add comment with link

Signed-off-by: Simon L. <szaimen@e.mail.de>
make the check for backup dir and datadir fail proof
2026-05-22 11:20:13 +00:00 · 2025-07-03 11:48:22 +02:00 · 2025-07-03 11:44:50 +02:00 · 2025-07-03 10:28:47 +02:00 · 2025-07-03 10:16:19 +02:00 · 2025-07-03 10:00:59 +02:00
10 changed files with 28 additions and 11 deletions
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.2.1-alpine
+FROM haproxy:3.2.2-alpine

 # hadolint ignore=DL3002
 USER root
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.5-scratch AS nats
+FROM nats:2.11.6-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus
@@ -37,6 +37,7 @@ RUN set -ex; \

 FROM alpine:3.21.3
 ENV ETURNAL_ETC_DIR="/conf"
+ENV SKIP_CERT_VERIFY=false
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
 COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -95,6 +95,7 @@ backends = backend-1
 allowall = false
 timeout = 10
 connectionsperhost = 8
+skipverify = ${SKIP_CERT_VERIFY}

 [backend-1]
 url = https://${NC_DOMAIN}
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM ghcr.io/nicholas-fedor/watchtower:1.11.3 AS watchtower
+FROM ghcr.io/nicholas-fedor/watchtower:1.11.5 AS watchtower

 FROM alpine:3.21.3

--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -2,7 +2,7 @@
    "aio_services_v1": [
        {
            "container_name": "nextcloud-aio-libretranslate",
-            "display_name": "LibreTranslate",
+            "display_name": "LibreTranslate (deprecated)",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
            "image": "ghcr.io/szaimen/aio-libretranslate",
            "image_tag": "v1",
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -47,7 +47,7 @@
 					},
 					"display_name": {
 						"type": "string",
-						"pattern": "^[A-Za-z 0-9-]+$"
+						"pattern": "^[()A-Za-z 0-9-]+$"
 					},
 					"environment": {
 						"type": "array",
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -484,8 +484,15 @@ class ConfigurationManager
            }

            if (!$isValidPath) {
-                throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
+                throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'! Another option is to use the docker volume name 'nextcloud_aio_backupdir'.");
            }
+
+            // Prevent backup to be contained in Nextcloud Datadir as this will delete the backup archive upon restore
+            // See https://github.com/nextcloud/all-in-one/issues/6607
+            if (str_starts_with($location . '/', rtrim($this->GetNextcloudDatadirMount(), '/') . '/')) {
+                throw new InvalidSettingConfigurationException("The path must not be a children of or equal to NEXTCLOUD_DATADIR, which is currently set to " . $this->GetNextcloudDatadirMount());
+            }
+
        } else {
            $this->ValidateBorgRemoteRepo($repo);
        }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -584,6 +584,12 @@ readonly class DockerActionManager {
            $requestBody['HostConfig']['Mounts'] = $mounts;
        }

+        // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "org.label-schema.vendor" => "Nextcloud"];
+
+        // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
+        $requestBody['Hostname'] = $container->GetIdentifier();
+
        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
        try {
            $this->guzzleClient->request(
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@

    <div class="container">
        <main>
-            <h1>Nextcloud AIO v11.2.1</h1>
+            <h1>Nextcloud AIO v11.3.0</h1>

            {# Add 2nd tab warning #}
            <script type="text/javascript" src="second-tab-warning.js"></script>
--- a/readme.md
+++ b/readme.md
@@ -1033,11 +1033,13 @@ After doing a restore via the AIO interface, you might run into problems due to
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environment variables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
 - `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option.
- `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers at the start of the script. Implied by `DAILY_BACKUP=1`.
+- `START_CONTAINERS` if set to `1`, it will automatically start the containers at the end of the script, without updating them. Implied by `DAILY_BACKUP=1`.
+- `CHECK_BACKUP` if set to `1`, it will start the integrity check of all borg backups made by AIO. Note that the backup check is non blocking so containers can be kept running while the check lasts. That means you can't pass `DAILY_BACKUP=1` at the same time. The output of the check can be found in the logs of the container `nextcloud-aio-borgbackup`.

-One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+One example to do a backup would be `sudo docker exec -it --env DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
+
+Likewise to do a backup check would be `sudo docker exec --env DAILY_BACKUP=0 --env CHECK_BACKUP=1 --env STOP_CONTAINERS=0 nextcloud-aio-mastercontainer /daily-backup.sh`.

 > [!NOTE]  
 > None of the option returns error codes. So you need to check for the correct result yourself.
Author	SHA1	Message	Date
Simon L.	362cad79db	add comment with link Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-03 11:48:22 +02:00
Simon L.	983e523bde	make the check for backup dir and datadir fail proof Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-03 11:44:50 +02:00
Simon L.	bf4cf0ad27	increase to 11.3.0 Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-03 10:28:47 +02:00
Simon L.	2aec1be167	Merge pull request #6609 from nextcloud/enh/6607/check-if-children instance-restore: make sure that the configured borg restore location is not a children of or equal to NEXTCLOUD_DATADIR	2025-07-03 10:16:19 +02:00
Simon L.	3e9ce2be05	instance-restore: make sure that the configured borg restore location is not a children of or equal to NEXTCLOUD_DATADIR Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-03 10:00:59 +02:00
Simon L.	17382f1f1f	Merge pull request #6608 from nextcloud/dependabot/docker/Containers/docker-socket-proxy/haproxy-3.2.2-alpine build(deps): bump haproxy from 3.2.1-alpine to 3.2.2-alpine in /Containers/docker-socket-proxy	2025-07-03 07:41:17 +02:00
dependabot[bot]	07dc4de9ff	build(deps): bump haproxy in /Containers/docker-socket-proxy Bumps haproxy from 3.2.1-alpine to 3.2.2-alpine. --- updated-dependencies: - dependency-name: haproxy dependency-version: 3.2.2-alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-03 04:43:58 +00:00
Simon L.	665d157240	Merge pull request #6605 from nextcloud/dependabot/docker/Containers/watchtower/nicholas-fedor/watchtower-1.11.5 build(deps): bump nicholas-fedor/watchtower from 1.11.3 to 1.11.5 in /Containers/watchtower	2025-07-02 10:54:19 +02:00
Simon L.	e4b400e605	Merge pull request #6604 from nextcloud/dependabot/docker/Containers/talk/nats-2.11.6-scratch build(deps): bump nats from 2.11.5-scratch to 2.11.6-scratch in /Containers/talk	2025-07-02 08:08:38 +02:00
dependabot[bot]	306818dc10	build(deps): bump nicholas-fedor/watchtower in /Containers/watchtower Bumps [nicholas-fedor/watchtower](https://github.com/nicholas-fedor/watchtower) from 1.11.3 to 1.11.5. - [Release notes](https://github.com/nicholas-fedor/watchtower/releases) - [Changelog](https://github.com/nicholas-fedor/watchtower/blob/main/goreleaser.yml) - [Commits](https://github.com/nicholas-fedor/watchtower/compare/v1.11.3...v1.11.5) --- updated-dependencies: - dependency-name: nicholas-fedor/watchtower dependency-version: 1.11.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-02 04:28:08 +00:00
dependabot[bot]	b561c59b93	build(deps): bump nats in /Containers/talk Bumps nats from 2.11.5-scratch to 2.11.6-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.6-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-07-02 04:27:41 +00:00
Olicorne	df13ca077c	readme: improve the `How to stop/start/update containers or trigger the daily backup from a script externally?` section (#6592 ) Signed-off-by: thiswillbeyourgithub <26625900+thiswillbeyourgithub@users.noreply.github.com> Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 18:52:44 +02:00
Simon L.	1a43bfdc95	Merge pull request #6601 from nextcloud/enh/6564/add-label-to-all-containers CreateContainers: add `"com.centurylinklabs.watchtower.enable": "false"` to all managed containers	2025-07-01 18:02:42 +02:00
Simon L.	9967aea70c	CreateContainers: add `"com.centurylinklabs.watchtower.enable": "false"` to all managed containers Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 17:58:27 +02:00
Simon L.	d20812b0e8	add comment Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 17:43:36 +02:00
Simon L.	6b82682384	Merge pull request #6600 from nextcloud/enh/6589/add-hostname CreateContainer: always add a Hostname to each container	2025-07-01 17:29:56 +02:00
Simon L.	c8382117ce	Merge pull request #6599 from nextcloud/feat/talk-skip-verify feat(talk): add SKIP_CERT_VERIFY env	2025-07-01 17:27:50 +02:00
Anupam Kumar	1b3e519cd7	feat(talk): add SKIP_CERT_VERIFY env This environment variable when set to "true" will allow usage of self-signed certificates. Signed-off-by: Anupam Kumar <kyteinsky@gmail.com> Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 17:26:23 +02:00
Simon L.	01f13cc01a	Merge pull request #6523 from nextcloud/enh/noid/remove-translate libretranslate: add `(deprecated)` to its display name	2025-07-01 17:20:11 +02:00
Jean-Yves	aec692208e	libretranslate: add `(deprecated)` to its display name Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com> Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 17:19:15 +02:00
Simon L.	fcc74e2105	DockerActionManager: always add a Hostname to each container Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-07-01 15:01:10 +02:00