Update community-containers/jellyseerr/jellyseerr.json

Co-authored-by: Simon L. <szaimen@e.mail.de>
Signed-off-by: Anvil5465 <119350594+Anvil5465@users.noreply.github.com>

Containers/apache/Caddyfile

@@ -40,7 +40,7 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
     route /onlyoffice/* {
         uri strip_prefix /onlyoffice
         reverse_proxy {$ONLYOFFICE_HOST}:80 {
-            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
             header_up X-Forwarded-Proto https
         }
     }

Containers/apache/Dockerfile

@@ -2,7 +2,7 @@
 FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.62-alpine3.21
+FROM httpd:2.4.63-alpine3.21
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-22
+FROM clamav/clamav:1.4.2-24
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.11.3.1
+FROM collabora/code:24.04.12.1.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/mastercontainer/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.5.0-cli AS docker
+FROM docker:27.5.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.9.1-alpine AS caddy

Containers/mastercontainer/start.sh

@@ -285,7 +285,7 @@ fi
 
 # Check if auth.docker.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://auth.docker.io/token | grep -q token; then
+if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
     print_red "Could not reach https://auth.docker.io."
     echo "Most likely is something blocking access to it."
     echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"

Containers/nextcloud/config/s3.config.php

@@ -11,7 +11,6 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
-        'sse_c_key' => getenv('OBJECTSTORE_S3_SSE_C_KEY') ?: '',
         'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
         'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
@@ -26,4 +25,9 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
       )
     )
   );
-} 
+
+  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+  if ($sse_c_key) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
+  }
+}

Containers/talk/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.24-scratch AS nats
+FROM nats:2.10.25-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.2 AS janus
 
 ARG JANUS_VERSION=v1.3.0

Containers/talk/start.sh

@@ -30,14 +30,23 @@ if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_
     IPv4_ADDRESS_TALK=""
 fi
 
+set -x
+IP_BINDING="::"
+if grep -q "1" /sys/module/ipv6/parameters/disable \
+|| grep -q "1" /proc/sys/net/ipv6/conf/all/disable_ipv6 \
+|| grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
+    IP_BINDING="0.0.0.0"
+fi
+set +x
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
   listen:
-    - ip: "::"
+    - ip: "$IP_BINDING"
       port: $TALK_PORT
       transport: udp
-    - ip: "::"
+    - ip: "$IP_BINDING"
       port: $TALK_PORT
       transport: tcp
   log_dir: stdout

Containers/whiteboard/Dockerfile

@@ -13,6 +13,8 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK CMD /healthcheck.sh
 
+WORKDIR /tmp
+
 ENTRYPOINT ["/start.sh"]
 
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/whiteboard/start.sh

@@ -14,4 +14,4 @@ fi
 export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
-exec npm run server:start
+exec npm --prefix /app run server:start

community-containers/borgbackup-viewer/borgbackup-viewer.json

@@ -0,0 +1,71 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-borgbackup-viewer",
+            "image_tag": "v1",
+            "display_name": "Borg Backup Viewer",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer",
+            "image": "szaimen/aio-borgbackup-viewer",
+            "internal_port": "5801",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "5801",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "BORG_HOST_ID=nextcloud-aio-borgbackup-viewer",
+                "WEB_AUTHENTICATION_USERNAME=nextcloud",
+                "WEB_AUTHENTICATION_PASSWORD=%BORGBACKUP_VIEWER_PASSWORD%",
+                "WEB_LISTENING_PORT=5801",
+                "BORG_PASSPHRASE=%BORGBACKUP_PASSWORD%",
+                "BORG_REPO=/mnt/borgbackup/borg"
+            ],
+            "secrets": [
+                "BORGBACKUP_VIEWER_PASSWORD",
+                "BORGBACKUP_PASSWORD"
+            ],
+            "ui_secret": "BORGBACKUP_VIEWER_PASSWORD",
+            "volumes": [
+            {
+                "source": "nextcloud_aio_backup_cache",
+                "destination": "/root",
+                "writeable": true
+            },
+            {
+                "source": "%NEXTCLOUD_DATADIR%",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_mastercontainer",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+                "writeable": true
+            },
+            {
+                "source": "%BORGBACKUP_HOST_LOCATION%",
+                "destination": "/mnt/borgbackup",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_elasticsearch",
+                "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+                "writeable": true
+            },
+            {
+                "source": "nextcloud_aio_redis",
+                "destination": "/mnt/redis",
+                "writeable": true
+            }
+            ],
+            "devices": [
+                "/dev/fuse"
+            ],
+            "cap_add": [
+                "SYS_ADMIN"
+            ],
+            "apparmor_unconfined": true
+        }
+    ]
+}

community-containers/borgbackup-viewer/readme.md

@@ -0,0 +1,17 @@
+## Borgbackup Viewer
+This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
+
+### Notes
+- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
+- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
+- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
+- You can also delete specific archives by running `borg list`,  delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-borgbackup-viewer
+
+### Maintainer
+https://github.com/szaimen
+

community-containers/lldap/lldap.json

@@ -27,6 +27,7 @@
         "LLDAP_JWT_SECRET",
         "LLDAP_LDAP_USER_PASS"
       ],
+      "ui_secret": "LLDAP_JWT_SECRET",
       "volumes": [
         {
           "source": "nextcloud_aio_lldap",

community-containers/lldap/readme.md

@@ -3,7 +3,7 @@ This container bundles LLDAP server and auto-configures your Nextcloud instance
 
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
-- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the secret that you can see next to the container in the AIO interface.
 - To configure Nextcloud, you can use the generic configuration proposed below.
 - For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
 - Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html

community-containers/makemkv/makemkv.json

@@ -0,0 +1,59 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-makekv",
+            "display_name": "MakeMKV",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/makemkv",
+            "image": "jlesage/makemkv",
+            "image_tag": "latest",
+            "internal_port": "5802",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "",
+                    "port_number": "5802",
+                    "protocol": "tcp"
+                }
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_makemkv",
+                    "destination": "/config",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/storage",
+                    "writeable": false
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "/output",
+                    "writeable": true
+                },
+                {
+                    "source": "/dev",
+                    "destination": "/dev",
+                    "writeable": false
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "SECURE_CONNECTION=1",
+                "WEB_AUTHENTICATION=1",
+                "USER_ID=33",
+                "GROUP_ID=33",
+                "WEB_AUTHENTICATION_USERNAME=makemkv",
+                "WEB_AUTHENTICATION_PASSWORD=%MAKEMKV_PASSWORD%",
+                "WEB_LISTENING_PORT=5802"
+            ],
+            "secrets": [
+                "MAKEMKV_PASSWORD"
+            ],
+            "ui_secret": "MAKEMKV_PASSWORD",
+            "backup_volumes": [
+                "nextcloud_aio_makemkv"
+            ]
+        }
+    ]
+}

community-containers/makemkv/readme.md

@@ -0,0 +1,20 @@
+## MakeMKV
+This container bundles MakeMKV and auto-configures it for you.
+
+### Notes
+- This container should only be run in home networks
+- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
+- This container only works on Linux and not on Docker-Desktop.
+- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
+- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
+- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
+- The config data of MakeMKV will be automatically included in AIOs backup solution!
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/jlesage/docker-makemkv
+
+### Maintainer
+https://github.com/szaimen

community-containers/nocodb/nocodb.json

@@ -28,6 +28,7 @@
                 "NOCODB_JWT_SECRET",
                 "NOCODB_USER_PASS"
             ],
+            "ui_secret": "NOCODB_USER_PASS",
             "volumes": [
                 {
                     "source": "nextcloud_aio_nocodb",

community-containers/nocodb/readme.md

@@ -17,7 +17,7 @@ This is an alternative of **Airtable**.
 - You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`.
 - The data of NocoDb will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb  | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin`
+- After adding and starting the container, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin` with the username `admin@noco.db` and the password that you can see in the AIO interface next to the container. 
 - See https://docs.nocodb.com/ for usage of NocoDb
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

community-containers/scrutiny/readme.md

@@ -0,0 +1,15 @@
+## Scrutiny
+This container bundles Scrutiny and auto-configures it for you.
+
+### Notes
+- This container should only be run in home networks
+- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the drives and smartctl stats which is a security issue. However no better solution was found for the time being.
+- This container only works on Linux and not on Docker-Desktop.
+- After adding and starting the container, you need to visit `http://internal.ip.of.server:8000` which will show the dashboard for your drives.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/szaimen/aio-scrutiny
+
+### Maintainer
+https://github.com/szaimen

community-containers/scrutiny/scrutiny.json

@@ -0,0 +1,56 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-scrutiny",
+            "display_name": "Scrutiny",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
+            "image": "szaimen/aio-scrutiny",
+            "image_tag": "v1",
+            "internal_port": "8000",
+            "init": false,
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "8000",
+                  "protocol": "tcp"
+                }
+            ],
+            "cap_add": [
+                "SYS_RAWIO",
+                "SYS_ADMIN"
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "SCRUTINY_WEB_LISTEN_PORT=8000",
+                "COLLECTOR_API_ENDPOINT=http://127.0.0.1:8000"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_scrutiny",
+                    "destination": "/opt/scrutiny/config",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_scrutiny_db",
+                    "destination": "/opt/scrutiny/influxdb",
+                    "writeable": true
+                },
+                {
+                    "source": "/run/udev",
+                    "destination": "/run/udev",
+                    "writeable": false
+                },
+                {
+                    "source": "/dev",
+                    "destination": "/dev",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_scrutiny",
+                "nextcloud_aio_scrutiny_db"
+            ]
+        }
+    ]
+}

community-containers/stalwart/stalwart.json

@@ -53,6 +53,7 @@
             "secrets": [
                 "STALWART_USER_PASS"
             ],
+            "ui_secret": "STALWART_USER_PASS",
             "volumes": [
                 {
                     "source": "nextcloud_aio_stalwart",

compose.yaml

@@ -38,6 +38,7 @@ services:
     # security_opt: ["label:disable"] # Is needed when using SELinux
 
 #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
+#   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/5439
 #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
 #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 #   caddy:

local-instance.md

@@ -2,14 +2,17 @@
 It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
 
 ### Content
-- [1. The recommended way](#1-the-recommended-way)
-- [2. Use the ACME DNS-challenge](#2-use-the-acme-dns-challenge)
-- [3. Use Cloudflare](#3-use-cloudflare)
-- [4. Buy a certificate and use that](#4-buy-a-certificate-and-use-that)
-- [5. Tailscale network](#5-tailscale-network)
+- [1. Tailscale](#1-tailscale)
+- [2. The normal way](#2-the-normal-way)
+- [3. Use the ACME DNS-challenge](#3-use-the-acme-dns-challenge)
+- [4. Use Cloudflare](#4-use-cloudflare)
+- [5. Buy a certificate and use that](#5-buy-a-certificate-and-use-that)
 
-## 1. The recommended way
-The recommended way is the following:
+## 1. Tailscale
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
+
+## 2. The normal way
+The normal way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
@@ -18,14 +21,11 @@ The recommended way is the following:
 
 **Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
 
-## 2. Use the ACME DNS-challenge
+## 3. Use the ACME DNS-challenge
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
 
-## 3. Use Cloudflare
+## 4. Use Cloudflare
 If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
 
-## 4. Buy a certificate and use that
+## 5. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
-
-## 5. Tailscale network
-For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439

manual-install/latest.yml

@@ -459,6 +459,8 @@ services:
       retries: 3
     expose:
       - "3002"
+    tmpfs:
+      - /tmp
     environment:
       - TZ=${TIMEZONE}
       - NEXTCLOUD_URL=https://${NC_DOMAIN}
@@ -466,6 +468,7 @@ services:
       - STORAGE_STRATEGY=redis
       - REDIS_HOST=nextcloud-aio-redis
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - BACKUP_DIR=/tmp
     restart: unless-stopped
     profiles:
       - whiteboard

manual-install/update-yaml.sh

@@ -14,6 +14,7 @@ cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"

nextcloud-aio-helm-chart/readme.md

@@ -1,5 +1,8 @@
 # Nextcloud AIO Helm-chart
 
+> [!NOTE]
+> For an enterprise-ready and scalable deployment method based on Helm Charts (also available for Podman), please [contact Nextcloud GmbH](https://nextcloud.com/enterprise/).
+
 You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below.
 
 ### Advantages

php/containers-schema.json

@@ -145,6 +145,10 @@
 							"pattern": "^[A-Z_]+$"
 						}
 					},
+					"ui_secret": {
+						"type": "string",
+						"pattern": "^[A-Z_]+$"
+					},
 					"image_tag": {
 						"type": "string",
 						"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
@@ -213,7 +217,7 @@
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%))$"
+									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%)|(/dev)|(/run/udev))$"
 								},
 								"writeable": {
 									"type": "boolean"

php/containers.json

@@ -3,6 +3,7 @@
     {
       "container_name": "nextcloud-aio-apache",
       "image_tag": "%AIO_CHANNEL%",
+      "documentation": "https://github.com/nextcloud/all-in-one/discussions/2105",
       "depends_on": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
@@ -856,6 +857,9 @@
       "expose": [
         "3002"
       ],
+      "tmpfs": [
+        "/tmp"
+      ],
       "internal_port": "3002",
       "environment": [
         "TZ=%TIMEZONE%",
@@ -863,7 +867,8 @@
         "JWT_SECRET_KEY=%WHITEBOARD_SECRET%",
         "STORAGE_STRATEGY=redis",
         "REDIS_HOST=nextcloud-aio-redis",
-        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "BACKUP_DIR=/tmp"
       ],
       "secrets": [
         "WHITEBOARD_SECRET",

php/src/Container/Container.php

@@ -21,6 +21,7 @@ readonly class Container {
         private array                         $dependsOn,
         /** @var string[] */
         private array                         $secrets,
+        private string                        $uiSecret,
         /** @var string[] */
         private array                         $devices,
         private bool                          $enableNvidiaGpu,
@@ -85,6 +86,10 @@ readonly class Container {
         return $this->secrets;
     }
 
+    public function GetUiSecret() : string {
+        return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
+    }
+
     public function GetTmpfs() : array {
         return $this->tmpfs;
     }

php/src/ContainerDefinitionFetcher.php

@@ -244,6 +244,11 @@ readonly class ContainerDefinitionFetcher {
                 $secrets = $entry['secrets'];
             }
 
+            $uiSecret = '';
+            if (isset($entry['ui_secret'])) {
+                $uiSecret = $entry['ui_secret'];
+            }
+
             $devices = [];
             if (isset($entry['devices'])) {
                 $devices = $entry['devices'];
@@ -316,6 +321,7 @@ readonly class ContainerDefinitionFetcher {
                 $variables,
                 $dependsOn,
                 $secrets,
+                $uiSecret,
                 $devices,
                 $enableNvidiaGpu,
                 $capAdd,

php/src/Controller/DockerController.php

@@ -46,7 +46,7 @@ readonly class DockerController {
         if ($pullImage) {
             if (!$this->dockerActionManager->isDockerHubReachable($container)) {
                 $pullImage = false;
-                error_log('Not pulling the image for the ' . $container->GetContainerName() . ' container because docker hub does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.');
             }
         }
 

php/src/Data/ConfigurationManager.php

@@ -33,6 +33,10 @@ class ConfigurationManager
     }
 
     public function GetAndGenerateSecret(string $secretId) : string {
+        if ($secretId === '') {
+            return '';
+        }
+
         $config = $this->GetConfig();
         if(!isset($config['secrets'][$secretId])) {
             $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -210,7 +214,7 @@ class ConfigurationManager
     }
 
     public function SetFulltextsearchEnabledState(int $value) : void {
-        # Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
+        // Elasticsearch does not work on kernels without seccomp anymore. See https://github.com/nextcloud/all-in-one/discussions/5768
         if ($this->GetCollaboraSeccompDisabledState() === 'true') {
             $value = 0;
         }
@@ -281,6 +285,12 @@ class ConfigurationManager
         if (!$this->isTalkEnabled()) {
             $value = 0;
         }
+
+        // Currently only works on x64. See https://github.com/nextcloud/nextcloud-talk-recording/issues/17
+        if (!$this->isx64Platform()) {
+            $value = 0;
+        }
+
         $config = $this->GetConfig();
         $config['isTalkRecordingEnabled'] = $value;
         $this->WriteConfig($config);

php/src/Docker/DockerActionManager.php

@@ -167,7 +167,7 @@ readonly class DockerActionManager {
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
         }
     }
 
@@ -541,19 +541,23 @@ readonly class DockerActionManager {
         $mounts = [];
 
         // Special things for the backup container which should not be exposed in the containers.json
-        if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
+        if (str_starts_with($container->GetIdentifier(), 'nextcloud-aio-borgbackup')) {
             // Additional backup directories
             foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
                 if ($additionalBackupVolumes !== '') {
                     $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
                 }
             }
+
+            // Make volumes read only in case of borgbackup container. The viewer makes them writeable
+            $isReadOnly = $container->GetIdentifier() === 'nextcloud-aio-borgbackup';
+
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
-                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => true];
+                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly];
                     } else {
-                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => true, "BindOptions" => ["NonRecursive" => true]];
+                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => $isReadOnly, "BindOptions" => ["NonRecursive" => true]];
                     }
                 }
             }
@@ -588,7 +592,7 @@ readonly class DockerActionManager {
                 ]
             );
         } catch (RequestException $e) {
-            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getMessage());
+            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getResponse()?->getBody()->getContents());
         }
 
     }
@@ -623,7 +627,7 @@ readonly class DockerActionManager {
         try {
             $this->guzzleClient->post($url);
         } catch (RequestException $e) {
-            $message = "Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.";
+            $message = "Could not pull image " . $imageName . ": " . $e->getResponse()?->getBody()->getContents();
             if ($imageIsThere === false) {
                 throw new \Exception($message);
             } else {
@@ -883,7 +887,7 @@ readonly class DockerActionManager {
             } catch (RequestException $e) {
                 // 409 is undocumented and gets thrown if the network already exists.
                 if ($e->getCode() !== 409) {
-                    throw new \Exception("Could not create the nextcloud-aio network: " . $e->getMessage());
+                    throw new \Exception("Could not create the nextcloud-aio network: " . $e->getResponse()?->getBody()->getContents());
                 }
             }
         }
@@ -1028,6 +1032,10 @@ readonly class DockerActionManager {
         }
     }
 
+    public function GetAndGenerateSecretWrapper(string $secretId) : string {
+        return $this->configurationManager->GetAndGenerateSecret($secretId);
+    }
+
     public function isNextcloudImageOutdated() : bool {
         $createdTime = $this->GetCreatedTimeOfNextcloudImage();
 

php/templates/containers.twig

@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.4.0</h1>
+            <h1>Nextcloud AIO v10.5.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -101,7 +101,7 @@
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
-                            <p>Please type the domain that will be used for Nextcloud below in order to create a new AIO instance.</p>
+                            <p>Please type the domain that will be used for Nextcloud.</p>
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
@@ -115,7 +115,7 @@
                                 <p>Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router and 443/udp as well if you want to enable http3) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record is, of course, also possible). You should see hints on what went wrong in the top right corner if your domain is not accepted.</p>
                                 <details>
                                     <summary>Click here for further hints</summary>
-                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others.</p>
+                                    <p>If you do not have a domain yet, you can get one for free e.g. from duckdns.org and others. Recommended is to use <a href="https://github.com/nextcloud/all-in-one/discussions/5439">Tailscale</a></p>
                                     <p>If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.</p>
                                     <p>If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.</p>
                                     <p>If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.</p>
@@ -282,6 +282,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (password: {{ container.GetUiSecret() }})
+                                            {% endif %}
                                             </span>
                                         {% elseif container.GetRunningState().value == 'running' %}
                                             <span class="status success"></span>
@@ -289,6 +292,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (password: {{ container.GetUiSecret() }})
+                                            {% endif %}
                                             </span>
                                         {% else %}
                                             <span class="status error"></span>
@@ -296,6 +302,9 @@
                                             {% if container.GetDocumentation() != '' %}
                                                 (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                             {% endif %}
+                                            {% if container.GetUiSecret() != '' %}
+                                                (password: {{ container.GetUiSecret() }})
+                                            {% endif %}
                                             </span>
                                         {% endif %}
                                     </li>
@@ -504,6 +513,9 @@
                                         {% endif %}
 
                                         {% if has_backup_run_once == true %}
+                                            <h3>Backup Viewer</h3>
+                                            <p>There is now a community container that allows to access your backups in a web session. See <a href="https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer"><strong>this documentation</strong></a>.</p>
+
                                             <h3>Backup check</h3>
                                             <p>Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact. It shouldn't be needed in most situations.</p>
                                             <form method="POST" action="/api/docker/backup-check" class="xhr">

php/templates/includes/optional-containers.twig

@@ -21,7 +21,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x64, needs ~1GB additional RAM)</label>
+        <label for="clamav">ClamAV (Antivirus backend for Nextcloud, only supported on x86_64, needs ~1GB additional RAM)</label>
     </p>
     <p>
         <input
@@ -96,7 +96,7 @@
                 data-initial-state="false"
             {% endif %}
         >
-        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs)</label>
+        <label for="talk-recording">Nextcloud Talk Recording-server (needs Nextcloud Talk being enabled and ~1GB additional RAM and ~2 additional vCPUs, currently <a href="https://github.com/nextcloud/nextcloud-talk-recording/issues/17">only works on x86_64</a>)</label>
     </p>
     {% if is_onlyoffice_enabled == true %}
     <p>

readme.md

@@ -13,6 +13,7 @@ Included are:
 - Fulltextsearch (optional)
 - Whiteboard (optional)
 - Docker Socket Proxy (optional, needed for [Nextcloud App API](https://github.com/cloud-py-api/app_api#nextcloud-appapi))
+- [Community containers](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 <details><summary>And much more:</summary>
 
 - Simple web interface included that enables easy installation and maintenance
@@ -27,7 +28,7 @@ Included are:
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
-- Can be used inside [Tailscale network](https://github.com/nextcloud/all-in-one/discussions/5439)
+- Can be used via [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439)
 - Ready for big file uploads up to 10 GB on public links, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud) (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case)
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
@@ -46,7 +47,6 @@ Included are:
 - Possibility included to [permanently add additional PHP extensions into the Nextcloud container](https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container) without having to build your own Docker image
 - Possibility included to [pass the needed device for hardware transcoding](https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud) to the Nextcloud container
 - Possibility included to [store all docker related files on a separate drive](https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive)
-- [Additional features can be added very easily](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers)
 - [LDAP can be used as user backend for Nextcloud](https://github.com/nextcloud/all-in-one/tree/main#ldap)
 - Migration from any former Nextcloud installation to AIO is possible. See [this documentation](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
 - [Fail2Ban can be added](https://github.com/nextcloud/all-in-one#fail2ban)
@@ -232,6 +232,7 @@ On older TrueNAS SCALE releases with Kubernetes environment, there are two ways
 Another but untested way is to install Portainer on your TrueNAS SCALE from here https://truecharts.org/charts/stable/portainer/installation-notes and add the Helm-chart repository https://nextcloud.github.io/all-in-one/ into Portainer by following https://docs.portainer.io/user/kubernetes/helm. More docs on AIOs Helm Chart are available here: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart#nextcloud-aio-helm-chart.
 
 ### Notes on Cloudflare (proxy/tunnel)
+Since Cloudflare Proxy/Tunnel comes with a lot of limitations which are listed below, it is rather recommended to switch to [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if possible.
 - Cloudflare Proxy and Cloudflare Tunnel both require Cloudflare to perform TLS termination on their side and thus decrypt all the traffic on their infrastructure. This is a privacy concern and you will need to look for other solutions if it's unacceptable for you.
 - Using Cloudflare Tunnel might potentially slow down Nextcloud since local access via the configured domain is not possible because TLS termination is in that case offloaded to Cloudflare's infrastructure. There is no way to disable this behavior in Cloudflare Tunnel.
 - It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
@@ -248,7 +249,7 @@ Another but untested way is to install Portainer on your TrueNAS SCALE from here
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel. However please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding.
 
-### How to run Nextcloud inside a Tailscale network?
+### How to run Nextcloud via Tailscale?
 For a reverse proxy example guide for Tailscale, see this guide by @flll: https://github.com/nextcloud/all-in-one/discussions/5439
 
 ### Disrecommended VPS providers
@@ -273,22 +274,22 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation on how to set it up locally: [local-instance.md](./local-instance.md), but keep in mind you're still required to have https working properly.
 
 ### Can I use an ip-address for Nextcloud instead of a domain?
-No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md) for configuration without a traditional domain. Or, [consider using NextcloudPi](nextcloudpi.com) for ip-address access locally (it bundles fewer features than AIO).
+No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
 
 ### Can I run AIO offline or in an airgapped system?
 No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
 
 ### Are self-signed certificates supported for Nextcloud?
-No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md).
+No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md). Recommended is to use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439).
 
 ### Can I use AIO with multiple domains?
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443.
+No and they will not be. If port 443 and/or 80 is blocked for you, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online. If you already run a different service on port 443, please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
-No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
+No and it will not be added. Please use a dedicated (sub-)domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). Alternatively, you may use [Tailscale](https://github.com/nextcloud/all-in-one/discussions/5439) if you want to publish it online.
 
 ### How can I access Nextcloud locally?
 Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
@@ -493,6 +494,9 @@ In this example, it would mount `E:\your\backup\path` into the volume so for a d
 #### Pro-tip: Backup archives access
 You can open the BorgBackup archives on your host by following these steps:<br>
 (instructions for Ubuntu Desktop)
+
+Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer.
+
 ```bash
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup
@@ -520,6 +524,9 @@ sudo umount /tmp/borg
 #### Delete backup archives manually
 You can delete BorgBackup archives on your host manually by following these steps:<br>
 (instructions for Debian based OS' like Ubuntu)
+
+Alternatively, there is now a community container that allows to access your backups in a web session: https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer.
+
 ```bash
 # Install borgbackup on the host
 sudo apt update && sudo apt install borgbackup

reverse-proxy.md

@@ -3,6 +3,9 @@
 > [!NOTE]
 > Please note that AIO comes secured with TLS out-of-the-box. So you don't need to necessarily set up your own reverse proxy if you only want to run Nextcloud AIO which is much easier. See [the normal readme](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-use-this) in that case. However if port 443 should already be used because you already run a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to follow this reverse proxy documentation to set up Nextcloud AIO.
 
+> [!TIP]
+> If you don't have a domain yet, [Tailscale is recommended](https://github.com/nextcloud/all-in-one/discussions/5439). If you don't have a reverse proxy yet, [Caddy is recommended](https://github.com/nextcloud/all-in-one/discussions/575).
+
 ## Introduction
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else), you need to:
 1. add a specific config to your web server or reverse proxy. [See the documentation below.](#1-configure-the-reverse-proxy)