z "$POSTGRES_HOST" ]; then
+    echo "POSTGRES_HOST needs to be provided. Exiting!"
+    exit 1
+elif [ -z "$REDIS_HOST" ]; then
+    echo "REDIS_HOST needs to be provided. Exiting!"
+    exit 1
 fi
 
 # Only start container if nextcloud is accessible
@@ -22,7 +28,7 @@ elif [ "$CPU_ARCH" != "x86_64" ]; then
 fi
 
 # Add warning
-if ! [ -f /var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
+if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     echo "The notify_push binary was not found."
     echo "Most likely is DNS resolution not working correctly."
     echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
@@ -38,9 +44,52 @@ fi
 
 echo "notify-push was started"
 
+# Set a default value for POSTGRES_PORT
+if [ -z "$POSTGRES_PORT" ]; then
+    POSTGRES_PORT=5432
+fi
+# Set a default for redis db index
+if [ -z "$REDIS_DB_INDEX" ]; then
+    REDIS_DB_INDEX=0
+fi
+# Set a default value for REDIS_PORT
+if [ -z "$REDIS_PORT" ]; then
+    REDIS_PORT=6379
+fi
+# Set a default for db type
+if [ -z "$DATABASE_TYPE" ]; then
+    DATABASE_TYPE=postgres
+elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
+    echo "DB type must be either postgres or mysql"
+    exit 1
+fi
+
+# Use the correct Postgres username
+if [ "$POSTGRES_USER" = nextcloud ]; then
+    POSTGRES_USER="oc_$POSTGRES_USER"
+    export POSTGRES_USER
+fi
+
+# URL-encode passwords
+POSTGRES_PASSWORD="$(jq -rn --arg v "$POSTGRES_PASSWORD" '$v|@uri')"
+REDIS_HOST_PASSWORD="$(jq -rn --arg v "$REDIS_HOST_PASSWORD" '$v|@uri')"
+
+# Postgres root cert
+if [ -f "/nextcloud/data/certificates/POSTGRES" ]; then
+    CERT_OPTIONS="?sslmode=verify-ca&sslrootcert=/nextcloud/data/certificates/ca-bundle.crt"
+# Mysql root cert
+elif [ -f "/nextcloud/data/certificates/MYSQL" ]; then
+    CERT_OPTIONS="?sslmode=verify-ca&ssl-ca=/nextcloud/data/certificates/ca-bundle.crt"
+fi
+
+# Set sensitive values as env
+export DATABASE_URL="$DATABASE_TYPE://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB$CERT_OPTIONS"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST:$REDIS_PORT/$REDIS_DB_INDEX"
+
 # Run it
-/var/www/html/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
-    --port 7867 \
-    /var/www/html/config/config.php
+/nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
+    --database-prefix="oc_" \
+    --nextcloud-url "https://$NC_DOMAIN" \
+    --port 7867
 
 exec "$@"

Containers/onlyoffice/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:9.3.1.2
+FROM onlyoffice/documentserver:9.2.1.1
 
 # USER root is probably used
 

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/17/alpine3.23/Dockerfile
-FROM postgres:17.9-alpine
+FROM postgres:17.8-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/redis/docker-library-redis/blob/release/8.2/alpine/Dockerfile
-FROM redis:8.6.1-alpine
+FROM redis:8.2.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/talk-recording/Dockerfile

@@ -20,9 +20,6 @@ RUN set -ex; \
         xvfb \
         ffmpeg \
         firefox \
-        font-noto-all \
-        font-noto-cjk \
-        font-noto-cjk-extra \
         bind-tools \
         netcat-openbsd \
         git \

Containers/talk/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.12.5-scratch AS nats
+FROM nats:2.12.4-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.1.0 AS signaling
 FROM alpine:3.23.3 AS janus
 
 ARG JANUS_VERSION=v1.4.0
@@ -70,8 +70,7 @@ RUN set -ex; \
         libwebsockets \
         \
         shadow \
-        grep \
-        util-linux-misc; \
+        grep; \
     useradd --system -u 1000 eturnal; \
     apk del --no-cache \
         shadow; \

Containers/talk/start.sh

@@ -18,22 +18,6 @@ elif [ -z "$INTERNAL_SECRET" ]; then
     exit 1
 fi
 
-# Trust additional CA certificates, if the user provided NEXTCLOUD_TRUSTED_CACERTS_DIR
-# The container is read-only, so we build a custom bundle in /tmp (tmpfs) and
-# point Go's TLS stack to it via SSL_CERT_FILE.
-if mountpoint -q /usr/local/share/ca-certificates; then
-    echo "Trusting additional CA certificates..."
-    set -x
-    cp /etc/ssl/certs/ca-certificates.crt /tmp/ca-certificates.crt
-    for cert in /usr/local/share/ca-certificates/*; do
-        if [ -f "$cert" ]; then
-            cat "$cert" >> /tmp/ca-certificates.crt
-        fi
-    done
-    export SSL_CERT_FILE=/tmp/ca-certificates.crt
-    set +x
-fi
-
 set -x
 IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
 # shellcheck disable=SC2153

Containers/watchtower/Dockerfile

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.1-alpine3.23 AS go
+FROM golang:1.26.0-alpine3.23 AS go
 
-ENV WATCHTOWER_COMMIT_HASH=5a33e3c0aa3b2770c648a114b4a9d32e0a5b55ba	
+ENV WATCHTOWER_COMMIT_HASH=b09b3a5c5e1094b746575a19a7fc0135c8908c9d	
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
         build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.4
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.14.1
 
 FROM alpine:3.23.3
 

Containers/whiteboard/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.7
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.6
 
 USER root
 RUN set -ex; \

community-containers/caddy/readme.md

@@ -1,5 +1,5 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -12,7 +12,7 @@ This container bundles caddy and auto-configures it for you. It also covers [vau
 - If you want to use this with [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin), make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
 - If you want to use this with [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap), make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
 - If you want to use this with [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb), make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
-- If you want to use this with [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for seerr.
+- If you want to use this with [jellyseerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr), make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - If you want to use this with [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter), make sure that you point `metrics.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nextcloud-exporter.
 - If you want to use this with [local AI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai), make sure that you point `ai.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for local AI.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!

community-containers/glances/glances.json

@@ -1,38 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-glances",
-            "display_name": "Glances",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/glances",
-            "image": "nicolargo/glances",
-            "image_tag": "latest-full",
-            "internal_port": "61208",
-            "restart": "unless-stopped",
-            "ports": [
-                {
-                  "ip_binding": "",
-                  "port_number": "61208",
-                  "protocol": "tcp"
-                }
-            ],
-            "volumes": [
-                {
-                    "source": "nextcloud_aio_glances",
-                    "destination": "/etc/glances",
-                    "writeable": true
-                },
-                {
-                    "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
-                    "destination": "/var/run/docker.sock",
-                    "writeable": false
-                }
-            ],
-            "environment": [
-                "GLANCES_OPT=-w"
-            ],
-            "backup_volumes": [
-                "nextcloud_aio_glances"
-            ]
-        }
-    ]
-}

community-containers/glances/readme.md

@@ -1,18 +0,0 @@
-## Glances
-This container starts Glances, a web-based info-board, and auto-configures it for you.
-
-> [!CAUTION]
-> This container mounts the docker-socket from the host-system.
-
-### Notes
-- After adding and starting the container, you can directly visit http://ip.address.of.server:61208/ and access your new Glances instance!
-- It is recommended to start this container only in home networks, because there is no built-in authentication. But you can do a http-auth with your proxy.
-- In order to access your Glances outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md).
-- The data of Glances will be automatically included in AIO's backup solution!
-- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
-
-### Repository
-https://github.com/nicolargo/glances
-
-### Maintainer
-https://github.com/pi-farm

community-containers/jellyseerr/jellyseerr.json

@@ -2,13 +2,13 @@
     "aio_services_v1": [
         {
             "container_name": "nextcloud-aio-jellyseerr",
-            "display_name": "Seerr",
+            "display_name": "Jellyseerr",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr",
-            "image": "ghcr.io/seerr-team/seerr",
+            "image": "fallenbagel/jellyseerr",
             "image_tag": "latest",
             "internal_port": "5055",
             "restart": "unless-stopped",
-            "init": true,
+            "init": false,
             "ports": [
                 {
                     "ip_binding": "%APACHE_IP_BINDING%",

community-containers/jellyseerr/readme.md

@@ -1,17 +1,16 @@
-## Seerr
-This container bundles Seerr and auto-configures it for you.
+## Jellyseerr
+This container bundles Jellyseerr and auto-configures it for you.
 
 ### Notes
-- **Migration from Jellyseerr**: Jellyseer previously ran as the root user. With the migration to Seerr, the container now runs rootless with userid 1000, meaning that if you previously used Jellyseerr, Seerr will not be able to access the config files generated by the old Jellyseerr container. To migrate, execute the following steps: 1. stop all containers using the AIO-interface, 2. run `sudo docker run --rm -v nextcloud_aio_jellyseerr:/data alpine chown -R 1000:1000 /data`
 - This container is only intended to be used inside home networks as it uses http for its management page by default.
-- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Seerr instance, which can be used to manage Plex, Jellyfin, and Emby.
-- In order to access your Seerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Seerr's reverse proxy documentation.](https://docs.seerr.dev/extending-Seerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Seerr. Note that it is recommended to [enable CSRF protection in Seerr](https://docs.seerr.dev/using-Seerr/settings/general#enable-csrf-protection) for added security if you plan to use Seerr outside the local network, but make sure to read up on it and understand the caveats first.
-- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Seerr](https://docs.seerr.dev/using-Seerr/settings/general#enable-proxy-support) is required for this to work properly.
-- The config of Seerr will be automatically included in AIO's backup solution!
+- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
+- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr. Note that it is recommended to [enable CSRF protection in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-csrf-protection) for added security if you plan to use Jellyseerr outside the local network, but make sure to read up on it and understand the caveats first.
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban. Note that [enabling the proxy support option in Jellyseerr](https://docs.jellyseerr.dev/using-jellyseerr/settings/general#enable-proxy-support) is required for this to work properly.
+- The config of Jellyseerr will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
 
 ### Repository
-https://github.com/seerr-team/seerr
+https://github.com/Fallenbagel/jellyseerr
 
 ### Maintainer
 https://github.com/Anvil5465

community-containers/languagetool/readme.md

@@ -1,9 +1,9 @@
-## LanguageTool for Nextcloud Office
-This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
+## LanguageTool for Collabora
+This container bundles a LanguageTool for Collabora which adds spell checking functionality to Collabora.
 
 ### Notes
-- Make sure to have Nextcloud Office enabled via the AIO interface
-- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Nextcloud Office options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
+- Make sure to have collabora enabled via the AIO interface
+- After adding this container via the AIO Interface, while all containers are still stopped, you need to scroll down to the `Additional Collabora options` section and enter `--o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-aio-languagetool:8010/v2`.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

compose.yaml

@@ -11,9 +11,9 @@ services:
     network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
     # networks: ["nextcloud-aio"]
     ports:
-      - "80:80" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      - "8080:8080" # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
-      - "8443:8443" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8080:8080 # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section

manual-install/latest.yml

@@ -45,7 +45,6 @@ services:
       - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
       - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
       - WHITEBOARD_HOST=nextcloud-aio-whiteboard
-      - HARP_HOST=nextcloud-aio-harp
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -203,10 +202,19 @@ services:
     expose:
       - "7867"
     volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
+      - nextcloud_aio_nextcloud:/nextcloud:ro
     environment:
+      - NC_DOMAIN
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
       - TZ=${TIMEZONE}
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_PORT=6379
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PORT=5432
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
     restart: unless-stopped
     read_only: true
     cap_drop:

manual-install/readme.md

@@ -12,7 +12,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) and [HaRP container](https://github.com/nextcloud/HaRP) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
+- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
 - You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 - **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine

manual-install/update-yaml.sh

@@ -27,8 +27,6 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "next
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-docker-socket-proxy"))')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-docker-socket-proxy"]) then del(.[index("nextcloud-aio-docker-socket-proxy")]) else . end else . end')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-harp"))')"
-OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= if contains(["nextcloud-aio-harp"]) then del(.[index("nextcloud-aio-harp")]) else . end else . end')"
 OUTPUT="$(echo "$OUTPUT" | jq '.services[] |= if has("depends_on") then .depends_on |= map({ (.): { "condition": "service_started", "required": false } }) else . end' | jq '.services[] |= if has("depends_on") then .depends_on |= reduce .[] as $item ({}; . + $item) else . end')"
 
 sudo snap install yq
@@ -47,8 +45,6 @@ sed -i 's|- ip_binding: |- |' containers.yml
 sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
-sed -i '/HARP_ENABLED/d' containers.yml
-sed -i '/HP_SHARED_KEY/d' containers.yml
 sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 sed -i '/TURN_DOMAIN/d' containers.yml
 sed -i '/NC_AIO_VERSION/d' containers.yml

multiple-instances.md

@@ -180,7 +180,6 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
     # Virtual machine #1 - "example1-com"
     https://[DOMAIN_NAME_1]:8443 {
         reverse_proxy https://[IP_ADDRESS_1]:8080 {
-            header_up Host {host}
             transport http {
                 tls_insecure_skip_verify
             }
@@ -193,7 +192,6 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
     # Virtual machine #2 - "example2-com"
     https://[DOMAIN_NAME_2]:8443 {
         reverse_proxy https://[IP_ADDRESS_2]:8080 {
-            header_up Host {host}
             transport http {
                 tls_insecure_skip_verify
             }

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 12.8.0
+version: 12.6.1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -47,8 +47,6 @@ spec:
               value: "{{ .Values.APACHE_PORT }}"
             - name: COLLABORA_HOST
               value: nextcloud-aio-collabora
-            - name: HARP_HOST
-              value: nextcloud-aio-harp
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_HOST
@@ -63,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-apache:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -36,9 +36,9 @@ spec:
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
           {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260211_141900
           {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260211_141900
           {{- end }}
           readinessProbe:
             exec:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -190,7 +190,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260211_141900
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -35,11 +35,29 @@ spec:
         {{- end }}
       containers:
         - env:
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_HOST
               value: nextcloud-aio-nextcloud
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_PORT
+              value: "5432"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: REDIS_HOST
+              value: nextcloud-aio-redis
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: REDIS_PORT
+              value: "6379"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260211_141900
           readinessProbe:
             exec:
               command:
@@ -68,7 +86,7 @@ spec:
               drop: ["NET_RAW"]
               {{- end }}
           volumeMounts:
-            - mountPath: /var/www/html
+            - mountPath: /nextcloud
               name: nextcloud-aio-nextcloud
               readOnly: true
       volumes:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260211_141900
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-redis:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-talk:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -50,7 +50,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260306_081319
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260211_141900
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/update-helm.sh

@@ -418,9 +418,8 @@ sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
-sed -i 's/ yes / "yes" /' /tmp/sample.conf
-sed -i 's/ no / "no" /' /tmp/sample.conf
-sed -i 's/"no" authentication/no authentication/' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129

nextcloud-aio-helm-chart/values.yaml

@@ -26,7 +26,7 @@ APACHE_PORT: 443          # Changing this to a different value than 443 will all
 ADDITIONAL_COLLABORA_OPTIONS: ['--o:security.seccomp=true']          # You can add additional collabora options here by using the array syntax.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 FULLTEXTSEARCH_JAVA_OPTIONS: -Xms512M -Xmx512M          # Allows to adjust the fulltextsearch java options.
-INSTALL_LATEST_MAJOR: "no"        # Setting this to "yes" will install the latest Major Nextcloud version upon the first installation
+INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
@@ -34,9 +34,9 @@ NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory lim
 NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
-REMOVE_DISABLED_APPS: "yes"        # Setting this to "no" keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
+REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
-UPDATE_NEXTCLOUD_APPS: "no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage! This storage class must provide RWX and RWO volumes (ReadWriteMany and ReadWriteOnce).
 STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. This storage class must provide RWX volumes (ReadWriteMany). ⚠️ Warning: only set this for new installations, not existing ones!

php/composer.json

@@ -5,7 +5,7 @@
 		}
 	},
 	"require": {
-		"php": "8.5.*",
+		"php": "8.4.*",
 		"ext-json": "*",
 		"ext-sodium": "*",
 		"ext-curl": "*",
@@ -16,8 +16,7 @@
 		"http-interop/http-factory-guzzle": "^1.2",
 		"slim/twig-view": "^3.3",
 		"slim/csrf": "^1.3",
-		"ext-apcu": "*",
-		"slim/psr7": "^1.8"
+		"ext-apcu": "*"
 	},
 	"require-dev": {
 		"sserbin/twig-linter": "@dev",
@@ -34,6 +33,6 @@
 		"psalm:strict": "psalm --threads=1 --show-info=true",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
 		"lint:twig": "twig-linter lint ./templates",
-		"php-deprecation-detector": "phpdd scan -n -t 8.5 src/*.php src/**/*.php public/index.php"
+		"php-deprecation-detector": "phpdd scan -n -t 8.4 src/*.php src/**/*.php public/index.php"
 	}
 }

php/composer.lock

@@ -4,64 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "e49cef2ac29c2198aececcb842fce2fe",
+    "content-hash": "19598625395cc28e64f15d2719f8f98f",
     "packages": [
-        {
-            "name": "fig/http-message-util",
-            "version": "1.1.5",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/php-fig/http-message-util.git",
-                "reference": "9d94dc0154230ac39e5bf89398b324a86f63f765"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-message-util/zipball/9d94dc0154230ac39e5bf89398b324a86f63f765",
-                "reference": "9d94dc0154230ac39e5bf89398b324a86f63f765",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^5.3 || ^7.0 || ^8.0"
-            },
-            "suggest": {
-                "psr/http-message": "The package containing the PSR-7 interfaces"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "1.1.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Fig\\Http\\Message\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "PHP-FIG",
-                    "homepage": "https://www.php-fig.org/"
-                }
-            ],
-            "description": "Utility classes and constants for use with PSR-7 (psr/http-message)",
-            "keywords": [
-                "http",
-                "http-message",
-                "psr",
-                "psr-7",
-                "request",
-                "response"
-            ],
-            "support": {
-                "issues": "https://github.com/php-fig/http-message-util/issues",
-                "source": "https://github.com/php-fig/http-message-util/tree/1.1.5"
-            },
-            "time": "2020-11-24T22:02:12+00:00"
-        },
         {
             "name": "guzzlehttp/guzzle",
             "version": "7.10.0",
@@ -273,16 +217,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.9.0",
+            "version": "2.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884"
+                "reference": "21dc724a0583619cd1652f673303492272778051"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/7d0ed42f28e42d61352a7a79de682e5e67fec884",
-                "reference": "7d0ed42f28e42d61352a7a79de682e5e67fec884",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/21dc724a0583619cd1652f673303492272778051",
+                "reference": "21dc724a0583619cd1652f673303492272778051",
                 "shasum": ""
             },
             "require": {
@@ -298,7 +242,6 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "0.9.0",
-                "jshttp/mime-db": "1.54.0.1",
                 "phpunit/phpunit": "^8.5.44 || ^9.6.25"
             },
             "suggest": {
@@ -370,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.9.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.8.0"
             },
             "funding": [
                 {
@@ -386,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-10T16:41:02+00:00"
+            "time": "2025-08-23T21:21:41+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -448,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v2.0.10",
+            "version": "v2.0.9",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669"
+                "reference": "8f631589ab07b7b52fead814965f5a800459cb3e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/870fc81d2f879903dfc5b60bf8a0f94a1609e669",
-                "reference": "870fc81d2f879903dfc5b60bf8a0f94a1609e669",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/8f631589ab07b7b52fead814965f5a800459cb3e",
+                "reference": "8f631589ab07b7b52fead814965f5a800459cb3e",
                 "shasum": ""
             },
             "require": {
@@ -505,7 +448,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2026-02-20T19:59:49+00:00"
+            "time": "2026-02-03T06:55:34+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -1203,85 +1146,6 @@
             },
             "time": "2025-11-02T14:58:28+00:00"
         },
-        {
-            "name": "slim/psr7",
-            "version": "1.8.0",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/slimphp/Slim-Psr7.git",
-                "reference": "76e7e3b1cdfd583e9035c4c966c08e01e45ce959"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Psr7/zipball/76e7e3b1cdfd583e9035c4c966c08e01e45ce959",
-                "reference": "76e7e3b1cdfd583e9035c4c966c08e01e45ce959",
-                "shasum": ""
-            },
-            "require": {
-                "fig/http-message-util": "^1.1.5",
-                "php": "^8.0",
-                "psr/http-factory": "^1.1",
-                "psr/http-message": "^1.0 || ^2.0",
-                "ralouphie/getallheaders": "^3.0"
-            },
-            "provide": {
-                "psr/http-factory-implementation": "^1.0",
-                "psr/http-message-implementation": "^1.0 || ^2.0"
-            },
-            "require-dev": {
-                "adriansuter/php-autoload-override": "^1.5|| ^2.0",
-                "ext-json": "*",
-                "http-interop/http-factory-tests": "^1.0 || ^2.0",
-                "php-http/psr7-integration-tests": "^1.5",
-                "phpstan/phpstan": "^2.1",
-                "phpunit/phpunit": "^9.6 || ^10",
-                "squizlabs/php_codesniffer": "^3.13"
-            },
-            "type": "library",
-            "autoload": {
-                "psr-4": {
-                    "Slim\\Psr7\\": "src"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Josh Lockhart",
-                    "email": "hello@joshlockhart.com",
-                    "homepage": "https://joshlockhart.com"
-                },
-                {
-                    "name": "Andrew Smith",
-                    "email": "a.smith@silentworks.co.uk",
-                    "homepage": "https://silentworks.co.uk"
-                },
-                {
-                    "name": "Rob Allen",
-                    "email": "rob@akrabat.com",
-                    "homepage": "https://akrabat.com"
-                },
-                {
-                    "name": "Pierre Berube",
-                    "email": "pierre@lgse.com",
-                    "homepage": "https://www.lgse.com"
-                }
-            ],
-            "description": "Strict PSR-7 implementation",
-            "homepage": "https://www.slimframework.com",
-            "keywords": [
-                "http",
-                "psr-7",
-                "psr7"
-            ],
-            "support": {
-                "issues": "https://github.com/slimphp/Slim-Psr7/issues",
-                "source": "https://github.com/slimphp/Slim-Psr7/tree/1.8.0"
-            },
-            "time": "2025-11-02T17:51:19+00:00"
-        },
         {
             "name": "slim/slim",
             "version": "4.15.1",
@@ -1780,16 +1644,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.24.0",
+            "version": "v3.23.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0"
+                "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6769aefb305efef849dc25c9fd1653358c148f0",
-                "reference": "a6769aefb305efef849dc25c9fd1653358c148f0",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9",
+                "reference": "a64dc5d2cc7d6cafb9347f6cd802d0d06d0351c9",
                 "shasum": ""
             },
             "require": {
@@ -1799,8 +1663,7 @@
                 "symfony/polyfill-mbstring": "^1.3"
             },
             "require-dev": {
-                "php-cs-fixer/shim": "^3.0@stable",
-                "phpstan/phpstan": "^2.0@stable",
+                "phpstan/phpstan": "^2.0",
                 "psr/container": "^1.0|^2.0",
                 "symfony/phpunit-bridge": "^5.4.9|^6.4|^7.0"
             },
@@ -1844,7 +1707,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.24.0"
+                "source": "https://github.com/twigphp/Twig/tree/v3.23.0"
             },
             "funding": [
                 {
@@ -1856,7 +1719,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-17T21:31:11+00:00"
+            "time": "2026-01-23T21:00:41+00:00"
         }
     ],
     "packages-dev": [
@@ -3248,20 +3111,20 @@
         },
         {
             "name": "league/uri",
-            "version": "7.8.1",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri.git",
-                "reference": "08cf38e3924d4f56238125547b5720496fac8fd4"
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri/zipball/08cf38e3924d4f56238125547b5720496fac8fd4",
-                "reference": "08cf38e3924d4f56238125547b5720496fac8fd4",
+                "url": "https://api.github.com/repos/thephpleague/uri/zipball/4436c6ec8d458e4244448b069cc572d088230b76",
+                "reference": "4436c6ec8d458e4244448b069cc572d088230b76",
                 "shasum": ""
             },
             "require": {
-                "league/uri-interfaces": "^7.8.1",
+                "league/uri-interfaces": "^7.8",
                 "php": "^8.1",
                 "psr/http-factory": "^1"
             },
@@ -3334,7 +3197,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri/tree/7.8.1"
+                "source": "https://github.com/thephpleague/uri/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3342,20 +3205,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2026-03-15T20:22:25+00:00"
+            "time": "2026-01-14T17:24:56+00:00"
         },
         {
             "name": "league/uri-interfaces",
-            "version": "7.8.1",
+            "version": "7.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thephpleague/uri-interfaces.git",
-                "reference": "85d5c77c5d6d3af6c54db4a78246364908f3c928"
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/85d5c77c5d6d3af6c54db4a78246364908f3c928",
-                "reference": "85d5c77c5d6d3af6c54db4a78246364908f3c928",
+                "url": "https://api.github.com/repos/thephpleague/uri-interfaces/zipball/c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
+                "reference": "c5c5cd056110fc8afaba29fa6b72a43ced42acd4",
                 "shasum": ""
             },
             "require": {
@@ -3418,7 +3281,7 @@
                 "docs": "https://uri.thephpleague.com",
                 "forum": "https://thephpleague.slack.com",
                 "issues": "https://github.com/thephpleague/uri-src/issues",
-                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.1"
+                "source": "https://github.com/thephpleague/uri-interfaces/tree/7.8.0"
             },
             "funding": [
                 {
@@ -3426,20 +3289,20 @@
                     "type": "github"
                 }
             ],
-            "time": "2026-03-08T20:05:35+00:00"
+            "time": "2026-01-15T06:54:53+00:00"
         },
         {
             "name": "netresearch/jsonmapper",
-            "version": "v5.0.1",
+            "version": "v5.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/cweiske/jsonmapper.git",
-                "reference": "980674efdda65913492d29a8fd51c82270dd37bb"
+                "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/980674efdda65913492d29a8fd51c82270dd37bb",
-                "reference": "980674efdda65913492d29a8fd51c82270dd37bb",
+                "url": "https://api.github.com/repos/cweiske/jsonmapper/zipball/8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c",
+                "reference": "8c64d8d444a5d764c641ebe97e0e3bc72b25bf6c",
                 "shasum": ""
             },
             "require": {
@@ -3475,9 +3338,9 @@
             "support": {
                 "email": "cweiske@cweiske.de",
                 "issues": "https://github.com/cweiske/jsonmapper/issues",
-                "source": "https://github.com/cweiske/jsonmapper/tree/v5.0.1"
+                "source": "https://github.com/cweiske/jsonmapper/tree/v5.0.0"
             },
-            "time": "2026-02-22T16:28:03+00:00"
+            "time": "2024-09-08T10:20:00+00:00"
         },
         {
             "name": "nikic/php-parser",
@@ -3592,16 +3455,16 @@
         },
         {
             "name": "phpdocumentor/reflection-docblock",
-            "version": "6.0.3",
+            "version": "6.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpDocumentor/ReflectionDocBlock.git",
-                "reference": "7bae67520aa9f5ecc506d646810bd40d9da54582"
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/7bae67520aa9f5ecc506d646810bd40d9da54582",
-                "reference": "7bae67520aa9f5ecc506d646810bd40d9da54582",
+                "url": "https://api.github.com/repos/phpDocumentor/ReflectionDocBlock/zipball/2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
+                "reference": "2f5cbed597cb261d1ea458f3da3a9ad32e670b1e",
                 "shasum": ""
             },
             "require": {
@@ -3651,9 +3514,9 @@
             "description": "With this component, a library can provide support for annotations via DocBlocks or otherwise retrieve information that is embedded in a DocBlock.",
             "support": {
                 "issues": "https://github.com/phpDocumentor/ReflectionDocBlock/issues",
-                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.3"
+                "source": "https://github.com/phpDocumentor/ReflectionDocBlock/tree/6.0.1"
             },
-            "time": "2026-03-18T20:49:53+00:00"
+            "time": "2026-01-20T15:30:42+00:00"
         },
         {
             "name": "phpdocumentor/type-resolver",
@@ -4039,16 +3902,16 @@
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.35",
+            "version": "v6.4.32",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "49257c96304c508223815ee965c251e7c79e614e"
+                "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
-                "reference": "49257c96304c508223815ee965c251e7c79e614e",
+                "url": "https://api.github.com/repos/symfony/console/zipball/0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3",
+                "reference": "0bc2199c6c1f05276b05956f1ddc63f6d7eb5fc3",
                 "shasum": ""
             },
             "require": {
@@ -4113,7 +3976,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.35"
+                "source": "https://github.com/symfony/console/tree/v6.4.32"
             },
             "funding": [
                 {
@@ -4133,20 +3996,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-03-06T13:31:08+00:00"
+            "time": "2026-01-13T08:45:59+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v8.0.6",
+            "version": "v8.0.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
-                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
-                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/d937d400b980523dc9ee946bb69972b5e619058d",
+                "reference": "d937d400b980523dc9ee946bb69972b5e619058d",
                 "shasum": ""
             },
             "require": {
@@ -4183,7 +4046,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.6"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.1"
             },
             "funding": [
                 {
@@ -4203,20 +4066,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-02-25T16:59:43+00:00"
+            "time": "2025-12-01T09:13:36+00:00"
         },
         {
             "name": "symfony/finder",
-            "version": "v6.4.34",
+            "version": "v6.4.33",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/finder.git",
-                "reference": "9590e86be1d1c57bfbb16d0dd040345378c20896"
+                "reference": "24965ca011dac87431729640feef8bcf7b5523e0"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/finder/zipball/9590e86be1d1c57bfbb16d0dd040345378c20896",
-                "reference": "9590e86be1d1c57bfbb16d0dd040345378c20896",
+                "url": "https://api.github.com/repos/symfony/finder/zipball/24965ca011dac87431729640feef8bcf7b5523e0",
+                "reference": "24965ca011dac87431729640feef8bcf7b5523e0",
                 "shasum": ""
             },
             "require": {
@@ -4251,7 +4114,7 @@
             "description": "Finds files and directories via an intuitive fluent interface",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/finder/tree/v6.4.34"
+                "source": "https://github.com/symfony/finder/tree/v6.4.33"
             },
             "funding": [
                 {
@@ -4271,7 +4134,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-01-28T15:16:37+00:00"
+            "time": "2026-01-26T13:03:48+00:00"
         },
         {
             "name": "symfony/polyfill-intl-grapheme",
@@ -4609,16 +4472,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.4.6",
+            "version": "v7.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
+                "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
-                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
+                "url": "https://api.github.com/repos/symfony/string/zipball/1c4b10461bf2ec27537b5f36105337262f5f5d6f",
+                "reference": "1c4b10461bf2ec27537b5f36105337262f5f5d6f",
                 "shasum": ""
             },
             "require": {
@@ -4676,7 +4539,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.6"
+                "source": "https://github.com/symfony/string/tree/v7.4.4"
             },
             "funding": [
                 {
@@ -4696,20 +4559,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2026-02-09T09:33:46+00:00"
+            "time": "2026-01-12T10:54:30+00:00"
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.16.1",
+            "version": "6.15.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "f1f5de594dc76faf8784e02d3dc4716c91c6f6ac"
+                "reference": "28dc127af1b5aecd52314f6f645bafc10d0e11f9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/f1f5de594dc76faf8784e02d3dc4716c91c6f6ac",
-                "reference": "f1f5de594dc76faf8784e02d3dc4716c91c6f6ac",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/28dc127af1b5aecd52314f6f645bafc10d0e11f9",
+                "reference": "28dc127af1b5aecd52314f6f645bafc10d0e11f9",
                 "shasum": ""
             },
             "require": {
@@ -4814,7 +4677,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2026-03-19T10:56:09+00:00"
+            "time": "2026-02-07T19:27:16+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",
@@ -4885,16 +4748,16 @@
         },
         {
             "name": "webmozart/assert",
-            "version": "2.1.6",
+            "version": "2.1.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/webmozarts/assert.git",
-                "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8"
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/webmozarts/assert/zipball/ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
-                "reference": "ff31ad6efc62e66e518fbab1cde3453d389bcdc8",
+                "url": "https://api.github.com/repos/webmozarts/assert/zipball/ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
+                "reference": "ce6a2f100c404b2d32a1dd1270f9b59ad4f57649",
                 "shasum": ""
             },
             "require": {
@@ -4941,9 +4804,9 @@
             ],
             "support": {
                 "issues": "https://github.com/webmozarts/assert/issues",
-                "source": "https://github.com/webmozarts/assert/tree/2.1.6"
+                "source": "https://github.com/webmozarts/assert/tree/2.1.2"
             },
-            "time": "2026-02-27T10:28:38+00:00"
+            "time": "2026-01-13T14:02:24+00:00"
         }
     ],
     "aliases": [],
@@ -4955,7 +4818,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "8.5.*",
+        "php": "8.4.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

php/containers-schema.json

@@ -47,10 +47,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[()A-Za-z &0-9-]+$"
-					},
-					"hide_from_list": {
-						"type": "boolean"
+						"pattern": "^[()A-Za-z 0-9-]+$"
 					},
 					"environment": {
 						"type": "array",
@@ -232,4 +229,4 @@
 			}
 		}
 	}
-}
+}

php/containers.json

@@ -10,10 +10,9 @@
         "nextcloud-aio-talk",
         "nextcloud-aio-notify-push",
         "nextcloud-aio-whiteboard",
-        "nextcloud-aio-harp",
         "nextcloud-aio-nextcloud"
       ],
-      "display_name": "Apache & Caddy",
+      "display_name": "Apache",
       "image": "ghcr.io/nextcloud-releases/aio-apache",
       "user": "33",
       "init": true,
@@ -50,8 +49,7 @@
         "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
         "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
         "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push",
-        "WHITEBOARD_HOST=nextcloud-aio-whiteboard",
-        "HARP_HOST=nextcloud-aio-harp"
+        "WHITEBOARD_HOST=nextcloud-aio-whiteboard"
       ],
       "volumes": [
         {
@@ -85,7 +83,7 @@
     {
       "container_name": "nextcloud-aio-database",
       "image_tag": "%AIO_CHANNEL%",
-      "display_name": "PostgreSQL",
+      "display_name": "Database",
       "image": "ghcr.io/nextcloud-releases/aio-postgresql",
       "user": "999",
       "init": true,
@@ -174,8 +172,7 @@
         "SIGNALING_SECRET",
         "FULLTEXTSEARCH_PASSWORD",
         "IMAGINARY_SECRET",
-        "WHITEBOARD_SECRET",
-        "HP_SHARED_KEY"
+        "WHITEBOARD_SECRET"
       ],
       "volumes": [
         {
@@ -261,9 +258,7 @@
         "THIS_IS_AIO=true",
         "IMAGINARY_SECRET=%IMAGINARY_SECRET%",
         "WHITEBOARD_SECRET=%WHITEBOARD_SECRET%",
-        "WHITEBOARD_ENABLED=%WHITEBOARD_ENABLED%",
-        "HARP_ENABLED=%HARP_ENABLED%",
-        "HP_SHARED_KEY=%HP_SHARED_KEY%"
+        "WHITEBOARD_ENABLED=%WHITEBOARD_ENABLED%"
       ],
       "stop_grace_period": 600,
       "restart": "unless-stopped",
@@ -281,7 +276,7 @@
     {
       "container_name": "nextcloud-aio-notify-push",
       "image_tag": "%AIO_CHANNEL%",
-      "display_name": "Client Push",
+      "display_name": "Notify Push",
       "image": "ghcr.io/nextcloud-releases/aio-notify-push",
       "user": "33",
       "init": true,
@@ -304,13 +299,22 @@
       "volumes": [
         {
           "source": "nextcloud_aio_nextcloud",
-          "destination": "/var/www/html",
+          "destination": "/nextcloud",
           "writeable": false
         }
       ],
       "environment": [
+        "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "REDIS_HOST=nextcloud-aio-redis",
+        "REDIS_PORT=6379",
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "POSTGRES_HOST=nextcloud-aio-database",
+        "POSTGRES_PORT=5432",
+        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
+        "POSTGRES_DB=nextcloud_database",
+        "POSTGRES_USER=nextcloud"
       ],
       "restart": "unless-stopped",
       "read_only": true,
@@ -363,7 +367,7 @@
       "container_name": "nextcloud-aio-collabora",
       "image_tag": "%AIO_CHANNEL%",
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
-      "display_name": "Nextcloud Office",
+      "display_name": "Collabora",
       "image": "ghcr.io/nextcloud-releases/aio-collabora",
       "init": true,
       "healthcheck": {
@@ -380,7 +384,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false --o:fetch_update_check=0 --o:allow_update_popup=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.disable_server_audit=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
@@ -395,6 +399,7 @@
         "collabora"
       ],
       "cap_add": [
+        "MKNOD",
         "SYS_ADMIN",
         "SYS_CHROOT",
         "FOWNER",
@@ -408,7 +413,7 @@
       "container_name": "nextcloud-aio-talk",
       "image_tag": "%AIO_CHANNEL%",
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
-      "display_name": "Nextcloud Talk",
+      "display_name": "Talk",
       "image": "ghcr.io/nextcloud-releases/aio-talk",
       "user": "1000",
       "init": true,
@@ -436,13 +441,6 @@
         "8081"
       ],
       "internal_port": "%TALK_PORT%",
-      "volumes": [
-        {
-          "source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-          "destination": "/usr/local/share/ca-certificates",
-          "writeable": false
-        }
-      ],
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "TALK_HOST=nextcloud-aio-talk",
@@ -477,7 +475,7 @@
     {
       "container_name": "nextcloud-aio-talk-recording",
       "image_tag": "%AIO_CHANNEL%",
-      "display_name": "Nextcloud Talk Recording",
+      "display_name": "Talk Recording",
       "image": "ghcr.io/nextcloud-releases/aio-talk-recording",
       "user": "122",
       "init": true,
@@ -529,8 +527,6 @@
     },
     {
       "container_name": "nextcloud-aio-borgbackup",
-      "display_name": "Borgbackup",
-      "hide_from_list": true,
       "image_tag": "%AIO_CHANNEL%",
       "image": "ghcr.io/nextcloud-releases/aio-borgbackup",
       "init": true,
@@ -599,8 +595,6 @@
     },
     {
       "container_name": "nextcloud-aio-watchtower",
-      "display_name": "Watchtower",
-      "hide_from_list": true,
       "image_tag": "%AIO_CHANNEL%",
       "image": "ghcr.io/nextcloud-releases/aio-watchtower",
       "init": true,
@@ -621,8 +615,6 @@
     },
     {
       "container_name": "nextcloud-aio-domaincheck",
-      "display_name": "Domaincheck",
-      "hide_from_list": true,
       "image_tag": "%AIO_CHANNEL%",
       "image": "ghcr.io/nextcloud-releases/aio-domaincheck",
       "init": true,
@@ -832,7 +824,7 @@
     {
       "container_name": "nextcloud-aio-docker-socket-proxy",
       "image_tag": "%AIO_CHANNEL%",
-      "display_name": "Docker Socket Proxy (deprecated)",
+      "display_name": "Docker Socket Proxy",
       "image": "ghcr.io/nextcloud-releases/aio-docker-socket-proxy",
       "init": true,
       "internal_port": "2375",
@@ -855,52 +847,10 @@
         "NET_RAW"
       ]
     },
-    {
-      "container_name": "nextcloud-aio-harp",
-      "image_tag": "release",
-      "display_name": "HaRP",
-      "image": "ghcr.io/nextcloud/nextcloud-appapi-harp",
-      "init": true,
-      "internal_port": "8780",
-      "expose": [
-        "8780"
-      ],
-      "environment": [
-        "HP_SHARED_KEY=%HP_SHARED_KEY%",
-        "NC_INSTANCE_URL=https://%NC_DOMAIN%",
-        "HP_LOG_LEVEL=warning",
-        "HP_FRP_DISABLE_TLS=true",
-        "TZ=%TIMEZONE%"
-      ],
-      "secrets": [
-        "HP_SHARED_KEY"
-      ],
-      "volumes": [
-        {
-          "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
-          "destination": "/var/run/docker.sock",
-          "writeable": false
-        },
-        {
-          "source": "nextcloud_aio_harp",
-          "destination": "/certs",
-          "writeable": true
-        }
-      ],
-      "restart": "unless-stopped",
-      "read_only": true,
-      "tmpfs": [
-        "/tmp",
-        "/run/harp"
-      ],
-      "cap_drop": [
-        "NET_RAW"
-      ]
-    },
     {
       "container_name": "nextcloud-aio-whiteboard",
       "image_tag": "%AIO_CHANNEL%",
-      "display_name": "Nextcloud Whiteboard",
+      "display_name": "Whiteboard",
       "image": "ghcr.io/nextcloud-releases/aio-whiteboard",
       "user": "65534",
       "init": true,

php/domain-validator.php

@@ -7,15 +7,15 @@ if (isset($_GET['domain']) && is_string($_GET['domain'])) {
 }
 
 if (!str_contains($domain, '.')) { 
-    http_response_code(400);
+    http_response_code(400); 
 } elseif (str_contains($domain, '/')) { 
-    http_response_code(400);
+    http_response_code(400);  
 } elseif (str_contains($domain, ':')) { 
-    http_response_code(400);
+    http_response_code(400);  
 } elseif (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
-    http_response_code(400);
+    http_response_code(400); 
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
-    http_response_code(400);
+    http_response_code(400); 
 } else {
     // Commented because logging is disabled as otherwise all attempts will be logged which spams the logs
     // error_log($domain . ' was accepted as valid domain.');

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.16.1@f1f5de594dc76faf8784e02d3dc4716c91c6f6ac"/>
+<files psalm-version="6.15.1@28dc127af1b5aecd52314f6f645bafc10d0e11f9"/>

php/public/containers-form-submit.js

@@ -1,9 +1,4 @@
 document.addEventListener("DOMContentLoaded", function () {
-    // Don't run if the expected form isn't present.
-    if (document.getElementById('options-form') === null) {
-        return;
-    }
-
     // Hide submit button initially
     const optionsFormSubmit = document.querySelectorAll(".options-form-submit");
     optionsFormSubmit.forEach(element => {
@@ -121,26 +116,13 @@ document.addEventListener("DOMContentLoaded", function () {
 
     function handleDockerSocketProxyWarning() {
         if (document.getElementById("docker-socket-proxy").checked) {
-            // TODO: remove the line below and uncomment the lines further down once https://github.com/nextcloud/app_api/pull/800 is included
             alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
-            // alert('⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!');
-            // document.getElementById("docker-socket-proxy").checked = false
-        }
-    }
-
-    function handleHarpWarning() {
-        if (document.getElementById("harp").checked) {
-            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the HaRP container. Enable this only if you are sure what you are doing!');
-            document.getElementById("docker-socket-proxy").checked = false
         }
     }
 
     // Initialize event listeners for specific behaviors
     document.getElementById("talk").addEventListener('change', handleTalkVisibility);
     document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
-    if (document.getElementById("harp")) {
-        document.getElementById("harp").addEventListener('change', handleHarpWarning);
-    }
 
     // Initialize talk-recording visibility on page load
     handleTalkVisibility();  // Ensure talk-recording is correctly initialized

php/public/disable-harp.js

@@ -1,7 +0,0 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    // HaRP
-    let harp = document.getElementById("harp");
-    if (harp) {
-        harp.disabled = true;
-    }
-});

php/public/forms.js

@@ -70,24 +70,15 @@ function showPassword(id) {
     }
 
     form.onsubmit = submit;
+    console.info(form);
   }
 
   function initForms() {
     const forms = document.querySelectorAll('form.xhr')
+    console.info("Making " + forms.length + " form(s) use XHR.");
     for (const form of forms) {
       initForm(form);
     }
-    const overlayLogForms = document.querySelectorAll('form[target="overlay-log"]')
-    for (const form of overlayLogForms) {
-        form.onsubmit = function() {
-            enableSpinner();
-            document.getElementById('overlay-log')?.classList.add('visible');
-            // Reload the page after the response was fully loaded into the iframe.
-            document.querySelector('iframe[name="overlay-log"]').addEventListener('load', () => {
-                location.reload();
-            });
-        };
-    }
   }
 
   if (document.readyState === 'loading') {

php/public/index.php

@@ -1,150 +1,202 @@
 <?php
 declare(strict_types=1);
 
-// increase memory limit to 2GB
-ini_set('memory_limit', '2048M');
+/**
+ * Entry point/Bootstrapper for the Nextcloud All-in-One Web UI & API.
+ * Initializes DI container, configures PHP, registers routes & middleware.
+ */
 
-// set max execution time to 2h just in case of a very slow internet connection
-ini_set('max_execution_time', '7200');
-
-// Log whole log messages
-ini_set('log_errors_max_len', '0');
+require __DIR__ . '/../vendor/autoload.php';
 
 use DI\Container;
-use DI\NotFoundException;
 use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
+use Slim\Routing\RouteCollectorProxy;
 use Slim\Views\Twig;
 use Slim\Views\TwigMiddleware;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
-require __DIR__ . '/../vendor/autoload.php';
+//-------------------------------------------------
+// Configuration Constants
+//-------------------------------------------------
+const AIO_MEMORY_LIMIT         = '2048M';
+const AIO_MAX_EXECUTION_TIME   = '7200';    // (2h) Supports slow networks and long operations
+const AIO_COOKIE_LIFETIME      = '0';       // Session cookie expires with browser close
+const AIO_SESSION_MAX_LIFETIME = '86400';   // (24h) Maximum admin session length
+const AIO_LOG_ERRORS_MAX_LEN   = '0';       // Log full-length errors for troubleshooting
+const AIO_TWIG_CACHE_PATH      = false;     // e.g., __DIR__ . '/../var/twig-cache'
+const AIO_DISPLAY_ERRORS       = false;	    // Do not directly expose errors to site visitors
 
+//-------------------------------------------------
+// PHP Settings
+//-------------------------------------------------
+ini_set('memory_limit',            AIO_MEMORY_LIMIT);
+ini_set('max_execution_time',      AIO_MAX_EXECUTION_TIME); // Prevent timeouts on slow networks
+ini_set('session.cookie_lifetime', AIO_COOKIE_LIFETIME); // Auto-logout on browser close
+ini_set('session.gc_maxlifetime',  AIO_SESSION_MAX_LIFETIME); // 24h session duration
+ini_set('log_errors_max_len',      AIO_LOG_ERRORS_MAX_LEN); // Full error logs
+
+//-------------------------------------------------
+// Dependency Injection
+//-------------------------------------------------
 $container = \AIO\DependencyInjection::GetContainer();
+AppFactory::setContainer($container);
+
+// Session directory depends on application config
 $dataConst = $container->get(\AIO\Data\DataConst::class);
 ini_set('session.save_path', $dataConst->GetSessionDirectory());
 
-// Auto logout on browser close
-ini_set('session.cookie_lifetime', '0');
-
-# Keep session for 24h max
-ini_set('session.gc_maxlifetime', '86400');
-
-// Create app
-AppFactory::setContainer($container);
+//-------------------------------------------------
+// Application Creation and Core Middleware
+//-------------------------------------------------
 $app = AppFactory::create();
 $responseFactory = $app->getResponseFactory();
 
-// Register Middleware On Container
-$container->set(Guard::class, function () use ($responseFactory) {
+// Register CSRF middleware (container-only)
+$container->set(Guard::class, function () use ($responseFactory): Guard {
     $guard = new Guard($responseFactory);
     $guard->setPersistentTokenMode(true);
     return $guard;
 });
 
-// Register Middleware To Be Executed On All Routes
 session_start();
+
+// Activate CSRF middleware for all routes
 $app->add(Guard::class);
 
-// Create Twig
-$twig = Twig::create(__DIR__ . '/../templates/', ['cache' => false]);
+// Setup and activate Twig middleware
+$twig = Twig::create(__DIR__ . '/../templates/',
+    [ 'cache' => AIO_TWIG_CACHE_PATH ]
+);
 $app->add(TwigMiddleware::create($app, $twig));
+
+// Add CSRF extension to Twig so templates can access CSRF tokens
 $twig->addExtension(new \AIO\Twig\CsrfExtension($container->get(Guard::class)));
 
-// Auth Middleware
+// Establish and activate authentication middleware for all routes
 $app->add(new \AIO\Middleware\AuthMiddleware($container->get(\AIO\Auth\AuthManager::class)));
 
-// API
-$app->post('/api/docker/watchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
-$app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
-$app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
-$app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
-$app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
-$app->post('/api/docker/backup-list', AIO\Controller\DockerController::class . ':StartBackupContainerList');
-$app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
-$app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
-$app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
-$app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
-$app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
-$app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
-$app->get('/api/auth/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');
-$app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout');
-$app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');
+//-------------------------------------------------
+// API Routes
+//-------------------------------------------------
+$app->group('/api/docker', function (RouteCollectorProxy $group): void {
+    // Docker Container management
+    $group->post('/watchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
+    $group->get('/getwatchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
+    $group->post('/start', AIO\Controller\DockerController::class . ':StartContainer');
+    $group->post('/stop', AIO\Controller\DockerController::class . ':StopContainer');
+    $group->get('/logs', AIO\Controller\DockerController::class . ':GetLogs');
+    // Backups
+    $group->post('/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
+    $group->post('/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+    $group->post('/backup-list', AIO\Controller\DockerController::class . ':StartBackupContainerList');
+    $group->post('/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
+    $group->post('/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
+    $group->post('/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
+});
 
-// Views
-$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
+// Auth-related
+$app->group('/api/auth', function (RouteCollectorProxy $group): void {
+    $group->post('/login', AIO\Controller\LoginController::class . ':TryLogin');
+    $group->get('/getlogin', AIO\Controller\LoginController::class . ':GetTryLogin');
+    $group->post('/logout', AIO\Controller\LoginController::class . ':Logout');
+});
+
+// Configuration endpoints
+$app->post('/api/configuration', AIO\Controller\ConfigurationController::class . ':SetConfig');
+
+//-------------------------------------------------
+// Views Routes
+//-------------------------------------------------
+
+// Containers
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container): Response {
     $view = Twig::fromRequest($request);
     $view->addExtension(new \AIO\Twig\ClassExtension());
+
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
     $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
     /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+    // Ensure master container is attached to the required Docker network
     $dockerActionManager->ConnectMasterContainerToNetwork();
+    // Ensure the domaincheck container is started for domain configuration validation
     $dockerController->StartDomaincheckContainer();
 
-    // Check if bypass_mastercontainer_update is provided on the URL, a special developer mode to bypass a mastercontainer update and use local image.
+    // URL parameters    
     $params = $request->getQueryParams();
-    $bypass_mastercontainer_update = isset($params['bypass_mastercontainer_update']);
-    $bypass_container_update = isset($params['bypass_container_update']);
-    $skip_domain_validation = isset($params['skip_domain_validation']);
+    $bypassMastercontainerUpdate = isset($params['bypass_mastercontainer_update']);
+    $bypassContainerUpdate = isset($params['bypass_container_update']);
+    $skipDomainValidation = isset($params['skip_domain_validation']);
 
     return $view->render($response, 'containers.twig', [
+        // ---- Basic Settings ----
         'domain' => $configurationManager->domain,
+        'timezone' => $configurationManager->timezone,
+        'current_channel' => $dockerActionManager->GetCurrentChannel(),
         'apache_port' => $configurationManager->apachePort,
+        'talk_port' => $configurationManager->talkPort,
+        // ---- Container Management ----
+        'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
+        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
+        'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
+        'is_mastercontainer_update_available' => ( $bypassMastercontainerUpdate ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ),
+        'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
+        // ---- Nextcloud Settings ----
+        'nextcloud_password' => $configurationManager->getAndGenerateSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount,
+        'nextcloud_mount' => $configurationManager->nextcloudMount,
+        // ---- PHP Configuration ----
+        'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
+        'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
+        'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit,
+        // ---- Optional Component Toggles ----
+        'is_clamav_enabled' => $configurationManager->isClamavEnabled,
+        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
+        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
+        'is_talk_enabled' => $configurationManager->isTalkEnabled,
+        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
+        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
+        'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice,
+        'is_nvidia_gpu_enabled' => $configurationManager->enableNvidiaGpu,
+        'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
+        'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
+        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
+        'is_backup_section_enabled' => !$configurationManager->disableBackupSection,
+        // ---- Collabora Component ----
+        'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
+        'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions,
+        // ---- Backup Component ----
         'borg_backup_host_location' => $configurationManager->borgBackupHostLocation,
         'borg_remote_repo' => $configurationManager->borgRemoteRepo,
         'borg_public_key' => $configurationManager->getBorgPublicKey(),
-        'nextcloud_password' => $configurationManager->getAndGenerateSecret('NEXTCLOUD_PASSWORD'),
-        'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
         'borgbackup_password' => $configurationManager->getAndGenerateSecret('BORGBACKUP_PASSWORD'),
-        'is_mastercontainer_update_available' => ( $bypass_mastercontainer_update ? false : $dockerActionManager->IsMastercontainerUpdateAvailable() ),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
         'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
         'is_instance_restore_attempt' => $configurationManager->instanceRestoreAttempt,
         'borg_backup_mode' => $configurationManager->backupMode,
-        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
-        'has_update_available' => $dockerActionManager->isAnyUpdateAvailable(),
         'last_backup_time' => $configurationManager->getLastBackupTime(),
         'backup_times' => $configurationManager->getBackupTimes(),
-        'current_channel' => $dockerActionManager->GetCurrentChannel(),
-        'is_clamav_enabled' => $configurationManager->isClamavEnabled,
-        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
-        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
-        'is_talk_enabled' => $configurationManager->isTalkEnabled,
         'borg_restore_password' => $configurationManager->borgRestorePassword,
         'daily_backup_time' => $configurationManager->getDailyBackupTime(),
         'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
-        'timezone' => $configurationManager->timezone,
-        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skip_domain_validation),
-        'talk_port' => $configurationManager->talkPort,
-        'collabora_dictionaries' => $configurationManager->collaboraDictionaries,
-        'collabora_additional_options' => $configurationManager->collaboraAdditionalOptions,
-        'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
-        'is_backup_section_enabled' => !$configurationManager->disableBackupSection,
-        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled,
-        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled,
         'additional_backup_directories' => $configurationManager->getAdditionalBackupDirectoriesString(),
-        'nextcloud_datadir' => $configurationManager->nextcloudDatadirMount,
-        'nextcloud_mount' => $configurationManager->nextcloudMount,
-        'nextcloud_upload_limit' => $configurationManager->nextcloudUploadLimit,
-        'nextcloud_max_time' => $configurationManager->nextcloudMaxTime,
-        'nextcloud_memory_limit' => $configurationManager->nextcloudMemoryLimit,
-        'is_dri_device_enabled' => $configurationManager->nextcloudEnableDriDevice,
-        'is_nvidia_gpu_enabled' => $configurationManager->enableNvidiaGpu,
-        'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled,
-        'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled,
-        'is_harp_enabled' => $configurationManager->isHarpEnabled,
-        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled,
+        // ---- Community Containers ----
         'community_containers' => $configurationManager->listAvailableCommunityContainers(),
         'community_containers_enabled' => $configurationManager->aioCommunityContainers,
-        'bypass_container_update' => $bypass_container_update,
+        // ---- Admin Overrides ----
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped($skipDomainValidation),
+        'bypass_container_update' => $bypassContainerUpdate,
     ]);
-})->setName('profile');
-$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
+});
+
+// Login
+$app->get('/login', function (Request $request, Response $response, array $args) use ($container): Response {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
     $dockerActionManager = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -152,69 +204,46 @@ $app->get('/login', function (Request $request, Response $response, array $args)
         'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
     ]);
 });
-$app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
+
+// Setup
+$app->get('/setup', function (Request $request, Response $response, array $args) use ($container): Response {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
     $setup = $container->get(\AIO\Data\Setup::class);
 
-    if(!$setup->CanBeInstalled()) {
-        return $view->render(
-            $response,
-            'already-installed.twig'
-        );
+    if (!$setup->CanBeInstalled()) {
+        return $view->render($response, 'already-installed.twig');
     }
-
-    return $view->render(
-        $response,
-        'setup.twig',
-        [
+    return $view->render($response, 'setup.twig', [
             'password' => $setup->Setup(),
-        ]
-    );
-});
-$app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
-    $params = $request->getQueryParams();
-    $id = $params['id'] ?? '';
-    if (!str_starts_with($id, 'nextcloud-aio-')) {
-        throw new DI\NotFoundException();
-    }
-    $view = Twig::fromRequest($request);
-    return $view->render($response, 'log.twig', ['id' => $id]);
+    ]);
 });
 
-// Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
+//-------------------------------------------------
+// Root Redirector
+//-------------------------------------------------
+$app->get('/', function (Request $request, Response $response, array $args) use ($container): Response {
     /** @var \AIO\Auth\AuthManager $authManager */
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
-
     /** @var \AIO\Data\Setup $setup */
     $setup = $container->get(\AIO\Data\Setup::class);
-    if($setup->CanBeInstalled()) {
-        return $response
-            ->withHeader('Location', 'setup')
-            ->withStatus(302);
-    }
 
-    if($authManager->IsAuthenticated()) {
-        return $response
-            ->withHeader('Location', 'containers')
-            ->withStatus(302);
-    } else {
-        return $response
-            ->withHeader('Location', 'login')
-            ->withStatus(302);
+    if ($setup->CanBeInstalled()) {
+        return $response->withHeader('Location', 'setup')->withStatus(302);
     }
+    if ($authManager->IsAuthenticated()) {
+        return $response->withHeader('Location', 'containers')->withStatus(302);
+    }
+    return $response->withHeader('Location', 'login')->withStatus(302);
 });
 
-$errorMiddleware = $app->addErrorMiddleware(false, true, true);
+//-------------------------------------------------
+// Error Middleware
+//-------------------------------------------------
 
-// Set a custom Not Found handler, which doesn't pollute the app output with 404 errors.
-$errorMiddleware->setErrorHandler(
-    \Slim\Exception\HttpNotFoundException::class,
-    function (Request $request, Throwable $exception, bool $displayErrorDetails) use ($app) {
-        $response = $app->getResponseFactory()->createResponse();
-        $response->getBody()->write('Not Found');
-        return $response->withStatus(404);
-    });
+// TODO: Figure out why the default plain text renderer is being used by logging
+// TODO: Change logging to not generate stack traces for 404s
+// TODO: Change logging to log the path
+$errorMiddleware = $app->addErrorMiddleware(AIO_DISPLAY_ERRORS, true, true);
 
 $app->run();

php/public/log-view.js

@@ -1,142 +0,0 @@
-class LogViewer {
-    // Configure the interval in seconds for autoloading log data.
-    autoloadIntervalSec = 5;
-    // Set to true to see some debug log statements in the browser console.
-    debugLog = false;
-
-    // Don't touch these, please.
-    containerId;
-    apiBaseUrl = 'api/docker/logs';
-    autoloadIntervalId = null;
-    logElem;
-    lastLogTimestamp = '';
-    autoloadingDisabledFromButton = false;
-    loaderElem;
-    dataLoadingLock;
-
-    constructor() {
-        const id = document.body.dataset.containerId;
-        if (typeof(id) !== 'string' || !id.startsWith('nextcloud-aio-')) {
-            throw new Exception('Invalid container ID');
-        }
-        this.containerId = id;
-        this.logElem = document.querySelector('pre');
-        this.loaderElem = document.querySelector('.loader');
-        this.initAutoloadingControls();
-        // Enable automatic log data loading.
-        this.startAutoloading();
-    }
-
-    startAutoloading() {
-        // Load log data immediately.
-        this.loadAndAppendLogData();
-        // Load new log data repeatedly.
-        this.debug("Starting autoloading");
-        this.autoloadIntervalId = setInterval(() => {
-            if (this.isAutoloadingEnabled()) {
-                this.loadAndAppendLogData();
-            }
-        }, 5000);
-    }
-
-    stopAutoloading() {
-        this.debug("Stopping autoloading");
-        clearInterval(this.autoloadIntervalId);
-        this.autoloadIntervalId = null;
-    }
-
-    isAutoloadingEnabled() {
-        return !!this.autoloadIntervalId;
-    }
-
-    getUrl() {
-        return `${this.apiBaseUrl}?id=${this.containerId}&since=${this.lastLogTimestamp}`;
-    }
-
-    debug(...args) {
-        if (this.debugLog) {
-            console.debug('LogViewer:', ...args);
-        }
-    }
-
-    // Load log data and append it to the DOM.
-    loadAndAppendLogData() {
-        if (this.dataLoadingLock) {
-            this.debug("Another log data loading request is still running, cancelling this request");
-            return;
-        }
-        this.debug("Loading new log data");
-        this.dataLoadingLock = true;
-        this.loaderElem.classList.remove('hidden');
-        fetch(this.getUrl())
-            .then((response) => {
-                if (!response.ok) {
-                    throw new Error("Error while fetching log data!");
-                }
-                return response;
-            })
-            .then((response) => response.text())
-            .then((text) => {
-                text = text.trim();
-                if (text.length === 0) {
-                    this.debug("Received no new log data from server");
-                    return;
-                }
-                this.debug("Received", Math.round(text.length / 1024), "KB of new log data from server");
-                this.logElem.append(text + "\n");
-                this.scrollToBottom();
-                this.lastLogTimestamp = text.split("\n").at(-1)?.split(' ')[0] ?? '';
-            })
-            .finally(() => {
-                this.dataLoadingLock = false;
-                this.loaderElem.classList.add('hidden');
-                this.debug("Finished log data loading");
-            })
-            .catch((err) => console.error(err));
-    }
-
-    scrollToBottom() {
-        window.scrollTo(0, document.body.scrollHeight);
-    }
-
-    initAutoloadingControls() {
-        // Provide a button that allows to manually disable the autoloading.
-        const button = document.getElementById('autoloading-control');
-        const statusElem = document.getElementById('autoloading-status');
-        if (!button) {
-            return;
-        }
-        button.addEventListener('click', (event) => {
-            event.preventDefault();
-            if (this.isAutoloadingEnabled()) {
-                this.stopAutoloading();
-                statusElem.textContent = 'disabled';
-                button.textContent = 'Enable';
-                this.autoloadingDisabledFromButton = true;
-            } else {
-                this.startAutoloading();
-                statusElem.textContent = 'enabled';
-                button.textContent = 'Disable';
-                this.autoloadingDisabledFromButton = false;
-            }
-        });
-
-        // Load new data immediately if the window gets visible to the user again (unless autoloading has been
-        // disabled).
-        document.addEventListener('visibilitychange', () => {
-            if (document.visibilityState === 'visible') {
-                this.debug("Window became visible");
-                if (!this.autoloadingDisabledFromButton) {
-                    this.startAutoloading();
-                }
-            } else {
-                this.debug("Window became hidden");
-                this.stopAutoloading();
-            }
-        });
-    }
-}
-
-document.addEventListener("DOMContentLoaded", () => {
-    new LogViewer();
-});

php/public/style.css

@@ -468,29 +468,7 @@ input[type="checkbox"]:disabled:not(:checked) + label {
 }
 
 #overlay.loading {
-    display: grid;
-    justify-items: center;
-    row-gap: 2rem;
-}
-
-#overlay #overlay-log.visible {
-    visibility: visible;
-    opacity: 1;
-    transition: opacity 1s ease-in;
-}
-
-#overlay #overlay-log {
-    visibility: hidden;
-    opacity: 0;
-    align-self: start;
-    width: 300px;
-    height: 200px;
-    border-radius: var(--border-radius-large);
-    border: solid thin rgb(192, 192, 192);
-}
-
-.overlay-iframe {
-    padding: 1rem;
+    display: block;
 }
 
 .loader {
@@ -501,7 +479,9 @@ input[type="checkbox"]:disabled:not(:checked) + label {
     height: 120px;
     -webkit-animation: spin 2s linear infinite; /* Safari */
     animation: spin 2s linear infinite;
-    align-self: end;
+    position: absolute;
+    top: calc(50% - 60px);
+    left: calc(50% - 60px);
 }
 
 /* Safari */
@@ -725,4 +705,4 @@ input[type="checkbox"]:disabled:not(:checked) + label {
     .office-suite-cards {
         grid-template-columns: 1fr;
     }
-}
+}

php/public/toggle-dark-mode.js

@@ -2,26 +2,28 @@
 function toggleTheme() {
     const currentTheme = document.documentElement.getAttribute('data-theme');
     const newTheme = (currentTheme === 'dark') ? '' : 'dark'; // Toggle between no theme and dark theme
-    setThemeToDOM(newTheme);
+    document.documentElement.setAttribute('data-theme', newTheme);
     localStorage.setItem('theme', newTheme);
 
     // Change the icon based on the current theme
-    setThemeIcon(newTheme);
+    const themeIcon = document.getElementById('theme-icon');
+    themeIcon.textContent = newTheme === 'dark' ? '☀️' : '🌙'; // Switch between moon and sun icons
 }
 
-function setThemeToDOM(value) {
-    // Set the theme to the root document and all possible iframe documents (so they can adapt their styling, too).
-    const documents = [document, Array.from(document.querySelectorAll('iframe')).map((iframe) => iframe.contentDocument)].flat()
-    documents.forEach((doc) => doc.documentElement.setAttribute('data-theme', value));
-}
-
-function getSavedTheme() {
-    return localStorage.getItem('theme') ?? '';
+// Function to immediately apply saved theme without icon update
+function applySavedThemeImmediately() {
+    const savedTheme = localStorage.getItem('theme');
+    if (savedTheme === 'dark') {
+        document.documentElement.setAttribute('data-theme', 'dark');
+    } else {
+        document.documentElement.removeAttribute('data-theme'); // Default to light theme
+    }
 }
 
 // Function to apply theme-icon update
-function setThemeIcon(theme) {
-    if (theme === 'dark') {
+function setThemeIcon() {
+    const savedTheme = localStorage.getItem('theme');
+    if (savedTheme === 'dark') {
         document.getElementById('theme-icon').textContent = '☀️'; // Sun icon for dark mode
     } else {
         document.getElementById('theme-icon').textContent = '🌙'; // Moon icon for light mode
@@ -29,7 +31,7 @@ function setThemeIcon(theme) {
 }
 
 // Immediately apply the saved theme to avoid flickering
-setThemeToDOM(getSavedTheme());
+applySavedThemeImmediately();
 
 // Apply theme when the page loads
-document.addEventListener('DOMContentLoaded', () => setThemeIcon(getSavedTheme()));
+document.addEventListener('DOMContentLoaded', setThemeIcon);

php/src/Container/Container.php

@@ -38,7 +38,6 @@ readonly class Container {
         public string                        $imageTag,
         public AioVariables                  $aioVariables,
         public string                        $documentation,
-        public bool                          $hideFromList,
         private DockerActionManager           $dockerActionManager
     ) {
     }

php/src/ContainerDefinitionFetcher.php

@@ -91,10 +91,6 @@ readonly class ContainerDefinitionFetcher {
                 if (!$this->configurationManager->isDockerSocketProxyEnabled) {
                     continue;
                 }
-            } elseif ($entry['container_name'] === 'nextcloud-aio-harp') {
-                if (!$this->configurationManager->isHarpEnabled) {
-                    continue;
-                }
             } elseif ($entry['container_name'] === 'nextcloud-aio-whiteboard') {
                 if (!$this->configurationManager->isWhiteboardEnabled) {
                     continue;
@@ -204,10 +200,6 @@ readonly class ContainerDefinitionFetcher {
                         if (!$this->configurationManager->isDockerSocketProxyEnabled) {
                             continue;
                         }
-                    } elseif ($value === 'nextcloud-aio-harp') {
-                        if (!$this->configurationManager->isHarpEnabled) {
-                            continue;
-                        }
                     } elseif ($value === 'nextcloud-aio-whiteboard') {
                         if (!$this->configurationManager->isWhiteboardEnabled) {
                             continue;
@@ -324,8 +316,6 @@ readonly class ContainerDefinitionFetcher {
                 $documentation = $entry['documentation'];
             }
 
-            $hideFromList = $entry['hide_from_list'] ?? false;
-
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -351,7 +341,6 @@ readonly class ContainerDefinitionFetcher {
                 $imageTag,
                 $aioVariables,
                 $documentation,
-                $hideFromList,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Controller/ConfigurationController.php

@@ -96,7 +96,6 @@ readonly class ConfigurationController {
                 $this->configurationManager->isImaginaryEnabled = isset($request->getParsedBody()['imaginary']);
                 $this->configurationManager->isFulltextsearchEnabled = isset($request->getParsedBody()['fulltextsearch']);
                 $this->configurationManager->isDockerSocketProxyEnabled = isset($request->getParsedBody()['docker-socket-proxy']);
-                $this->configurationManager->isHarpEnabled = isset($request->getParsedBody()['harp']);
                 $this->configurationManager->isWhiteboardEnabled = isset($request->getParsedBody()['whiteboard']);
             }
 

php/src/Controller/DockerController.php

@@ -3,14 +3,12 @@ declare(strict_types=1);
 
 namespace AIO\Controller;
 
-use AIO\Container\Container;
 use AIO\Container\ContainerState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Docker\DockerActionManager;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use AIO\Data\ConfigurationManager;
-use Slim\Psr7\NonBufferedBody;
 
 readonly class DockerController {
     private const string TOP_CONTAINER = 'nextcloud-aio-apache';
@@ -22,12 +20,12 @@ readonly class DockerController {
     ) {
     }
 
-    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true, ?\Closure $addToStreamingResponseBody = null) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         // Start all dependencies first and then itself
         foreach($container->dependsOn as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullImage, $addToStreamingResponseBody);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
         // Don't start if container is already running
@@ -39,9 +37,9 @@ readonly class DockerController {
 
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        $this->dockerActionManager->PullImage($container, $pullImage, $addToStreamingResponseBody);
+        $this->dockerActionManager->PullImage($container, $pullImage);
         $this->dockerActionManager->CreateContainer($container);
-        $this->dockerActionManager->StartContainer($container, $addToStreamingResponseBody);
+        $this->dockerActionManager->StartContainer($container);
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
@@ -71,8 +69,7 @@ readonly class DockerController {
             $id = $requestParams['id'];
         }
         if (str_starts_with($id, 'nextcloud-aio-')) {
-            $since = $this->getTimestampForDockerLogsApiSince($requestParams['since'] ?? '');
-            $logs = $this->dockerActionManager->GetLogs($id, $since);
+            $logs = $this->dockerActionManager->GetLogs($id);
         } else {
             $logs = 'Container not found.';
         }
@@ -87,64 +84,43 @@ readonly class DockerController {
     }
 
     public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
         $forceStopNextcloud = true;
-        $this->startBackup($forceStopNextcloud, $addToStreamingResponseBody);
-
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        $this->startBackup($forceStopNextcloud);
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
-    public function startBackup(bool $forceStopNextcloud = false, ?\Closure $addToStreamingResponseBody = null) : void {
+    public function startBackup(bool $forceStopNextcloud = false) : void {
         $this->configurationManager->backupMode = 'backup';
 
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
     }
 
     public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
-        $this->checkBackup($addToStreamingResponseBody);
-
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        $this->checkBackup();
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerList(Request $request, Response $response, array $args) : Response {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
-        $this->listBackup($addToStreamingResponseBody);
-
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        $this->listBackup();
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
-    public function checkBackup(?\Closure $addToStreamingResponseBody = null) : void {
+    public function checkBackup() : void {
         $this->configurationManager->backupMode = 'check';
 
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
     }
 
-    private function listBackup(?\Closure $addToStreamingResponseBody = null) : void {
+    private function listBackup() : void {
         $this->configurationManager->backupMode = 'list';
 
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
     }
 
     public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
@@ -154,38 +130,26 @@ readonly class DockerController {
         $this->configurationManager->restoreExcludePreviews = isset($request->getParsedBody()['restore-exclude-previews']);
         $this->configurationManager->commitTransaction();
 
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
-        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
 
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
         $this->configurationManager->backupMode = 'check-repair';
 
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
 
         // Restore to backup check which is needed to make the UI logic work correctly
         $this->configurationManager->backupMode = 'check';
 
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
@@ -194,19 +158,13 @@ readonly class DockerController {
         $this->configurationManager->instanceRestoreAttempt = false;
         $this->configurationManager->commitTransaction();
 
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
         $id = self::TOP_CONTAINER;
-        $this->PerformRecursiveContainerStop($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStop($id);
 
         $id = 'nextcloud-aio-borgbackup';
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
 
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function StartContainer(Request $request, Response $response, array $args) : Response
@@ -240,24 +198,17 @@ readonly class DockerController {
         if ($pullImage === false) {
             error_log('WARNING: Not pulling container images. Instead, using local ones.');
         }
-        
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-        
         // Start container
-        $this->startTopContainer($pullImage, $addToStreamingResponseBody);
+        $this->startTopContainer($pullImage);
 
         // Clear apcu cache in order to check if container updates are available
         // Temporarily disabled as it leads much faster to docker rate limits
         // apcu_clear_cache();
 
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
-    public function startTopContainer(bool $pullImage, ?\Closure $addToStreamingResponseBody = null) : void {
+    public function startTopContainer(bool $pullImage) : void {
         $this->configurationManager->aioToken = bin2hex(random_bytes(24));
 
         // Stop domaincheck since apache would not be able to start otherwise
@@ -265,28 +216,21 @@ readonly class DockerController {
 
         $id = self::TOP_CONTAINER;
 
-        $this->PerformRecursiveContainerStart($id, $pullImage, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
     }
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
-        $this->startWatchtower($addToStreamingResponseBody);
-
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        $this->startWatchtower();
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
-    public function startWatchtower(?\Closure $addToStreamingResponseBody = null) : void {
+    public function startWatchtower() : void {
         $id = 'nextcloud-aio-watchtower';
 
-        $this->PerformRecursiveContainerStart($id, true, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStart($id);
     }
 
-    private function PerformRecursiveContainerStop(string $id, bool $forceStopNextcloud = false, ?\Closure $addToStreamingResponseBody = null) : void
+    private function PerformRecursiveContainerStop(string $id, bool $forceStopNextcloud = false) : void
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
@@ -294,11 +238,7 @@ readonly class DockerController {
         // Stop Collabora first to make sure it force-saves
         // See https://github.com/nextcloud/richdocuments/issues/3799
         if ($id === self::TOP_CONTAINER && $this->configurationManager->isCollaboraEnabled) {
-            $this->PerformRecursiveContainerStop('nextcloud-aio-collabora', false, $addToStreamingResponseBody);
-        }
-
-        if ($addToStreamingResponseBody !== null) {
-            $addToStreamingResponseBody($container, "Stopping container");
+            $this->PerformRecursiveContainerStop('nextcloud-aio-collabora');
         }
 
         // Stop itself first and then all the dependencies
@@ -309,23 +249,17 @@ readonly class DockerController {
             $this->dockerActionManager->StopContainer($container, $forceStopNextcloud);
         }
         foreach($container->dependsOn as $dependency) {
-            $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud, $addToStreamingResponseBody);
+            $this->PerformRecursiveContainerStop($dependency, $forceStopNextcloud);
         }
     }
 
     public function StopContainer(Request $request, Response $response, array $args) : Response
     {
-        // Get streaming response start and closure
-        $nonbufResp = $this->startStreamingResponse($response);
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
-
         $id = self::TOP_CONTAINER;
         $forceStopNextcloud = true;
-        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud, $addToStreamingResponseBody);
+        $this->PerformRecursiveContainerStop($id, $forceStopNextcloud);
 
-        // End streaming response
-        $this->finalizeStreamingResponse($nonbufResp);
-        return $nonbufResp;
+        return $response->withStatus(201)->withHeader('Location', '.');
     }
 
     public function stopTopContainer() : void {
@@ -374,96 +308,4 @@ readonly class DockerController {
         $id = 'nextcloud-aio-domaincheck';
         $this->PerformRecursiveContainerStop($id);
     }
-
-    private function getStreamingResponseHtmlStart() : string {
-        return <<<END
-        <!DOCTYPE html>
-        <html lang="en" class="overlay-iframe">
-            <head>
-                <link rel="stylesheet" href="../../style.css?v8" media="all" />
-                <script>
-                    const observer = new MutationObserver((records) => {
-                        const node = records[0]?.addedNodes[0];
-                        // Text nodes also appear here but can't be scrolled to, so we have to check for the
-                        // function being present.
-                        if (node && typeof(node.scrollIntoView) === 'function') {
-                            node.scrollIntoView();
-                        }
-                    });
-                    observer.observe(document, {childList: true, subtree: true});
-                </script>
-            </head>
-            <body>
-            
-        END;
-    }
-
-    private function startStreamingResponse(Response $response) : Response {
-        $nonbufResp = $response
-            ->withBody(new NonBufferedBody())
-            ->withHeader('Content-Type', 'text/html; charset=utf-8')
-            ->withHeader('X-Accel-Buffering', 'no')
-            ->withHeader('Content-Length', '-1')
-            ->withHeader('Cache-Control', 'no-cache');
-            
-        // Text written into this body is immediately sent to the client, without waiting for later content.
-        $streamingResponseBody = $nonbufResp->getBody();
-        
-        $streamingResponseBody->write($this->getStreamingResponseHtmlStart());
-
-        return $nonbufResp;
-    }
-
-    private function getAddToStreamingResponseBody(Response $nonbufResp) : ?\Closure {
-        // Create a closure to pass around to the code, which should to the logging (because it e.g. decides
-        // if it'll actually pull an image), but which should not need to know anything about the
-        // wanted markup or formatting.
-        $addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
-            $nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
-        };
-
-        return $addToStreamingResponseBody;
-    }
-
-    private function finalizeStreamingResponse(Response $nonbufResp) : void {
-        $nonbufResp->getBody()->write($this->getStreamingResponseHtmlEnd());
-    }
-
-    private function getStreamingResponseHtmlEnd() : string {
-        return "\n  </body>\n</html>";
-    }
-
-    private function getTimestampForDockerLogsApiSince(string $input) : string
-    {
-        if ($input === '') {
-            return '';
-        }
-
-        // We expect an RFC3339Nano string with Timezone UTC here, as docker will put out.
-        // Unfortunately PHP doesn't support this format with nanoseconds, so we have to help
-        // ourselves a little bit.
-        // First we split off the nanoseconds.
-        preg_match('/^(\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2})\.(\d{9}).*/', $input, $match);
-        if (count($match) !== 3) {
-            // The input doesn't match our expectations, it might be manipulated, we ignore it.
-            return '';
-        }
-
-        $datetime = \DateTimeImmutable::createFromFormat("Y-m-d\\TH:i:s", $match[1]);
-        $nanoseconds = $match[2];
-
-        if ($datetime === false) {
-            // Input was not parseable, it might be manipulated, we ignore it.
-            return '';
-        }
-
-        // Format the datetime as unix timestamp.
-        $timestamp = $datetime->format('U');
-
-        // Increase the nanoseconds by 1, so we don't get the line with exactly the original datetime again.
-        $nanoseconds = strval(intval($nanoseconds) + 1);
-
-        // Now append the nanoseconds to the timestamp-string.
-        return "{$timestamp}.{$nanoseconds}";
-    }
 }

php/src/Data/ConfigurationManager.php

@@ -30,11 +30,6 @@ class ConfigurationManager
         set { $this->set('isDockerSocketProxyEnabled', $value); }
     }
 
-    public bool $isHarpEnabled {
-        get => $this->get('isHarpEnabled', false);
-        set { $this->set('isHarpEnabled', $value); }
-    }
-
     public bool $isWhiteboardEnabled {
         // Type-cast because old configs could have 1/0 for this key.
         get => (bool) $this->get('isWhiteboardEnabled', true);
@@ -1040,7 +1035,6 @@ class ConfigurationManager
             'IMAGINARY_ENABLED' => $this->isImaginaryEnabled ? 'yes' : '',
             'FULLTEXTSEARCH_ENABLED' => $this->isFulltextsearchEnabled ? 'yes' : '',
             'DOCKER_SOCKET_PROXY_ENABLED' => $this->isDockerSocketProxyEnabled ? 'yes' : '',
-            'HARP_ENABLED' => $this->isHarpEnabled ? 'yes' : '',
             'NEXTCLOUD_UPLOAD_LIMIT' => $this->nextcloudUploadLimit,
             'NEXTCLOUD_MEMORY_LIMIT' => $this->nextcloudMemoryLimit,
             'NEXTCLOUD_MAX_TIME' => $this->nextcloudMaxTime,

php/src/Docker/DockerActionManager.php

@@ -145,12 +145,11 @@ readonly class DockerActionManager {
         }
     }
 
-    public function GetLogs(string $id, string $since = ''): string {
+    public function GetLogs(string $id): string {
         $url = $this->BuildApiUrl(
             sprintf(
-                'containers/%s/logs?stdout=true&stderr=true&timestamps=true&since=%s',
-                urlencode($id),
-                $since
+                'containers/%s/logs?stdout=true&stderr=true&timestamps=true',
+                urlencode($id)
             ));
         $responseBody = (string)$this->guzzleClient->get($url)->getBody();
 
@@ -167,12 +166,9 @@ readonly class DockerActionManager {
         return $response;
     }
 
-    public function StartContainer(Container $container, ?\Closure $addToStreamingResponseBody = null): void {
+    public function StartContainer(Container $container): void {
         $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier)));
         try {
-            if ($addToStreamingResponseBody !== null) {
-                $addToStreamingResponseBody($container, "Starting container");
-            }
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
             throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
@@ -477,7 +473,8 @@ readonly class DockerActionManager {
         }
     }
 
-    public function PullImage(Container $container, bool $pullImage = true, ?\Closure $addToStreamingResponseBody = null): void {
+    public function PullImage(Container $container, bool $pullImage = true): void {
+
         // Skip database image pull if the last shutdown was not clean
         if ($container->identifier === 'nextcloud-aio-database') {
             if ($this->GetDatabasecontainerExitCode() > 0) {
@@ -505,9 +502,6 @@ readonly class DockerActionManager {
         $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
         $imageIsThere = true;
         try {
-            if ($addToStreamingResponseBody) {
-                $addToStreamingResponseBody($container, "Pulling image");
-            }
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
             $this->guzzleClient->get($imageUrl)->getBody()->getContents();
         } catch (\Throwable $e) {
@@ -655,8 +649,8 @@ readonly class DockerActionManager {
             if (count($imageNameArray) === 2) {
                 $imageName = $imageNameArray[0];
             } else {
-                error_log("Unexpected image name was found when getting the current image name of the mastercontainer. You probably did not follow the documentation correctly. Changing the image name to the default 'ghcr.io/nextcloud-releases/all-in-one'.");
-                $imageName = 'ghcr.io/nextcloud-releases/all-in-one';
+                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']);
+                $imageName = $output['Config']['Image'];
             }
             apcu_add($cacheKey, $imageName);
             return $imageName;

php/templates/components/container-state.twig

@@ -4,15 +4,15 @@
     {% if c.GetStartingState().value == 'starting' %}
       <span class="status running"></span>
       {{ c.displayName }}
-      (<a href="log?id={{ c.identifier }}" target="_blank">Starting</a>)
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Starting</a>)
     {% elseif c.GetRunningState().value == 'running' %}
       <span class="status success"></span>
       {{ c.displayName }}
-      (<a href="log?id={{ c.identifier }}" target="_blank">Running</a>)
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Running</a>)
     {% else %}
       <span class="status error"></span>
       {{ c.displayName }}
-      (<a href="log?id={{ c.identifier }}" target="_blank">Stopped</a>)
+      (<a href="api/docker/logs?id={{ c.identifier }}" target="_blank">Stopped</a>)
     {% endif %}
     {% if c.documentation != '' %}
       (<a target="_blank" href="{{ c.documentation }}">docs</a>)
@@ -27,4 +27,4 @@
       <input type="text" value="{{ c.GetUiSecret() }}" readonly>
     </details>
   {% endif %}
-</li>
+</li>

php/templates/containers.twig

@@ -27,7 +27,7 @@
             <script type="text/javascript" src="timezone.js"></script>
 
             {# js for optional containers and additional containers forms #}
-            <script type="text/javascript" src="containers-form-submit.js?v6"></script>
+            <script type="text/javascript" src="containers-form-submit.js?v5"></script>
 
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
@@ -47,10 +47,10 @@
             {% endif %}
 
             {% for container in containers %}
-                {% if container.hideFromList != true and container.GetRunningState().value == 'running' %}
+                {% if container.displayName != '' and container.GetRunningState().value == 'running' %}
                     {% set isAnyRunning = true %}
                 {% endif %}
-                {% if container.hideFromList != true and container.GetRestartingState().value == 'restarting' %}
+                {% if container.displayName != '' and container.GetRestartingState().value == 'restarting' %}
                     {% set isAnyRestarting = true %}
                 {% endif %}
                 {% if container.identifier == 'nextcloud-aio-watchtower' and container.GetRunningState().value == 'running' %}
@@ -65,11 +65,11 @@
             {% endfor %}
 
             {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="log?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
                 {% if automatic_updates == true %}
                     <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                     {% if is_mastercontainer_update_available == true %}
-                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="log?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                        <p>When the mastercontainer is updated it will restart, making it unavailable for a moment. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                     {% endif %}
                 {% endif %}
                 {% if has_update_available == false %}
@@ -80,7 +80,7 @@
                 <p><a href="" class="button reload">Reload ↻</a></p>
                 <p>If the daily backup is stuck somehow, you can unstick it by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.</p>
             {% elseif isWatchtowerRunning == true %}
-                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="log?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
+                <p><span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="api/docker/logs?id=nextcloud-aio-watchtower" target="_blank">Logs</a>)</p>
                 <p><a href="" class="button reload">Reload ↻</a></p>
             {% else %}
                 {% if is_backup_container_running == false and domain == "" %}
@@ -90,7 +90,7 @@
                     {% elseif is_mastercontainer_update_available == true %}
                         <h2>Mastercontainer update</h2>
                         <p>⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.</p>
-                        <form method="POST" action="api/docker/watchtower" target="overlay-log">
+                        <form method="POST" action="api/docker/watchtower" class="xhr">
                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                             <input type="submit" value="Update mastercontainer" />
@@ -142,7 +142,7 @@
                             {% if hasBackupLocation %}
                                 {% if borg_backup_mode in ['test', 'check'] %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Please adjust the path and/or the encryption password in order to make it work!</p>
                                         {% elseif borg_backup_mode == 'check' %}
@@ -150,7 +150,7 @@
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="api/docker/backup-check-repair" target="overlay-log">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -158,10 +158,10 @@
                                             </details>
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
-                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == 'test' %}
                                             <p>Feel free to check the integrity of the backup archive below before starting the restore process in order to make ensure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.</p>
-                                            <form method="POST" action="api/docker/backup-check" target="overlay-log">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity"/>
@@ -169,7 +169,7 @@
                                         {% endif %}
                                         <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance. Please note that the current AIO passphrase will be kept and the previous AIO passphrase will not be restored from backup!</p>
                                         <p><strong>Important:</strong> If the backup that you want to restore contained any <a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">community container</a>, you need to restore the same backup a second time after this attempt so that the community container data is also correctly restored.</p>
-                                        <form method="POST" action="api/docker/restore" target="overlay-log" id="restore_selection">
+                                        <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -183,7 +183,7 @@
                                     {% endif %}
                                 {% elseif borg_backup_mode == 'restore' %}
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last restore failed! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last restore failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         <p>The restore process has unexpectedly failed! Please adjust the path and encryption password, test it and try to restore again!</p>
                                     {% endif %}
                                 {% endif %}
@@ -215,7 +215,7 @@
                             {% endif %}
                         {% else %}
                             <p><strong>Everything set!</strong> Click on the button below to test the path and encryption password:</p>
-                            <form method="POST" action="api/docker/backup-test" target="overlay-log">
+                            <form method="POST" action="api/docker/backup-test" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Test path and encryption password"/>
@@ -228,14 +228,14 @@
 
                 {% if was_start_button_clicked == true %}
                     {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="log?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
+                        <p>You are running the <a target="_blank" href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><strong>{{ current_channel }}</strong></a> channel. (<a href="api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                     {% else %}
                         <p>No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.</p>
                     {% endif %}
                 {% endif %}
 
                 {% if is_backup_container_running == true %}
-                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                    <p><span class="status running"></span> Backup container is currently running: {{ borg_backup_mode }} (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                     <p><a href="" class="button reload">Reload ↻</a></p>
                 {% endif %}
 
@@ -264,7 +264,7 @@
                             {% else %}
                                 <p>It seems at least one container was not able to start correctly and is currently restarting.</p>
                                 <p>To break this endless loop, you can stop the containers below and investigate the issue in the container logs before starting the containers again.</p>
-                                <form method="POST" action="api/docker/stop" target="overlay-log">
+                                <form method="POST" action="api/docker/stop" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Stop containers" />
@@ -282,7 +282,7 @@
                         <ul>
                             {# @var containers \AIO\Container\Container[] #}
                             {% for container in containers %}
-                                {% if container.hideFromList != true %}
+                                {% if container.displayName != '' %}
                                     {% include 'components/container-state.twig'  with {'c': container} only %}
                                 {% endif %}
                             {% endfor %}
@@ -317,7 +317,7 @@
                                     <p>You can find all changes <a target="_blank" href="https://github.com/nextcloud-releases/all-in-one/commits/main"><strong>here</strong></a></p>
                                 {% endif %}
                             {% endif %}
-                            <form method="POST" action="api/docker/stop" target="overlay-log">
+                            <form method="POST" action="api/docker/stop" class="xhr">
                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input type="submit" value="Stop containers" />
@@ -332,14 +332,14 @@
                             {% endif %}
                             {% if is_mastercontainer_update_available == true %}
                                 <p>⚠️ A mastercontainer update is available. Please click on the button below to update it.</p>
-                                <form method="POST" action="api/docker/watchtower" target="overlay-log">
+                                <form method="POST" action="api/docker/watchtower" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                     <input type="submit" value="Update mastercontainer" />
                                 </form>
                             {% else %}
                                 {% if was_start_button_clicked == false %}
-                                    <form method="POST" action="api/docker/start" target="overlay-log">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
@@ -349,14 +349,14 @@
                                         <input type="submit" value="Download and start containers" />
                                     </form>
                                 {% elseif has_update_available == false %}
-                                    <form method="POST" action="api/docker/start" target="overlay-log">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
                                         <input type="submit" value="Start containers" />
                                     </form>
                                 {% else %}
-                                    <form method="POST" action="api/docker/start" target="overlay-log">
+                                    <form method="POST" action="api/docker/start" class="xhr">
                                         <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                         <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                         <input id="base_path" type="hidden" name="base_path" value="">
@@ -401,13 +401,13 @@
                                 {% if is_backup_container_running == false %}
                                     <h2>Backup and restore</h2>
                                     {% if backup_exit_code > 0 %}
-                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                        <p><span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% if borg_backup_mode == "check" %}
                                             <p>The backup check was not successful. This might indicate a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><strong>this documentation</strong></a></p>
                                             <details>
                                                 <summary>Reveal repair option</summary>
                                                 <p>Below is the option to repair the integrity of your backup. <strong>Please note:</strong> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)</p>
-                                                <form method="POST" action="api/docker/backup-check-repair" target="overlay-log">
+                                                <form method="POST" action="api/docker/backup-check-repair" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/>
@@ -435,9 +435,9 @@
                                         {% endif %}
                                     {% elseif backup_exit_code == 0 %}
                                         {% if borg_backup_mode == "backup" %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% else %}
-                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="log?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
+                                            <p><span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Logs</a>)</p>
                                         {% endif %}
                                     {% endif %}
                                 {% endif %}
@@ -472,7 +472,7 @@
                                     {% if isApacheStarting != true %}
                                         <h3>Backup creation</h3>
                                         <p>Clicking on the button below will create a backup.</p>
-                                        <form method="POST" action="api/docker/backup" target="overlay-log">
+                                        <form method="POST" action="api/docker/backup" class="xhr">
                                             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
@@ -484,7 +484,7 @@
 
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
-                                            <form method="POST" action="api/docker/backup-check" target="overlay-log">
+                                            <form method="POST" action="api/docker/backup-check" class="xhr">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" />
@@ -492,7 +492,7 @@
 
                                             <h3>Backup restore</h3>
                                             <p>Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the chosen backup so you should consider creating a backup first. You can run an integrity check before restoring your files but this shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories! The restore process should be pretty fast as rsync, which only transfers changed files, is used to restore the chosen backup.</p>
-                                            <form method="POST" action="api/docker/restore" target="overlay-log" id="restore_selection">
+                                            <form method="POST" action="api/docker/restore" class="xhr" id="restore_selection">
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
@@ -507,7 +507,7 @@
                                             <details>
                                                 <summary>Click here to reveal this option</summary>
                                                 <p>If you use an external snapshot tool to restore the server that runs AIO, you might run into a problem that the above listed available backups are not up-to-date to restore your server from. You can click the button below to update this list.</p>
-                                                <form method="POST" action="api/docker/backup-list" target="overlay-log">
+                                                <form method="POST" action="api/docker/backup-list" class="xhr">
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                     <input type="submit" value="Update backup list" />

php/templates/includes/aio-version.twig

@@ -1 +1 @@
-12.9.0
+12.7.0

php/templates/includes/optional-containers.twig

@@ -196,24 +196,8 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>) ⚠️ The docker socket proxy container is deprecated. Please use the HaRP (High-availability Reverse Proxy for Nextcloud ExApps) instead!</label>
+        <label for="docker-socket-proxy">Docker Socket Proxy (needed for <a target="_blank" href="https://github.com/cloud-py-api/app_api#nextcloud-appapi">Nextcloud App API</a>)</label>
     </p>
-{#
-    <p>
-        <input
-            type="checkbox"
-            id="harp"
-            name="harp"
-            {% if is_harp_enabled == true %}
-                checked="checked"
-                data-initial-state="true"
-            {% else %}
-                data-initial-state="false"
-            {% endif %}
-        >
-        <label for="harp">HaRP (<a target="_blank" href="https://github.com/nextcloud/HaRP">High-availability Reverse Proxy</a> for Nextcloud ExApps)</label>
-    </p>
-#}
     <p>
         <input
             type="checkbox"
@@ -234,7 +218,6 @@
 {% if isAnyRunning == true %}
     <script type="text/javascript" src="disable-clamav.js"></script>
     <script type="text/javascript" src="disable-docker-socket-proxy.js"></script>
-    <script type="text/javascript" src="disable-harp.js"></script>
     <script type="text/javascript" src="disable-talk.js"></script>
     <script type="text/javascript" src="disable-collabora.js?v2"></script>
     <script type="text/javascript" src="disable-onlyoffice.js?v2"></script>

php/templates/layout.twig

@@ -1,10 +1,10 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="style.css?v9" media="all" />
+        <link rel="stylesheet" href="style.css?v7" media="all" />
         <link rel="icon" href="img/favicon.png">
-        <script type="text/javascript" src="forms.js?v1"></script>
-        <script type="text/javascript" src="toggle-dark-mode.js?v1"></script>
+        <script type="text/javascript" src="forms.js"></script>
+        <script type="text/javascript" src="toggle-dark-mode.js"></script>
     </head>
 
     <body>
@@ -13,7 +13,6 @@
         </div>
         <div id="overlay">
             <div class="loader"></div>
-            <iframe name="overlay-log" id="overlay-log"></iframe>
         </div>
         <button id="theme-toggle" onclick="toggleTheme()">
             <span id="theme-icon"></span>

php/templates/log.twig

@@ -1,61 +0,0 @@
-<html lang="en">
-    <head>
-        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
-        <link rel="stylesheet" href="style.css">
-        <style>
-            body {
-                padding: 1rem;
-            }
-            #floating-box {
-                position: sticky;
-                top: 1rem;
-                float: right;
-                right: 1rem;
-                width: 20rem;
-                display: flex;
-                justify-content: end;
-                align-items: center;
-            }
-            #autoloading-box {
-                display: grid;
-                gap: 0.5rem;
-                font-size: large;
-                border: solid thin gray;
-                background-color: #f9f9f9;
-                width: 10rem;
-                padding: 0.5rem 1rem;
-                margin: 0 0 0 1rem;
-            }
-            .loader {
-                opacity: 1;
-                width: 40px;
-                height: 40px;
-                align-self: inherit;
-            }
-            @starting-style {
-              .loader {
-                opacity: 0;
-              }
-            }
-            .loader.hidden {
-                display: none;
-                opacity: 0;
-                transition: opacity 1s, display 1s allow-discrete;
-            }
-        </style>
-        <script src="log-view.js"></script>
-    </head>
-    <body data-container-id="{{ id }}">
-        <div id="floating-box">
-            <div class="loader"></div>
-            <div id="autoloading-box">
-                <div>
-                    Automatic loading of new log data is
-                    <span id="autoloading-status">enabled</span>.
-                </div>
-                <button id="autoloading-control">Disable</button>
-            </div>
-        </div>
-        <pre>{{ logContent }}</pre>
-    </body>
-</html>

readme.md

@@ -7,9 +7,7 @@ The official Nextcloud installation method. Nextcloud AIO provides easy deployme
 
 Included are:
 - Nextcloud
-- High performance backend for Nextcloud Files (Client Push)
-- Redis & APCU for performant caching
-- PostgreSQL as database
+- High performance backend for Nextcloud Files
 - Nextcloud Office (optional)
 - High performance backend for Nextcloud Talk and TURN-server (optional)
 - Nextcloud Talk Recording-server (optional)
@@ -90,10 +88,9 @@ Included are:
 ## How to use this?
 
 The steps below are written for Linux. For platform-specific guidance see:
-- macOS: [How to run AIO on macOS?](#how-to-run-aio-on-macos)
-- Windows: [How to run AIO on Windows?](#how-to-run-aio-on-windows)
-- Unraid: [How to run AIO on Unraid?](#how-to-run-aio-on-unraid)
-- Synology DSM: [How to run AIO on Synology DSM?](#how-to-run-aio-on-synology-dsm)
+- macOS: [How to run AIO on macOS](#how-to-run-aio-on-macos)
+- Windows: [How to run AIO on Windows](#how-to-run-aio-on-windows)
+- Synology DSM: [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
 - TrueNAS SCALE: [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
 
 > [!IMPORTANT]  
@@ -206,7 +203,6 @@ https://your-domain-that-points-to-this-server.tld:8443
     - [Are other ports than the default 443 for Nextcloud supported?](#are-other-ports-than-the-default-443-for-nextcloud-supported)
     - [Can I run Nextcloud in a subdirectory on my domain?](#can-i-run-nextcloud-in-a-subdirectory-on-my-domain)
     - [How can I access Nextcloud locally?](#how-can-i-access-nextcloud-locally)
-    - [How to overwrite the local DNS resolution for some domains or add extra hosts to the containers?](#how-to-overwrite-the-local-dns-resolution-for-some-domains-or-add-extra-hosts-to-the-containers)
     - [How to skip the domain validation?](#how-to-skip-the-domain-validation)
     - [How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?](#how-to-resolve-firewall-problems-with-fedora-linux-rhel-os-centos-suse-linux-and-others)
     - [What can I do to fix the internal or reserved ip-address error?](#what-can-i-do-to-fix-the-internal-or-reserved-ip-address-error)
@@ -220,8 +216,6 @@ https://your-domain-that-points-to-this-server.tld:8443
 - [Customization](#customization)
     - [How to adjust the internally used docker api version?](#how-to-adjust-the-internally-used-docker-api-version)
     - [How to change the default location of Nextcloud's Datadir?](#how-to-change-the-default-location-of-nextclouds-datadir)
-    - [How to configure custom UID/GID?](#how-to-configure-custom-uidgid)
-    - [How to move the appdata folder from the datadir to an ssd to improve the performance?](#how-to-move-the-appdata-folder-from-the-datadir-to-an-ssd-to-improve-the-performance)
     - [How to store the files/installation on a separate drive?](#how-to-store-the-filesinstallation-on-a-separate-drive)
     - [How to limit the resource usage of AIO?](#how-to-limit-the-resource-usage-of-aio)
     - [How to allow the Nextcloud container to access directories on the host?](#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host)
@@ -243,7 +237,6 @@ https://your-domain-that-points-to-this-server.tld:8443
 - [Guides](#guides)
     - [How to run AIO on macOS?](#how-to-run-aio-on-macos)
     - [How to run AIO on Windows?](#how-to-run-aio-on-windows)
-    - [How to run AIO on Unraid?](#how-to-run-aio-on-unraid)
     - [How to run AIO on Synology DSM](#how-to-run-aio-on-synology-dsm)
     - [How to run AIO with Portainer?](#how-to-run-aio-with-portainer)
     - [Can I run AIO on TrueNAS SCALE?](#can-i-run-aio-on-truenas-scale)
@@ -382,12 +375,6 @@ Now that this is out of the way, the recommended way how to access Nextcloud loc
 - https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole
 
-### How to overwrite the local DNS resolution for some domains or add extra hosts to the containers?
-
-For some use cases, you might need to overwrite the local DNS resolution of some domains inside the containers. On Linux, you can do so either by using a local DNS server as described in the section above and add a local DNS entry into the dns server and make your containers use that DNS server.
-
-Another solution on Linux, depending on your network and docker configuration, it might also work to simply edit the `/etc/hosts` file. Add your custom entry like `172.18.0.1 mail.example.com` as additional line to the file and restart docker which should automatically push the entry to all docker containers.
-
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
 
@@ -466,37 +453,6 @@ You can configure the Nextcloud container to use a specific directory on your ho
     ```
     In this example, it would mount `E:\your\data\path` into the volume so for a different location you need to adjust `/host_mnt/e/your/data/path` accordingly.
 
-### How to configure custom UID/GID?
-There are two ways to configure custom UIDs or GIDs that will be used inside the installation. 
-
-The first and recommended solution is to use Nextcloud's external storage app and use its functionality to add a connection into Nextcloud. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/external_storage_configuration_gui.html
-
-Another solution if you really need to use host mounts is to use a bind mount to map custom permissions to the directory. You can do so by editing the `/etc/fstab` file on your Linux server and create an entry like the following to the file:
-```
-/source/path  /target/path/where/the/source/directory/will/be/mounted/on/the/server  fuse.bindfs  force-user=33,force-group=33,allow_other  0  0
-```
-
-Then use `sudo mount /target/path/where/the/source/directory/will/be/mounted/on/the/server` to mount it directly.
-
-You can afterwards use `--env NEXTCLOUD_DATADIR="/target/path/where/the/source/directory/will/be/mounted/on/the/server"` as described in the section above.
-
-### How to move the appdata folder from the datadir to an ssd to improve the performance?
-If the datadir in your setup is configured to be placed on an HDD or network FS like SMB or NFS, you can follow the steps below to change the location of the appdata folder to be located on an SSD in order to improve the performance of the setup.
-
-> [!NOTE]  
-> The following steps only work if you already configured and used NEXTCLOUD_DATADIR as mentioned [two sections above](#how-to-change-the-default-location-of-nextclouds-datadir). 
-> In this example here, we assume that you used `NEXTCLOUD_DATADIR="/target/path/`.
-
-After the initial installation is done and all datadir files of Nextcloud are stored inside the configured `/target/path` directory, you will also see an `appdata_*` folder in there that stores app-related data. You can now move that folder to a faster SSD if the target dir is not already positioned on an SSD by first using `rsync` to sync the files a location on an SSD. Afterwards rename the appdata folder in the datadir to something like `appdata_*-backup`. Afterwards add the following line to `/etc/fstab`:
-```
-/source/path/on/ssd  /target/path/<appdata-path>  fuse.bindfs  force-user=33,force-group=33,allow_other  0  0
-```
-Do not forget to adjust `<appdata-path>` to the correct `appdata_*` name that your installation initially created automatically.
-
-Then use `sudo mount /target/path/<appdata-path>` to mount it directly.
-
-Afterwards things should be speed up.
-
 ### How to store the files/installation on a separate drive?
 You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
 (Of course docker needs to be installed first for this to work.)
@@ -642,23 +598,6 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 > [!NOTE]  
 > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  
 
-### How to run AIO on Unraid?
-
-Generally on Unraid, before installing Nextcloud AIO, you should make sure to specify a directory for all docker related files instead of using the default docker image before continuing the installation process. See this guide for more details: https://forums.unraid.net/topic/103924-how-to-turn-my-docker-file-to-a-docker-folder/#comment-962317
-
-Additionally, you might need to create a custom user script to start all sibling containers of AIO automatically whenever the server reboots (since the docker plugin in Unraid does not respect the normal docker restart-policy that is configured for all AIO containers). See the User scripts docs: https://docs.unraid.net/unraid-os/using-unraid-to/run-docker-containers/managing-and-customizing-containers/#user-scripts-plugin. You would need to use a script like the one below and use the schedule option `@reboot` to start the containers automatically.
-```bash
-#!/bin/bash
-
-# Wait 120 seconds for other server components to start correctly
-sleep 120
-
-# Execute the actual command
-docker exec --env START_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
-```
-
-Apart from that, the installation of AIO should work like on "normal" Linux. So refer to the Linux instructions for installation.
-
 ### How to run AIO on Synology DSM
 On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Additionally, you likely need to adjust the internally used api version. See [this documentation](#how-to-adjust-the-internally-used-docker-api-version). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
@@ -768,10 +707,7 @@ password=<password>
 ```
 (Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
 
-Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section [here](#how-to-change-the-default-location-of-nextclouds-datadir).
-
-> [!NOTE]  
-> You also might want to move the appdata dir after the initial installation is done to improve the performance. See [this section](#how-to-move-the-appdata-folder-from-the-datadir-to-an-ssd-to-improve-the-performance)
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above this one.
 
 ### Can I run this with Docker swarm?
 Yes. For that to work, you need to use and follow the [manual-install documentation](./manual-install/).
@@ -918,7 +854,7 @@ Be aware that this solution does not back up files and folders that are mounted
 Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
 
 ### How to adjust borgs retention policy?
-The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out! Also, don't include the `-a` or `--glob-archives` option, since AIO already provides it and you can't override it. See https://github.com/nextcloud/all-in-one/pull/7616
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
 ### How to migrate from AIO to AIO?
 If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere.

tests/QA/001-initial-setup.md

@@ -1,10 +1,10 @@
 # Initial setup
 
 - [ ] Verify that after starting the test container, you can access the AIO interface using https://internal.ip.address:8080
-- [ ] After clicking the self-signed-certificate warning away, it should show the setup page with an explanation what AIO is and the initial passphrase and a button that contains a link to the AIO login page
-- [ ] After copying the passphrase and clicking on this button, it should open a new tab with the login page
-- [ ] The login page should show an input field that allows to enter the AIO passphrase and a `Log in` button
-- [ ] After pasting the passphrase into the input field and clicking on this button, you should be logged in
+- [ ] After clicking the self-signed-certificate warning away, it should show the setup page with an explanation what AIO is and the initial password and a button that contains a link to the AIO login page
+- [ ] After copying the password and clicking on this button, it should open a new tab with the login page
+- [ ] The login page should show an input field that allows to enter the AIO password and a `Log in` button
+- [ ] After pasting the new password into the input field and clicking on this button button, you should be logged in
 - [ ] You should now see the containers page and you should see three sections: one general section which explains what AIO is, one `New AIO instance` section and one section that allows to restore the whole AIO instance from backup.
 
 You can now continue with [002-new-instance.md](./002-new-instance.md) or [010-restore-instance.md](./010-restore-instance.md).

tests/QA/002-new-instance.md

@@ -11,7 +11,7 @@ For the below to work, it is important that you have a domain that you point ont
     - [ ] Entering the domain that does point to your server e.g. `yourdomain.com` should finally redirect you to the next screen (if you did not configure your domain yet or did not open port 443, it should report that to you)
 - [ ] Now you should see a button `Start containers` and an explanation which points out that clicking on the button will start the containers and that this can take a long time.
 - [ ] Below that you should see a section `Optional addons` which shows a checkbox list with addons that can be enabled or disabled.
-    - [ ] Collabora, Imaginary, Talk and Whiteboard should be enabled, the rest disabled
+    - [ ] Collabora and Nextcloud Talk should be enabled, the rest disabled
     - [ ] Unchecking/Checking any of these should insert a button that allows to save the set config
     - [ ] Checking OnlyOffice and Collabora at the same time should show a warning that this is not supported and should  not saving the new config
     - [ ] Recommended is to uncheck all options now