Merge pull request #6517 from nextcloud/enh/6408/re-enable-the-update-app

nextcloud: re-enable the updatenotification app

.github/workflows/dependency-updates.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+    - uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
       with:
         php-version: 8.4
         extensions: apcu

.github/workflows/helm-release.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2
+        uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
         with:
           continue-after-seconds: 180
         env:

.github/workflows/lint-php.yml

@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none

.github/workflows/php-deprecation-detector.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu

.github/workflows/psalm-update-baseline.yml

@@ -13,7 +13,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu

.github/workflows/psalm.yml

@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu

.github/workflows/twig-lint.yml

@@ -27,7 +27,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@27853eb8b46dc01c33bf9fef67d98df2683c3be2 # v2
         with:
           php-version: 8.4
           extensions: apcu

Containers/clamav/Dockerfile

@@ -11,6 +11,7 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     freshclam --foreground --stdout
 
 COPY --chmod=775 start.sh /start.sh

Containers/collabora/Dockerfile

@@ -1,19 +1,10 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:25.04.2.1.1
+FROM collabora/code:25.04.2.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 
-# hadolint ignore=DL3008
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        netcat-openbsd \
-    ; \
-    rm -rf /var/lib/apt/lists/*;
-
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER 1001

Containers/collabora/healthcheck.sh

@@ -1,3 +1,7 @@
 #!/bin/bash
 
-nc -z 127.0.0.1 9980 || exit 1
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.7-alpine
+FROM haproxy:3.2.1-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.1
+FROM elasticsearch:8.18.2
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.3-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 

Containers/mastercontainer/Dockerfile

@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.1.1-cli AS docker
+FROM docker:28.2.2-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.7-fpm-alpine3.21
+FROM php:8.4.8-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

Containers/mastercontainer/start.sh

@@ -258,18 +258,8 @@ It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
     fi
 fi
 if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
-    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
-    for container in "${AIO_CCONTAINERS[@]}"; do
-        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            print_red "The community container $container was not found!"
-            FAIL_CCONTAINERS=1
-        fi
-    done
-    if [ -n "$FAIL_CCONTAINERS" ]; then
-        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
-It is set to '$AIO_COMMUNITY_CONTAINERS'."
-        exit 1
-    fi
+    print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
+The community containers get managed via the AIO interface now."
 fi
 
 # Check if ghcr.io is reachable

Containers/nextcloud/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.21-fpm-alpine3.21
+FROM php:8.3.22-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=31.0.5
+ENV NEXTCLOUD_VERSION=31.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -212,8 +212,8 @@ RUN set -ex; \
     /var/log/supervisord \
     /var/run/supervisord \
     ; \
-    chown www-data:root -R /var/log/supervisord; \
-    chown www-data:root -R /var/run/supervisord; \
+    chmod 777 -R /var/log/supervisord; \
+    chmod 777 -R /var/run/supervisord; \
     \
     apk add --no-cache \
         bash \
@@ -227,7 +227,6 @@ RUN set -ex; \
         grep \
         nodejs \
         libreoffice \
-        pandoc-cli \
         bind-tools \
         imagemagick \
         imagemagick-svg \
@@ -254,14 +253,12 @@ RUN set -ex; \
 # AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \
-    chown www-data:root -R /usr/local/etc/php/conf.d && \
-    chown www-data:root -R /usr/local/etc/php-fpm.d && \
+    chmod 777 -R /usr/local/etc/php/conf.d && \
+    chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
-    rm -rf /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
-    chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater
+    chmod -R 777 /nc-updater
 
 # hadolint ignore=DL3002
 USER root

Containers/nextcloud/entrypoint.sh

@@ -144,13 +144,14 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
                 echo -e "Checking connection to appstore"
-                APPSTORE_URL="https://apps.nextcloud.com/"
+                APPSTORE_URL="https://apps.nextcloud.com/api/v1"
                 if grep -q appstoreurl /var/www/html/config/config.php; then
                     set -x
                     APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
                     set +x
                 fi
-                CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)"
+                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
+                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
                     echo "Appstore is reachable"
@@ -192,14 +193,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ app:update --all
 
             run_upgrade_if_needed_due_to_app_update
-
-            # Fix removing the updatenotification for old instances
-            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
-            if [ -d "/var/www/html/apps/updatenotification" ]; then
-                php /var/www/html/occ app:disable updatenotification
-            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
-                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
-            fi
         fi
 
         echo "Initializing nextcloud $image_version ..."
@@ -276,6 +269,10 @@ DATADIR_PERMISSION_CONF
             # unset admin password
             unset ADMIN_PASSWORD
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
 # AIO update to latest start # Do not remove or change this line!
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
@@ -306,8 +303,7 @@ DATADIR_PERMISSION_CONF
                     # shellcheck disable=SC2016
                     installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 fi
-                php /var/www/html/occ app:disable updatenotification
-                rm -rf /var/www/html/apps/updatenotification
+                php /var/www/html/occ config:system:set updatechecker --type=bool --value=true
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
@@ -353,8 +349,6 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer
             php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false
             php /var/www/html/occ config:system:set share_folder --value="/Shared"
-            # Not needed anymore with the removal of the updatenotification app:
-            # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Install some apps by default
             if [ -n "$STARTUP_APPS" ]; then
@@ -433,6 +427,11 @@ DATADIR_PERMISSION_CONF
 
             run_upgrade_if_needed_due_to_app_update
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ app:enable updatenotification
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
             # Apply optimization
             echo "Doing some optimizations..."
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.8-alpine
+FROM redis:7.2.9-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/talk-recording/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.3-alpine3.21
+FROM python:3.13.4-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/watchtower/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.3-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

app/appinfo/info.xml

@@ -20,13 +20,4 @@
 		<admin>OCA\AllInOne\Settings\Admin</admin>
 	</settings>
 
- <!-- not implemented yet - but might be useful:
-        <background-jobs>
-		<job>OCA\AllInOne\Notification\BackgroundJob</job>
-	</background-jobs>
-	<commands>
-		<command>OCA\UpdateNotification\Command\Check</command>
-	</commands>
- -->
-
 </info>

community-containers/readme.md

@@ -5,9 +5,8 @@ This directory features containers that are built for AIO which allows to add ad
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
-Before adding any additional container, make sure to create a backup via the AIO interface!
-
-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
+Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down). 
+⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
@@ -16,8 +15,6 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
-In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
-
-First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
+You can remove containers now via the web interface.
 
 After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).

compose.yaml

@@ -14,7 +14,6 @@ services:
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

migration.md

@@ -57,9 +57,9 @@ The procedure for migrating the files and the database works like this:
     ```
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
-1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
-1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. On the AIO interface, use the passphrase to connect to your newly created Nextcloud instance's admin account. There, install all the Nextcloud apps that were installed on the old Nextcloud installation. If you don't, the migration will show them as installed, but they won't work.
+1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!**
+1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.
     1. Now, create a copy of the database file so that you can simply restore it if you should make a mistake while editing: `cp database-dump.sql database-dump.sql.backup`
     1. Next, open the database export with e.g. nano: `nano database-dump.sql`
@@ -81,7 +81,6 @@ The same applies for the second statement, check with `grep " OWNER TO nextcloud
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
-1. As last step, install all apps again that were installed before on your old instance by using the webinterface.
 
 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.15.0
+version: 11.0.0
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-apache:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250610_074316
           readinessProbe:
             exec:
               command:
@@ -61,5 +61,5 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
-                - CHOWN={{ .Values.CHOWN }}
+                - CHOWN
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250610_074316
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -24,7 +24,7 @@ spec:
     spec:
       initContainers:
         - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250610_074316
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-redis:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-talk:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250526_095855
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250610_074316
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/update-helm.sh

@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091

php/composer.lock

@@ -557,16 +557,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.10",
+            "version": "7.0.11",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2"
+                "reference": "32f111a6d214564520a57831d397263e8946c1d2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/0d1ed64126577e9a095b3204dcaee58cf76432c2",
-                "reference": "0d1ed64126577e9a095b3204dcaee58cf76432c2",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/32f111a6d214564520a57831d397263e8946c1d2",
+                "reference": "32f111a6d214564520a57831d397263e8946c1d2",
                 "shasum": ""
             },
             "require": {
@@ -614,7 +614,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.10"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.11"
             },
             "funding": [
                 {
@@ -626,7 +626,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-22T08:53:15+00:00"
+            "time": "2025-06-03T07:45:57+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -2521,79 +2521,6 @@
             ],
             "time": "2024-08-03T19:31:26+00:00"
         },
-        {
-            "name": "composer/package-versions-deprecated",
-            "version": "1.11.99.5",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/composer/package-versions-deprecated.git",
-                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/composer/package-versions-deprecated/zipball/b4f54f74ef3453349c24a845d22392cd31e65f1d",
-                "reference": "b4f54f74ef3453349c24a845d22392cd31e65f1d",
-                "shasum": ""
-            },
-            "require": {
-                "composer-plugin-api": "^1.1.0 || ^2.0",
-                "php": "^7 || ^8"
-            },
-            "replace": {
-                "ocramius/package-versions": "1.11.99"
-            },
-            "require-dev": {
-                "composer/composer": "^1.9.3 || ^2.0@dev",
-                "ext-zip": "^1.13",
-                "phpunit/phpunit": "^6.5 || ^7"
-            },
-            "type": "composer-plugin",
-            "extra": {
-                "class": "PackageVersions\\Installer",
-                "branch-alias": {
-                    "dev-master": "1.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "PackageVersions\\": "src/PackageVersions"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Marco Pivetta",
-                    "email": "ocramius@gmail.com"
-                },
-                {
-                    "name": "Jordi Boggiano",
-                    "email": "j.boggiano@seld.be"
-                }
-            ],
-            "description": "Composer plugin that provides efficient querying for installed package versions (no runtime IO)",
-            "support": {
-                "issues": "https://github.com/composer/package-versions-deprecated/issues",
-                "source": "https://github.com/composer/package-versions-deprecated/tree/1.11.99.5"
-            },
-            "funding": [
-                {
-                    "url": "https://packagist.com",
-                    "type": "custom"
-                },
-                {
-                    "url": "https://github.com/composer",
-                    "type": "github"
-                },
-                {
-                    "url": "https://tidelift.com/funding/github/packagist/composer/composer",
-                    "type": "tidelift"
-                }
-            ],
-            "time": "2022-01-17T14:14:24+00:00"
-        },
         {
             "name": "composer/pcre",
             "version": "3.3.2",
@@ -3403,16 +3330,16 @@
         },
         {
             "name": "nikic/php-parser",
-            "version": "v5.4.0",
+            "version": "v5.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/nikic/PHP-Parser.git",
-                "reference": "447a020a1f875a434d62f2a401f53b82a396e494"
+                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/447a020a1f875a434d62f2a401f53b82a396e494",
-                "reference": "447a020a1f875a434d62f2a401f53b82a396e494",
+                "url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/ae59794362fe85e051a58ad36b289443f57be7a9",
+                "reference": "ae59794362fe85e051a58ad36b289443f57be7a9",
                 "shasum": ""
             },
             "require": {
@@ -3455,9 +3382,9 @@
             ],
             "support": {
                 "issues": "https://github.com/nikic/PHP-Parser/issues",
-                "source": "https://github.com/nikic/PHP-Parser/tree/v5.4.0"
+                "source": "https://github.com/nikic/PHP-Parser/tree/v5.5.0"
             },
-            "time": "2024-12-30T11:07:19+00:00"
+            "time": "2025-05-31T08:24:38+00:00"
         },
         {
             "name": "phpdocumentor/reflection-common",
@@ -3894,16 +3821,16 @@
             "source": {
                 "type": "git",
                 "url": "https://github.com/sserbin/twig-linter.git",
-                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914"
+                "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/c4cb0d08c8290d8fed541eb027bd85dba90a5914",
-                "reference": "c4cb0d08c8290d8fed541eb027bd85dba90a5914",
+                "url": "https://api.github.com/repos/sserbin/twig-linter/zipball/932c7f1dcc79cd54aa011804d42aa7bbb14a970f",
+                "reference": "932c7f1dcc79cd54aa011804d42aa7bbb14a970f",
                 "shasum": ""
             },
             "require": {
-                "composer/package-versions-deprecated": "1.11.99.5",
+                "composer-runtime-api": "^2.0",
                 "php": "^7.4|^8.0",
                 "symfony/console": "^5.4 || ^6.1",
                 "symfony/finder": "^5.4 || ^6.1",
@@ -3942,22 +3869,22 @@
             ],
             "support": {
                 "issues": "https://github.com/sserbin/twig-linter/issues",
-                "source": "https://github.com/sserbin/twig-linter/tree/3.1.1"
+                "source": "https://github.com/sserbin/twig-linter/tree/3.1.2"
             },
-            "time": "2024-09-09T16:51:23+00:00"
+            "time": "2025-06-03T06:31:48+00:00"
         },
         {
             "name": "symfony/console",
-            "version": "v6.4.21",
+            "version": "v6.4.22",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/console.git",
-                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719"
+                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
-                "reference": "a3011c7b7adb58d89f6c0d822abb641d7a5f9719",
+                "url": "https://api.github.com/repos/symfony/console/zipball/7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
+                "reference": "7d29659bc3c9d8e9a34e2c3414ef9e9e003e6cf3",
                 "shasum": ""
             },
             "require": {
@@ -4022,7 +3949,7 @@
                 "terminal"
             ],
             "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.21"
+                "source": "https://github.com/symfony/console/tree/v6.4.22"
             },
             "funding": [
                 {
@@ -4038,11 +3965,11 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-07T15:42:41+00:00"
+            "time": "2025-05-07T07:05:04+00:00"
         },
         {
             "name": "symfony/filesystem",
-            "version": "v7.2.0",
+            "version": "v7.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/filesystem.git",
@@ -4088,7 +4015,7 @@
             "description": "Provides basic utilities for the filesystem",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v7.2.0"
+                "source": "https://github.com/symfony/filesystem/tree/v7.3.0"
             },
             "funding": [
                 {
@@ -4490,16 +4417,16 @@
         },
         {
             "name": "symfony/string",
-            "version": "v7.2.6",
+            "version": "v7.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/string.git",
-                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931"
+                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
-                "reference": "a214fe7d62bd4df2a76447c67c6b26e1d5e74931",
+                "url": "https://api.github.com/repos/symfony/string/zipball/f3570b8c61ca887a9e2938e85cb6458515d2b125",
+                "reference": "f3570b8c61ca887a9e2938e85cb6458515d2b125",
                 "shasum": ""
             },
             "require": {
@@ -4557,7 +4484,7 @@
                 "utf8"
             ],
             "support": {
-                "source": "https://github.com/symfony/string/tree/v7.2.6"
+                "source": "https://github.com/symfony/string/tree/v7.3.0"
             },
             "funding": [
                 {
@@ -4573,20 +4500,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2025-04-20T20:18:16+00:00"
+            "time": "2025-04-20T20:19:01+00:00"
         },
         {
             "name": "vimeo/psalm",
-            "version": "6.11.0",
+            "version": "6.12.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/vimeo/psalm.git",
-                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0"
+                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/vimeo/psalm/zipball/4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
-                "reference": "4ed53b7ccebc09ef60ec4c9e464bf8a01bfd35b0",
+                "url": "https://api.github.com/repos/vimeo/psalm/zipball/cf420941d061a57050b6c468ef2c778faf40aee2",
+                "reference": "cf420941d061a57050b6c468ef2c778faf40aee2",
                 "shasum": ""
             },
             "require": {
@@ -4691,7 +4618,7 @@
                 "issues": "https://github.com/vimeo/psalm/issues",
                 "source": "https://github.com/vimeo/psalm"
             },
-            "time": "2025-05-12T11:30:26+00:00"
+            "time": "2025-05-28T12:52:06+00:00"
         },
         {
             "name": "wapmorgan/php-deprecation-detector",

php/psalm-baseline.xml

@@ -1,81 +1,17 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.10.3@90b5b9f5e7c8e441b191d3c82c58214753d7c7c1">
-  <file src="src/Auth/AuthManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Auth/PasswordGenerator.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[PasswordGenerator]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/AioVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AioVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/Container.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Container]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerEnvironmentVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerEnvironmentVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPort.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPort]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPorts.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPorts]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolume.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolume]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolumes.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolumes]]></code>
-    </ClassMustBeFinal>
-  </file>
+<files psalm-version="6.12.0@cf420941d061a57050b6c468ef2c778faf40aee2">
   <file src="src/ContainerDefinitionFetcher.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerDefinitionFetcher]]></code>
-    </ClassMustBeFinal>
     <PossiblyFalseArgument>
       <code><![CDATA[file_get_contents($path)]]></code>
       <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationController]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Controller/DockerController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerController]]></code>
-    </ClassMustBeFinal>
     <InvalidOperand>
       <code><![CDATA[$port]]></code>
     </InvalidOperand>
   </file>
-  <file src="src/Controller/LoginController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[LoginController]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Data/ConfigurationManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationManager]]></code>
-    </ClassMustBeFinal>
     <FalsableReturnStatement>
       <code><![CDATA[$additionalBackupDirectories]]></code>
     </FalsableReturnStatement>
@@ -98,9 +34,6 @@
     </PossiblyFalseArgument>
   </file>
   <file src="src/Data/DataConst.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DataConst]]></code>
-    </ClassMustBeFinal>
     <FalsableReturnStatement>
       <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
       <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
@@ -112,57 +45,18 @@
       <code><![CDATA[string]]></code>
     </InvalidFalsableReturnType>
   </file>
-  <file src="src/Data/InvalidSettingConfigurationException.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[InvalidSettingConfigurationException]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Data/Setup.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Setup]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/DependencyInjection.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DependencyInjection]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Docker/DockerActionManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerActionManager]]></code>
-    </ClassMustBeFinal>
     <PossiblyFalseArgument>
       <code><![CDATA[$line]]></code>
       <code><![CDATA[$line]]></code>
     </PossiblyFalseArgument>
   </file>
-  <file src="src/Docker/DockerHubManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerHubManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Docker/GitHubContainerRegistryManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[GitHubContainerRegistryManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthMiddleware]]></code>
-    </ClassMustBeFinal>
-  </file>
   <file src="src/Twig/ClassExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ClassExtension]]></code>
-    </ClassMustBeFinal>
     <MissingOverrideAttribute>
       <code><![CDATA[public function getFunctions() : array]]></code>
     </MissingOverrideAttribute>
   </file>
   <file src="src/Twig/CsrfExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[CsrfExtension]]></code>
-    </ClassMustBeFinal>
     <MissingOverrideAttribute>
       <code><![CDATA[public function getGlobals() : array]]></code>
     </MissingOverrideAttribute>

php/psalm.xml

@@ -19,5 +19,6 @@
 		<directory name="vendor" />
 	</extraFiles>
 	<issueHandlers>
+  		<ClassMustBeFinal errorLevel="suppress" />
 	</issueHandlers>
 </psalm>

php/public/containers-form-submit.js

@@ -0,0 +1,88 @@
+document.addEventListener("DOMContentLoaded", function () {
+    // Hide submit button initially
+    const optionsFormSubmit = document.getElementById("options-form-submit");
+    optionsFormSubmit.style.display = 'none';
+
+    const communityFormSubmit = document.getElementById("community-form-submit");
+    communityFormSubmit.style.display = 'none';
+
+    // Store initial states for all checkboxes
+    const initialStateOptionsContainers = {};
+    const initialStateCommunityContainers = {};
+    const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']");
+    const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']");
+
+    optionsContainersCheckboxes.forEach(checkbox => {
+        initialStateOptionsContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        initialStateCommunityContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    // Function to compare current states to initial states
+    function checkForOptionContainerChanges() {
+        let hasChanges = false;
+
+        optionsContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateOptionsContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Function to compare current states to initial states
+    function checkForCommunityContainerChanges() {
+        let hasChanges = false;
+
+        communityContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateCommunityContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        communityFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Event listener to trigger visibility check on each change
+    optionsContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForOptionContainerChanges);
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForCommunityContainerChanges);
+    });
+
+    // Custom behaviors for specific options
+    function handleTalkVisibility() {
+        const talkRecording = document.getElementById("talk-recording");
+        if (document.getElementById("talk").checked) {
+            talkRecording.disabled = false;
+        } else {
+            talkRecording.checked = false;
+            talkRecording.disabled = true;
+        }
+        checkForOptionContainerChanges();  // Check changes after toggling Talk Recording
+    }
+
+    function handleDockerSocketProxyWarning() {
+        if (document.getElementById("docker-socket-proxy").checked) {
+            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
+        }
+    }
+
+    // Initialize event listeners for specific behaviors
+    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
+    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
+
+    // Initialize talk-recording visibility on page load
+    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
+
+    // Initial call to check for changes
+    checkForOptionContainerChanges();
+    checkForCommunityContainerChanges();
+});

php/public/index.php

@@ -128,7 +128,9 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_nvidia_gpu_enabled' => $configurationManager->isNvidiaGpuEnabled(),
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
-        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),        
+        'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
+        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
+        'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {

php/public/options-form-submit.js

@@ -1,60 +0,0 @@
-document.addEventListener("DOMContentLoaded", function () {
-    // Hide submit button initially
-    const optionsFormSubmit = document.getElementById("options-form-submit");
-    optionsFormSubmit.style.display = 'none';
-
-    // Store initial states for all checkboxes
-    const initialState = {};
-    const checkboxes = document.querySelectorAll("#options-form input[type='checkbox']");
-
-    checkboxes.forEach(checkbox => {
-        initialState[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
-    });
-
-    // Function to compare current states to initial states
-    function checkForChanges() {
-        let hasChanges = false;
-        
-        checkboxes.forEach(checkbox => {
-            if (checkbox.checked !== initialState[checkbox.id]) {
-                hasChanges = true;
-            }
-        });
-
-        // Show or hide submit button based on changes
-        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
-    }
-
-    // Event listener to trigger visibility check on each change
-    checkboxes.forEach(checkbox => {
-        checkbox.addEventListener("change", checkForChanges);
-    });
-
-    // Custom behaviors for specific options
-    function handleTalkVisibility() {
-        const talkRecording = document.getElementById("talk-recording");
-        if (document.getElementById("talk").checked) {
-            talkRecording.disabled = false;
-        } else {
-            talkRecording.checked = false;
-            talkRecording.disabled = true;
-        }
-        checkForChanges();  // Check changes after toggling Talk Recording
-    }
-
-    function handleDockerSocketProxyWarning() {
-        if (document.getElementById("docker-socket-proxy").checked) {
-            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
-        }
-    }
-
-    // Initialize event listeners for specific behaviors
-    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
-    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
-
-    // Initialize talk-recording visibility on page load
-    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
-
-    // Initial call to check for changes
-    checkForChanges();
-});

php/public/style.css

@@ -349,6 +349,7 @@ main {
     word-break: break-word;
     max-width: calc(var(--max-width) + calc(var(--main-padding) * 2));
     margin: 0 auto;
+    padding-bottom: var(--main-padding);
 }
 
 .logo {

php/src/Controller/ConfigurationController.php

@@ -15,7 +15,7 @@ readonly class ConfigurationController {
     ) {
     }
 
-    public function SetConfig(Request $request, Response $response, array $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args): Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
@@ -125,6 +125,20 @@ readonly class ConfigurationController {
                 }
             }
 
+            if (isset($request->getParsedBody()['community-form'])) {
+                $cc = $this->configurationManager->listAvailableCommunityContainers();
+                $enabledCC = [];
+                /**
+                 * @psalm-suppress PossiblyNullIterator
+                 */
+                foreach ($request->getParsedBody() as $item) {
+                    if (array_key_exists($item , $cc)) {
+                        $enabledCC[] = $item;
+                    }
+                }
+                $this->configurationManager->SetEnabledCommunityContainers($enabledCC);
+            }
+
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
                 $this->configurationManager->DeleteCollaboraDictionaries();
             }

php/src/Controller/DockerController.php

@@ -62,7 +62,11 @@ readonly class DockerController {
 
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
-        $id = $request->getQueryParams()['id'];
+        $requestParams = $request->getQueryParams();
+        $id = '';
+        if (isset($requestParams['id']) && is_string($requestParams['id'])) {
+            $id = $requestParams['id'];
+        }
         if (str_starts_with($id, 'nextcloud-aio-')) {
             $logs = $this->dockerActionManager->GetLogs($id);
         } else {

php/src/Data/ConfigurationManager.php

@@ -75,7 +75,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return '';
         }
-        
+
         $content = file_get_contents(DataConst::GetBackupArchivesList());
         if ($content === '') {
             return '';
@@ -95,7 +95,7 @@ class ConfigurationManager
         if ($lastBackupTime === "") {
             return '';
         }
-        
+
         return $lastBackupTime;
     }
 
@@ -103,7 +103,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupArchivesList())) {
             return [];
         }
-        
+
         $content = file_get_contents(DataConst::GetBackupArchivesList());
         if ($content === '') {
             return [];
@@ -114,7 +114,7 @@ class ConfigurationManager
         foreach($backupLines as $lines) {
             if ($lines !== "") {
                 $backupTimesTemp = explode(',', $lines);
-                $backupTimes[] = $backupTimesTemp[1];     
+                $backupTimes[] = $backupTimesTemp[1];
             }
         }
 
@@ -140,7 +140,7 @@ class ConfigurationManager
         }
     }
 
-    public function isClamavEnabled() : bool {        
+    public function isClamavEnabled() : bool {
         $config = $this->GetConfig();
         if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
             return true;
@@ -375,7 +375,7 @@ class ConfigurationManager
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
             curl_setopt($ch, CURLOPT_TIMEOUT, 10);
             $response = (string)curl_exec($ch);
             # Get rid of trailing \n
@@ -474,7 +474,7 @@ class ConfigurationManager
         } elseif ($location !== '' && $repo !== '') {
             throw new InvalidSettingConfigurationException("Location and remote repo url are mutually exclusive!");
         }
-        
+
         if ($location !== '') {
             $isValidPath = false;
             if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
@@ -629,7 +629,7 @@ class ConfigurationManager
         if (!file_exists(DataConst::GetBackupPublicKey())) {
             return "";
         }
-        
+
         return trim(file_get_contents(DataConst::GetBackupPublicKey()));
     }
 
@@ -771,7 +771,7 @@ class ConfigurationManager
         if (!preg_match("#^[0-1][0-9]:[0-5][0-9]$#", $time) && !preg_match("#^2[0-3]:[0-5][0-9]$#", $time)) {
             throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
         }
-        
+
         if ($enableAutomaticUpdates === false) {
             $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
         } else {
@@ -1008,16 +1008,61 @@ class ConfigurationManager
     }
 
     private function GetCommunityContainers() : string {
-        $envVariableName = 'AIO_COMMUNITY_CONTAINERS';
-        $configName = 'aio_community_containers';
-        $defaultValue = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+        $config = $this->GetConfig();
+        if(!isset($config['aio_community_containers'])) {
+            $config['aio_community_containers'] = '';
+        }
+
+        return $config['aio_community_containers'];
     }
 
-    public function GetEnabledCommunityContainers() : array {
+
+    public function listAvailableCommunityContainers() : array {
+        $cc = [];
+        $dir = scandir(DataConst::GetCommunityContainersDirectory());
+        if ($dir === false) {
+            return $cc;
+        }
+        // Get rid of dots from the scandir command
+        $dir = array_diff($dir, array('..', '.', 'readme.md'));
+        foreach ($dir as $id) {
+            $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
+            $fileContents = apcu_fetch($filePath);
+            if (!is_string($fileContents)) {
+                $fileContents = file_get_contents($filePath);
+                if (is_string($fileContents)) {
+                    apcu_add($filePath, $fileContents);
+                }
+            } 
+            $json = is_string($fileContents) ? json_decode($fileContents, true) : false;
+            if(is_array($json) && is_array($json['aio_services_v1'])) {
+                foreach ($json['aio_services_v1'] as $service) {
+                    $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
+                    if (is_string($service['display_name'])) {
+                        $cc[$id] = [ 
+                            'id' => $id,
+                            'name' => $service['display_name'],
+                            'documentation' => $documentation
+                        ];
+                    }
+                    break;
+                }
+            }
+        }
+        return $cc;
+    }
+
+    /** @return list<string> */
+    public function GetEnabledCommunityContainers(): array {
         return explode(' ', $this->GetCommunityContainers());
     }
 
+    public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void {
+        $config = $this->GetConfig();
+        $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers);
+        $this->WriteConfig($config);
+    }
+
     private function GetEnabledDriDevice() : string {
         $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
         $configName = 'nextcloud_enable_dri_device';

php/templates/containers.twig

@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.15.0</h1>
+            <h1>Nextcloud AIO v11.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -25,6 +25,9 @@
             {# timezone-prefill #}
             <script type="text/javascript" src="timezone.js"></script>
 
+            {# js for optional containers and additional containers forms #}
+            <script type="text/javascript" src="containers-form-submit.js?v4"></script>
+
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
             {% set isAnyRestarting = false %}
@@ -602,6 +605,7 @@
                                 </form>
                             {% endif %}
                         {% endif %}
+                        {{ include('includes/community-containers.twig') }}
                     {% endif %}
                 {% endif %}
             {% endif %}

php/templates/includes/community-containers.twig

@@ -0,0 +1,42 @@
+<h2>Community Containers</h2>
+<p>In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.</p>
+<p><strong>⚠️ Caution: </strong>Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!</p>
+{% if isAnyRunning == true %}
+    <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+{% else %}
+    <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of Community Containers. The changes will not be auto-saved.</p>
+{% endif %}
+<details>
+    <summary>Show/Hide available Community Containers</summary>
+    <form id="community-form" method="POST" action="/api/configuration" class="xhr">
+        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+        <input type="hidden" name="community-form" value="community-form">
+        {% for cc in community_containers %}
+            <p>
+                <input
+                    type="checkbox"
+                    id="{{ cc.id }}"
+                    value="{{ cc.id }}"
+                    name="{{ cc.id }}"
+                    {% if cc.id in community_containers_enabled %}
+                        checked="checked"
+                        data-initial-state="true"
+                    {% else %}
+                        data-initial-state="false"
+                    {% endif %}
+                    {% if isAnyRunning == true %}
+                        disabled="disabled"
+                    {% endif %}
+                >
+                <label for="{{ cc.id }}">{{ cc.name }} 
+                    {% if cc.documentation != '' %}
+                        <a href="{{ cc.documentation }}" target="_blank">(Documentation)</a>
+                    {% endif %}
+                </label>
+            </p>
+        {% endfor %}
+
+        <input id="community-form-submit" type="submit" value="Save changes" onclick="return confirm('Are you sure that you read the documentation of all community containers that you enabled? If no, please do not continue as this might break your instance!')" />
+    </form>
+</details>

php/templates/includes/optional-containers.twig

@@ -1,5 +1,5 @@
 <h2>Optional containers</h2>
-<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+<p>In this section you can enable or disable optional containers.</p>
 {% if isAnyRunning == true %}
     <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
 {% else %}
@@ -143,7 +143,6 @@
         <label for="whiteboard">Whiteboard</label>
     </p>
     <input id="options-form-submit" type="submit" value="Save changes" />
-    <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}

php/templates/layout.twig

@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v4" media="all" />
+        <link rel="stylesheet" href="/style.css?v5" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

readme.md

@@ -736,7 +736,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
 ### Securing the AIO interface from unauthorized ACME challenges
-[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface on port 8443, is configured to accept traffic on any valid domain in order to make the AIO interface as convenient to use as possible. However due to this, it is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

reverse-proxy.md

@@ -745,6 +745,89 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
+### Traefik 3
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
+
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
+
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers:
+
+    ```yml
+    # STATIC CONFIGURATION
+   
+    entryPoints:
+      https:
+        address: ":443" # Create an entrypoint called "https" that uses port 443
+        # If you want to enable HTTP/3 support, uncomment the line below
+        # http3: {}
+    
+    certificatesResolvers:
+      # Define "letsencrypt" certificate resolver
+      letsencrypt:
+        acme:
+          storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+          email: <your-email-address> # Where LE sends notification about certificates expiring
+          tlschallenge: true
+   
+    providers:
+      file:
+        directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+        watch: true
+    ```
+
+2. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
+
+    ```yml
+    http:
+      routers:
+        nextcloud:
+          rule: "Host(`<your-nc-domain>`)"
+          entrypoints:
+            - "https"
+          service: nextcloud
+          middlewares:
+            - nextcloud-chain
+          tls:
+            certresolver: "letsencrypt"
+
+      services:
+        nextcloud:
+          loadBalancer:
+            servers:
+              - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+
+      middlewares:
+        nextcloud-secure-headers:
+          headers:
+            hostsProxyHeaders:
+              - "X-Forwarded-Host"
+            referrerPolicy: "same-origin"
+
+        https-redirect:
+          redirectscheme:
+            scheme: https 
+
+        nextcloud-chain:
+          chain:
+            middlewares:
+              # - ... (e.g. rate limiting middleware)
+              - https-redirect
+              - nextcloud-secure-headers
+    ```
+
+---
+
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+
+</details>
+
 ### IIS with ARR and URL Rewrite
 
 <details>

tests/QA/060-environmental-variables.md

@@ -24,6 +24,5 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
-- [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)