Merge pull request #4259 from nextcloud/imaginary-container-update

Imaginary update
imaginary-update automated change
2026-05-21 19:00:33 +00:00 · 2024-02-21 13:17:49 +01:00 · 2024-02-21 12:02:15 +00:00 · 2024-02-21 12:55:09 +01:00 · 2024-02-21 12:53:56 +01:00 · 2024-02-20 15:47:56 +01:00
103 changed files with 1128 additions and 402 deletions
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:

    steps:
      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -44,7 +44,7 @@ jobs:
        )"
        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
      with:
        commit-message: php dependency updates
        signoff: true
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -37,8 +37,7 @@ jobs:
          version: v3.6.3

      - name: Run chart-releaser
-        # TODO: switch back @main to a specific version like @v1.5.1 or higher
-        uses: helm/chart-releaser-action@main
+        uses: helm/chart-releaser-action@v1.6.0
        with:
          mark_as_latest: false
          charts_dir: .
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
      with:
        commit-message: imaginary-update automated change
        signoff: true
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -28,7 +28,7 @@ jobs:
        run: ct lint --target-branch ${{ github.event.repository.default_branch }} --debug --chart-dirs nextcloud-aio-helm-chart

      - name: Create kind cluster
-        uses: helm/kind-action@v1.8.0
+        uses: helm/kind-action@v1.9.0

      - name: Run chart-testing (install)
        id: install
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -68,7 +68,7 @@ jobs:
        fi

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
      with:
        commit-message: nextcloud-update automated change
        signoff: true
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -31,7 +31,7 @@ jobs:
        continue-on-error: true

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update psalm baseline
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -11,18 +11,18 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
-    - name: Run talk-update
+    - name: Run talk-container-update
      run: |
-        # Spreed
-        spreed_version="$(
-          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+        # Recording
+        recording_version="$(
+          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
            | cut -d/ -f3 \
            | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | grep -E "^v[0-9\.]+$" \
            | tail -1
        )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
        
        # Signaling
        signaling_version="$(
@@ -45,11 +45,11 @@ jobs:
        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v5
+      uses: peter-evans/create-pull-request@v6
      with:
        commit-message: talk-update automated change
        signoff: true
-        title: talk update
+        title: talk container update
        body: Automated talk container update
        labels: dependencies, 3. to review
        milestone: next
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -21,7 +21,7 @@ jobs:
            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
          fi
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
        with:
          commit-message: Helm Chart updates
          signoff: true
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
        run: |
          sudo bash manual-install/update-yaml.sh
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v5
+        uses: peter-evans/create-pull-request@v6
        with:
          commit-message: Yaml updates
          signoff: true
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -14,7 +14,10 @@
    }
 }

+https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
+    header -Server
+    header -X-Powered-By

    # Collabora
    route /browser/* {
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,6 +1,7 @@
-FROM caddy:2.7.5-alpine as caddy
+# syntax=docker/dockerfile:latest
+FROM caddy:2.7.6-alpine as caddy

-FROM httpd:2.4.58-alpine3.18
+FROM httpd:2.4.58-alpine3.19

 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy

@@ -53,6 +54,12 @@ RUN set -ex; \
        /usr/local/apache2/conf/httpd.conf; \
    echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
    echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
+# Sync this with max db connections and pm.max_children
+# We don't actually expect so many workers but don't want to limit it artificially because people will report issues otherwise.
+    sed -i 's|MaxRequestWorkers.*|MaxRequestWorkers 5000|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+    grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
+# ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
+    sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
    \
    rm -rf /usr/local/apache2/conf/original /var/www; \
    mkdir -p /var/www; \
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -49,4 +49,7 @@ Listen 8000

    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
    ProxyTimeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+    TraceEnable Off
 </VirtualHost>
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -51,6 +51,12 @@ else
 fi
 echo "$CADDYFILE" > /tmp/Caddyfile

+# Remove additional domain if not given
+if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
+fi
+echo "$CADDYFILE" > /tmp/Caddyfile
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile

--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,5 @@
-FROM alpine:3.18.4
+# syntax=docker/dockerfile:latest
+FROM alpine:3.19.1

 RUN set -ex; \
    \
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -69,6 +69,11 @@ if [ "$BORG_MODE" = backup ]; then
        exit 1
    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/database-dump.sql" ]; then
        echo "database-dump is missing. Cannot perform backup!"
+        echo "Please check the database container logs!"
+        exit 1
+    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ]; then
+        echo "The .ocdata file is missing in Nextcloud datadir which means it is invalid!"
+        echo "Is the drive where the datadir is located on still mounted?"
        exit 1
    fi

--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-14
+FROM clamav/clamav:1.3.0-39

 COPY clamav.conf /tmp/clamav.conf

--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.3.1
+FROM collabora/code:23.05.9.1.1

 USER root

--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,4 +1,5 @@
-FROM haproxy:2.8.3-alpine3.18
+# syntax=docker/dockerfile:latest
+FROM haproxy:2.9.5-alpine3.19

 # hadolint ignore=DL3002
 USER root
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,5 @@
-FROM alpine:3.18.4
+# syntax=docker/dockerfile:latest
+FROM alpine:3.19.1
 RUN set -ex; \
    apk add --no-cache bash lighttpd netcat-openbsd; \
    adduser -S www-data -G www-data; \
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.4
+FROM elasticsearch:8.12.1

 USER root

--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,6 +1,7 @@
-FROM golang:1.21.3-alpine3.18 as go
+# syntax=docker/dockerfile:latest
+FROM golang:1.22.0-alpine3.18 as go

-ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138

 RUN set -ex; \
    apk add --no-cache \
@@ -12,7 +13,7 @@ RUN set -ex; \
        build-base; \
    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";

-FROM alpine:3.18.4
+FROM alpine:3.18.6
 RUN set -ex; \
    apk add --no-cache \
        tzdata \
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,11 +1,12 @@
+# syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:24.0.7-cli as docker
+FROM docker:25.0.3-cli as docker

 # Caddy is a requirement
-FROM caddy:2.7.5-alpine as caddy
+FROM caddy:2.7.6-alpine as caddy

-# From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.12-fpm-alpine3.18
+# From https://github.com/docker-library/php/blob/master/8.2/alpine3.19/fpm/Dockerfile
+FROM php:8.2.16-fpm-alpine3.19

 EXPOSE 80
 EXPOSE 8080
@@ -42,7 +43,7 @@ RUN set -ex; \
    apk add --no-cache --virtual .build-deps \
        autoconf \
        build-base; \
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
    docker-php-ext-enable apcu; \
    rm -r /tmp/pear; \
    runDeps="$( \
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -49,8 +49,14 @@ Listen 8080
    SSLCertificateFile /etc/apache2/certs/ssl.crt
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 </VirtualHost>

 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
+
+# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+TraceEnable Off
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -70,6 +70,7 @@ fi
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
    print_red "Cannot connect to the docker socket. Cannot proceed."
+    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
    exit 1
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,9 +1,10 @@
-FROM php:8.1.25-fpm-alpine3.18
+# syntax=docker/dockerfile:latest
+FROM php:8.1.27-fpm-alpine3.19

 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.3
+ENV NEXTCLOUD_VERSION 27.1.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost

@@ -38,6 +39,7 @@ RUN set -ex; \
        gmp-dev \
        icu-dev \
        imagemagick-dev \
+        imagemagick-svg \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
@@ -68,7 +70,7 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
    pecl install memcached-3.2.0; \
    pecl install redis-6.0.2; \
    pecl install imagick-3.7.0; \
@@ -191,11 +193,13 @@ RUN set -ex; \
        grep \
        nodejs \
        bind-tools \
+        imagemagick \
+        imagemagick-svg \
        coreutils; \
    \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-# Sync this with max db connections
+# Sync this with max db connections and MaxRequestWorkers
 # We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
 # Also children will usually be terminated again after the process is done due to the ondemand setting
    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -12,4 +12,5 @@ $CONFIG = array (
              'writable' => true,
      ),
  ),
+  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : false,
 );
--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -0,0 +1,20 @@
+<?php
+if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
+  $CONFIG = array (
+    'mail_smtpmode' => 'smtp',
+    'mail_smtphost' => getenv('SMTP_HOST'),
+    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+    'mail_domain' => getenv('MAIL_DOMAIN'),
+  );
+
+  if (getenv('SMTP_PASSWORD')) {
+      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+  } else {
+      $CONFIG['mail_smtppassword'] = '';
+  }
+}
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,7 +1,20 @@
 #!/bin/bash
 set -eu

+wait_for_cron() {
+    set -x
+    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
+        echo "Waiting for cron to stop..."
+        sleep 5
+    done
+    echo "Cronjob successfully exited."
+    set +x
+}
+
+trap wait_for_cron SIGINT SIGTERM
+
 while true; do
    php -f /var/www/html/cron.php &
-    sleep 5m
+    sleep 5m &
+    wait $!
 done
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -256,9 +256,15 @@ DATADIR_PERMISSION_CONF
            unset ADMIN_PASSWORD

            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updater.release.channel --value=beta
                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                php /var/www/html/updater/updater.phar --no-interaction
+                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
+                if [ -n "${INSTALLED_AT}" ]; then
+                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
+                    # shellcheck disable=SC2001
+                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
+                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
+                fi
+                php /var/www/html/updater/updater.phar --no-interaction --no-backup
                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                    echo "Installation of Nextcloud failed!"
                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -269,7 +275,7 @@ DATADIR_PERMISSION_CONF
                INSTALLED_MAJOR="${installed_version%%.*}"
                IMAGE_MAJOR="${image_version%%.*}"
                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/updater/updater.phar --no-interaction
+                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                        echo "Installation of Nextcloud failed!"
                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -280,7 +286,6 @@ DATADIR_PERMISSION_CONF
                fi
                php /var/www/html/occ app:disable updatenotification
                rm -rf /var/www/html/apps/updatenotification
-                php /var/www/html/occ config:system:set updater.release.channel --value=stable
                php /var/www/html/occ app:enable nextcloud-aio --force
                php /var/www/html/occ db:add-missing-indices
                php /var/www/html/occ db:add-missing-columns
@@ -464,6 +469,10 @@ php /var/www/html/occ config:system:set one-click-instance --value=true --type=b
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
 php /var/www/html/occ app:enable support
+if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
+    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
+    php /var/www/html/occ config:app:delete support last_check
+fi

 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
@@ -471,9 +480,13 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
+    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
+fi

 # Apply network settings
 echo "Applying network settings..."
+php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
@@ -491,8 +504,14 @@ else
 fi

 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
+if [ "$THIS_IS_AIO" = "true" ]; then
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable nextcloud-aio
+    fi
+else
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
+        php /var/www/html/occ app:disable nextcloud-aio
+    fi
 fi

 # Notify push
@@ -503,8 +522,15 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
 fi
+chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+fi
+if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
@@ -517,8 +543,6 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:update richdocuments
    fi
    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
-    # Fix https://github.com/nextcloud/all-in-one/issues/188:
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
    # Make collabora more save
    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
@@ -550,6 +574,11 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
        fi
+        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
+                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
+            fi
+        fi
        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
    else
        echo "Warning: wopi_allowlist is empty which should not be the case!"
@@ -577,7 +606,6 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove onlyoffice
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,9 +1,7 @@
 #!/bin/bash

-while ! nc -z "$NC_DOMAIN" 443; do
-    sleep 5
-done
-sleep 10
+# Wait 15s for domain to be reachable
+sleep 15

 if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
    echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -54,11 +54,17 @@ sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then
    if ! [ -f "/additional-apks-are-installed" ]; then
+        # Allow to disable imagemagick without having to download it each time
+        if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
+            apk del imagemagick imagemagick-svg;
+        fi
        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            echo "Installing $app via apk..."
-            if ! apk add --no-cache "$app" >/dev/null; then
-                echo "The packet $app was not installed!"
+            if [ "$app" != imagemagick ]; then
+                echo "Installing $app via apk..."
+                if ! apk add --no-cache "$app" >/dev/null; then
+                    echo "The packet $app was not installed!"
+                fi
            fi
        done
    fi
@@ -131,26 +137,25 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
    exit 1
 fi

-# The below was disabled again because it fails on some deployment methods, e.g. on kubernetes
-# There is apparently no way to make this work reliably automatically
-# while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-#     echo "Waiting for nextcloud-aio-apache to start..."
-#     sleep 5
-# done
-#
-# set -x
-# if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-#     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#
-#     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-#     grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
-# fi
-# set +x
+while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
+    echo "Waiting for nextcloud-aio-apache to start..."
+    sleep 5
+done
+
+set -x
+# shellcheck disable=SC2235
+if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+
+    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+fi
+set +x

 exec "$@"
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,4 +1,5 @@
-FROM alpine:3.18.4
+# syntax=docker/dockerfile:latest
+FROM alpine:3.19.1

 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -42,8 +42,10 @@ if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
    exit 1
 fi

+echo "notify-push was started"
+
 # Set sensitive values as env
-export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
+export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"

 # Run it
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.5.0.1
+FROM onlyoffice/documentserver:7.5.1.1

 # USER root is probably used

--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.4-alpine
+FROM postgres:15.6-alpine

 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -150,6 +150,7 @@ fi
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
    echo "Setting postgres values..."

+    # Sync this with max pm.max_children and MaxRequestWorkers
    # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
    # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
    # Also connections should usually be closed again after the process is done
@@ -167,25 +168,29 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
    fi
 fi

+do_database_dump() {
+    set -x
+    rm -f "$DUMP_FILE.temp"
+    touch "$DUMP_DIR/export.failed"
+    if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
+        rm -f "$DUMP_FILE"
+        mv "$DUMP_FILE.temp" "$DUMP_FILE"
+        pg_ctl stop -m fast
+        rm "$DUMP_DIR/export.failed"
+        echo 'Database dump successful!'
+        set +x
+        exit 0
+    else
+        pg_ctl stop -m fast
+        echo "Database dump unsuccessful!"
+        set +x
+        exit 1
+    fi
+}
+
 # Catch docker stop attempts
-trap 'true' SIGINT SIGTERM
+trap do_database_dump SIGINT SIGTERM

 # Start the database
 exec docker-entrypoint.sh postgres &
 wait $!
-
-# Continue with shutdown procedure: do database dump, etc.
-rm -f "$DUMP_FILE.temp"
-touch "$DUMP_DIR/export.failed"
-if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
-    rm -f "$DUMP_FILE"
-    mv "$DUMP_FILE.temp" "$DUMP_FILE"
-    pg_ctl stop -m fast
-    rm "$DUMP_DIR/export.failed"
-    echo 'Database dump successful!'
-    exit 0
-else
-    pg_ctl stop -m fast
-    echo "Database dump unsuccessful!"
-    exit 1
-fi
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,6 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.3-alpine
+FROM redis:7.2.4-alpine

 COPY --chmod=775 start.sh /start.sh

--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,8 +1,9 @@
-FROM python:3.12.0-alpine3.18
+# syntax=docker/dockerfile:latest
+FROM python:3.12.2-alpine3.19

 COPY --chmod=775 start.sh /start.sh

-ENV RECORDING_VERSION v17.1.2
+ENV RECORDING_VERSION v0.1
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
@@ -22,15 +23,16 @@ RUN set -ex; \
        wget \
        shadow \
        pulseaudio \
-        openssl; \
+        openssl \
+        build-base \
+        linux-headers; \
    # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
+    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
    useradd -d /tmp --system recording; \
 # Give root a random password
    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
-    python3 -m pip install --no-cache-dir /src/recording/src; \
+    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
+    python3 -m pip install --no-cache-dir /src; \
    rm -rf /src; \
    touch /etc/recording.conf; \
    chown recording:recording -R \
@@ -42,7 +44,9 @@ RUN set -ex; \
        git \
        wget \
        shadow \
-        openssl;
+        openssl \
+        build-base \
+        linux-headers;

 WORKDIR /tmp
 USER recording
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -96,11 +96,15 @@
 #internalsecret = the-shared-secret-for-internal-clients

 [ffmpeg]
-# The options given to FFmpeg to encode the audio output. The options given here
+# The ffmpeg executable (name or full path) and the global options given to
+# ffmpeg. The options given here fully override the default global options.
+#common = ffmpeg -loglevel level+warning -n
+
+# The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus

-# The options given to FFmpeg to encode the video output. The options given here
+# The options given to ffmpeg to encode the video output. The options given here
 # fully override the default options for the video output.
 #outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M

@@ -109,3 +113,11 @@

 # The extension of the file for audio and video recordings.
 #extensionvideo = .webm
+
+[recording]
+# Browser to use for recordings. Please note that the "chrome" value does not
+# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
+# will use Google Chrome, or Chromium if Google Chrome is not installed.
+# Allowed values: firefox, chrome
+# Defaults to firefox
+# browser = firefox
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -26,7 +26,7 @@ listen = 0.0.0.0:1234

 [backend]
 allowall = ${ALLOW_ALL}
-# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
+# The secret below is still needed if allowall is set to true, also it doesn't hurt to be here
 secret = ${RECORDING_SECRET}
 backends = backend-1
 skipverify = ${SKIP_VERIFY}
@@ -48,10 +48,14 @@ url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}

 [ffmpeg]
+# common = ffmpeg -loglevel level+warning -n
 # outputaudio = -c:a libopus
 # outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 extensionaudio = .ogg
 extensionvideo = .webm
+
+[recording]
+browser = firefox
 RECORDING_CONF

 exec "$@"
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,9 +1,10 @@
-FROM nats:2.10.4-scratch as nats
+# syntax=docker/dockerfile:latest
+FROM nats:2.10.11-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.0 as signaling
-FROM alpine:3.18.4 as janus
+FROM strukturag/nextcloud-spreed-signaling:1.2.3 as signaling
+FROM alpine:3.19.1 as janus

-ARG JANUS_VERSION=v0.14.0
+ARG JANUS_VERSION=v0.14.1
 WORKDIR /src
 RUN set -ex; \
    apk add --no-cache \
@@ -33,7 +34,7 @@ RUN set -ex; \
    make configs; \
    rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample

-FROM alpine:3.18.4
+FROM alpine:3.19.1
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
@@ -65,7 +66,8 @@ RUN set -ex; \
        libusrsctp \
        libwebsockets \
        \
-        shadow; \
+        shadow \
+        grep; \
    useradd --system -u 1000 eturnal; \
    apk del --no-cache \
        shadow; \
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,10 +19,15 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi

 set -x
+IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x

+if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
+    IPv4_ADDRESS_TALK=""
+fi
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
@@ -36,13 +41,14 @@ eturnal:
  log_dir: stdout
  log_level: warning
  secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
  relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
  blacklist_peers:
  - recommended
  whitelist_peers:
  - 127.0.0.1
  - ::1
+  - "$IPv4_ADDRESS_TALK_RELAY"
  - "$IPv4_ADDRESS_TALK"
  - "$IPv6_ADDRESS_TALK"
 TURN_CONF
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,8 @@
+# syntax=docker/dockerfile:latest
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.6.0 as watchtower
+FROM containrrr/watchtower:1.7.1 as watchtower

-FROM alpine:3.18.4
+FROM alpine:3.19.1

 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,10 +1,11 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.

 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -0,0 +1,35 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-facerecognition",
+            "display_name": "Computing container for facerecognition",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition",
+            "image": "matiasdelellis/facerecognition-external-model",
+            "image_tag": "v1",
+            "internal_port": "5000",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "API_KEY=some-super-secret-api-key"
+            ],
+            "aio_variables": [
+                "nextcloud_memory_limit=4096M"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install facerecognition",
+                "php /var/www/html/occ app:enable facerecognition", 
+                "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
+                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
+                "php /var/www/html/occ face:setup -m 5",
+                "php /var/www/html/occ face:setup -M 4G",
+                "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 2 --value image/heic",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 3 --value image/tiff",
+                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 4 --value image/webp",
+                "php /var/www/html/occ face:background_job --defer-clustering &"
+            ]
+        }
+    ]
+}
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -0,0 +1,31 @@
+## Facerecognition
+This container bundles the external model of facerecognition and auto-configures it for you.
+
+### Notes
+- This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
+- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
+    ```bash
+    # Go into the container
+    sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
+    ```
+    Now inside the container:
+    ```bash
+    NC_USERS_NEW=$(php occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
+    mapfile -t NC_USERS_NEW <<< "$NC_USERS_NEW"
+    for user in "${NC_USERS_NEW[@]}"
+    do
+        php occ user:setting "$user" facerecognition full_image_scan_done false
+        php occ user:setting "$user" facerecognition enabled true
+    done
+
+    # Exit the container shell
+    exit
+    ```
+- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/matiasdelellis/facerecognition-external-model
+
+### Maintainer
+https://github.com/matiasdelellis
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -2,8 +2,6 @@
 This container bundles LibreTranslate and auto-configures it for you.

 ### Notes
-
- Please note that this community container is currently not working since its integration app is not yet compatible with Nextcloud 27 (Hub 6). You can follow the progress here: https://github.com/v1r0x/integration_libretranslate/issues/1
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash
 # Adjust the values `en` and `de` in commands below accordingly
--- a/community-containers/memories/memories.json
+++ b/community-containers/memories/memories.json
@@ -0,0 +1,33 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-memories",
+            "display_name": "Memories Transcoder",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories",
+            "image": "radialapps/go-vod",
+            "image_tag": "latest",
+            "internal_port": "47788",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_HOST=https://%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/mnt/ncdata",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install memories",
+                "php /var/www/html/occ app:enable memories",
+                "php /var/www/html/occ config:system:set memories.vod.external --value true --type bool",
+                "php /var/www/html/occ config:system:set memories.vod.connect --value nextcloud-aio-memories:47788"
+            ]
+        }
+    ]
+}
--- a/community-containers/memories/readme.md
+++ b/community-containers/memories/readme.md
@@ -0,0 +1,12 @@
+## Memories
+This container bundles the hardware-transcoding container of memories and auto-configures it for you.
+
+### Notes
+- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/pulsejet/memories
+
+### Maintainer
+https://github.com/pulsejet
--- a/community-containers/pi-hole/readme.md
+++ b/community-containers/pi-hole/readme.md
@@ -6,7 +6,7 @@ This container bundles pi-hole and auto-configures it for you.
 - Make sure that no dns server is already running by checking with `sudo netstat -tulpn | grep 53`. Otherwise the container will not be able to start!
 - The DHCP functionality of Pi-hole has been disabled!
 - The data of pi-hole will be automatically included in AIOs backup solution!
- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
+- After adding and starting the container, you can visit `http://ip.address.of.this.server:8573/admin` in order to log in with the admin key that you can retrieve when running `sudo docker inspect nextcloud-aio-pihole | grep WEBPASSWORD`. There you can configure the pi-hole setup. Also you can add local dns records.
 - You can configure your home network now to use pi-hole as its dns server by configuring your router.
 - Additionally, you can configure the docker daemon to use that by editing `/etc/docker/daemon.json` and adding ` { "dns" : [ "ip.address.of.this.server" , "8.8.8.8" ] } `.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
--- a/community-containers/stalwart/readme.md
+++ b/community-containers/stalwart/readme.md
@@ -0,0 +1,21 @@
+## Stalwart mail server
+This container bundles stalwart mail server and auto-configures it for you.
+
+### Notes
+- This is only intended to run on a VPS with static ip-address.
+- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 587, 993 nor 4190 yet as otherwise the container will fail to start.
+- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
+- The data of Stalwart will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
+- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml`. Also, you might want to enable logging to stdout so that you can see the stalwart logs in your container logs via `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/common/tracing.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
+- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
+- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
+- See https://stalw.art/docs/faq for further faq and docs on the project
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/marcoambrosini/aio-stalwart
+
+### Maintainer
+https://github.com/marcoambrosini
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -0,0 +1,64 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-stalwart",
+            "display_name": "Stalwart",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
+            "image": "marcoambrosini/aio-stalwart",
+            "image_tag": "v1",
+            "internal_port": "587",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "25",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "143",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "465",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "587",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "993",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "4190",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_stalwart",
+                    "destination": "/opt/stalwart-mail",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/caddy",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_stalwart"
+            ]
+        }
+    ]
+}
--- a/develop.md
+++ b/develop.md
@@ -38,3 +38,6 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m

 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## How to connect to the database?
+Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -1,5 +1,7 @@
 # Docker rootless

+**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
+
 You can run AIO with docker rootless by following the steps below.

 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -145,6 +145,7 @@ services:
      - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
      - APACHE_PORT=${APACHE_PORT}
      - APACHE_IP_BINDING=${APACHE_IP_BINDING}
+    stop_grace_period: 600s
    restart: unless-stopped
    networks:
      - nextcloud-aio
@@ -202,6 +203,8 @@ services:
      - collabora
    networks:
      - nextcloud-aio
+    cap_add:
+      - MKNOD

  nextcloud-aio-talk:
    image: nextcloud/aio-talk:latest
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -32,6 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
+sed -i '/THIS_IS_AIO/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml
@@ -39,6 +40,7 @@ sed -i 's|- ip_binding: |- |' containers.yml
 sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
+sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml

 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev4
+version: 7.12.0-beta
 apiVersion: v2
 keywords:
  - latest
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-apache
  name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-apache
@@ -37,6 +37,8 @@ spec:
              mountPath: /nextcloud-aio-nextcloud
      containers:
        - env:
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
            - name: APACHE_MAX_SIZE
              value: "{{ .Values.APACHE_MAX_SIZE }}"
            - name: APACHE_MAX_TIME
@@ -57,7 +59,8 @@ spec:
              value: nextcloud-aio-talk
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:develop
+          image: nextcloud/aio-apache:beta
+          imagePullPolicy: Always
          name: nextcloud-aio-apache
          ports:
            - containerPort: {{ .Values.APACHE_PORT }}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -3,12 +3,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-apache
  name: nextcloud-aio-apache
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-clamav
  name: nextcloud-aio-clamav
@@ -18,17 +18,28 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-clamav
    spec:
      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
        - name: init-volumes
          image: alpine
          command:
-            - chmod
-            - "777"
+            - chown
+            - 100:100
+            - "-R"
            - /nextcloud-aio-clamav
          volumeMounts:
            - name: nextcloud-aio-clamav
@@ -39,13 +50,14 @@ spec:
              value: "90"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:develop
+          image: nextcloud/aio-clamav:20240201_120631-latest
          name: nextcloud-aio-clamav
          ports:
            - containerPort: 3310
              protocol: TCP
          volumeMounts:
            - mountPath: /var/lib/clamav
+              subPath: data
              name: nextcloud-aio-clamav
      volumes:
        - name: nextcloud-aio-clamav
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
  resources:
    requests:
      storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
+{{- end }}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-clamav
  name: nextcloud-aio-clamav
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "3310"
      port: 3310
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-collabora
  name: nextcloud-aio-collabora
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-collabora
@@ -37,9 +37,13 @@ spec:
              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:develop
+          image: nextcloud/aio-collabora:20240201_120631-latest
          name: nextcloud-aio-collabora
          ports:
            - containerPort: 9980
              protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - MKNOD
 {{- end }}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-collabora
  name: nextcloud-aio-collabora
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "9980"
      port: 9980
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-database
  name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-database
@@ -61,7 +61,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:develop
+          image: nextcloud/aio-postgresql:20240201_120631-latest
          name: nextcloud-aio-database
          ports:
            - containerPort: 5432
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -3,12 +3,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-database
  name: nextcloud-aio-database
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "5432"
      port: 5432
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-fulltextsearch
  name: nextcloud-aio-fulltextsearch
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-fulltextsearch
@@ -55,7 +55,7 @@ spec:
              value: basic
            - name: xpack.security.enabled
              value: "false"
-          image: nextcloud/aio-fulltextsearch:develop
+          image: nextcloud/aio-fulltextsearch:20240201_120631-latest
          name: nextcloud-aio-fulltextsearch
          ports:
            - containerPort: 9200
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-fulltextsearch
  name: nextcloud-aio-fulltextsearch
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "9200"
      port: 9200
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-imaginary
  name: nextcloud-aio-imaginary
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-imaginary
@@ -27,7 +27,7 @@ spec:
        - env:
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:develop
+          image: nextcloud/aio-imaginary:20240201_120631-latest
          name: nextcloud-aio-imaginary
          ports:
            - containerPort: 9000
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-imaginary
  name: nextcloud-aio-imaginary
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "9000"
      port: 9000
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml
@@ -3,4 +3,3 @@ kind: Namespace
 metadata:
  name: {{ .Values.NAMESPACE }}
  namespace: {{ .Values.NAMESPACE }}
-spec: {}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-nextcloud
  name: nextcloud-aio-nextcloud
@@ -17,12 +17,23 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-nextcloud
    spec:
      initContainers:
+        - name: "delete-lost-found"
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - "/nextcloud-aio-nextcloud/lost+found"
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
        - name: init-volumes
          image: alpine
          command:
@@ -37,6 +48,32 @@ spec:
              mountPath: /nextcloud-aio-nextcloud
      containers:
        - env:
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
            - name: ADDITIONAL_APKS
              value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
            - name: ADDITIONAL_PHP_EXTENSIONS
@@ -77,8 +114,6 @@ spec:
              value: nextcloud-aio-onlyoffice
            - name: ONLYOFFICE_SECRET
              value: "{{ .Values.ONLYOFFICE_SECRET }}"
-            - name: OVERWRITEHOST
-              value: "{{ .Values.NC_DOMAIN }}"
            - name: OVERWRITEPROTOCOL
              value: https
            - name: PHP_MAX_TIME
@@ -123,7 +158,8 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: UPDATE_NEXTCLOUD_APPS
              value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:develop
+          image: nextcloud/aio-nextcloud:beta
+          imagePullPolicy: Always
          name: nextcloud-aio-nextcloud
          ports:
            - containerPort: 9000
@@ -138,6 +174,7 @@ spec:
            - mountPath: /usr/local/share/ca-certificates
              name: nextcloud-aio-nextcloud-trusted-cacerts
              readOnly: true
+      terminationGracePeriodSeconds: 600
      volumes:
        - name: nextcloud-aio-nextcloud
          persistentVolumeClaim:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -3,12 +3,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-nextcloud
  name: nextcloud-aio-nextcloud
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "9000"
      port: 9000
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-notify-push
  name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-notify-push
@@ -50,7 +50,7 @@ spec:
              value: nextcloud-aio-redis
            - name: REDIS_HOST_PASSWORD
              value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:develop
+          image: nextcloud/aio-notify-push:20240201_120631-latest
          name: nextcloud-aio-notify-push
          ports:
            - containerPort: 7867
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml
@@ -3,12 +3,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-notify-push
  name: nextcloud-aio-notify-push
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "7867"
      port: 7867
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-onlyoffice
  name: nextcloud-aio-onlyoffice
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-onlyoffice
@@ -43,7 +43,7 @@ spec:
              value: "{{ .Values.ONLYOFFICE_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:develop
+          image: nextcloud/aio-onlyoffice:20240201_120631-latest
          name: nextcloud-aio-onlyoffice
          ports:
            - containerPort: 80
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
  resources:
    requests:
      storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
+{{- end }}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-onlyoffice
  name: nextcloud-aio-onlyoffice
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "80"
      port: 80
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -3,7 +3,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-redis
  name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-redis
@@ -38,7 +38,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:develop
+          image: nextcloud/aio-redis:20240201_120631-latest
          name: nextcloud-aio-redis
          ports:
            - containerPort: 6379
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -3,12 +3,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-redis
  name: nextcloud-aio-redis
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "6379"
      port: 6379
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-talk
  name: nextcloud-aio-talk
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-talk
@@ -37,7 +37,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:develop
+          image: nextcloud/aio-talk:20240201_120631-latest
          name: nextcloud-aio-talk
          ports:
            - containerPort: {{ .Values.TALK_PORT }}
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -4,7 +4,7 @@ kind: Deployment
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-talk-recording
  name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
    metadata:
      annotations:
        kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-        kompose.version: 1.31.2 (a92241f79)
+        kompose.version: 1.32.0 (765fde254)
      labels:
        io.kompose.network/nextcloud-aio: "true"
        io.kompose.service: nextcloud-aio-talk-recording
@@ -33,7 +33,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:develop
+          image: nextcloud/aio-talk-recording:20240201_120631-latest
          name: nextcloud-aio-talk-recording
          ports:
            - containerPort: 1234
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml
@@ -4,12 +4,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-talk-recording
  name: nextcloud-aio-talk-recording
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "1234"
      port: 1234
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -5,12 +5,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-talk
  name: nextcloud-aio-talk-public
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  type: LoadBalancer
  externalTrafficPolicy: Local
  ports:
@@ -29,12 +30,13 @@ kind: Service
 metadata:
  annotations:
    kompose.cmd: kompose convert -c -f latest.yml --namespace {{ .Values.NAMESPACE }}
-    kompose.version: 1.31.2 (a92241f79)
+    kompose.version: 1.32.0 (765fde254)
  labels:
    io.kompose.service: nextcloud-aio-talk
  name: nextcloud-aio-talk
  namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
  ports:
    - name: "8081"
      port: 8081
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -27,6 +27,7 @@ sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
 source /tmp/sample.conf
 rm /tmp/sample.conf
+sed -i '/OVERWRITEHOST/d' latest.yml
 sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
 sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
 sed -i '/APACHE_IP_BINDING/d' latest.yml
@@ -81,15 +82,52 @@ cat << EOL > /tmp/initcontainers.database
            - "-R"
          volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.clamav
+      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 100:100
+            - "-R"
+          volumeMountsInitContainer:
+EOL
+cat << EOL > /tmp/initcontainers.nextcloud
+      initContainers:
+        - name: "delete-lost-found"
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - "/nextcloud-aio-nextcloud/lost+found"
+          volumeMountsInitRmLostFound:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
    if grep -q volumeMounts "$variable"; then
-        if ! echo "$variable" | grep -q database; then
-            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
-        else
+        if echo "$variable" | grep -q database; then
            sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        elif echo "$variable" | grep -q clamav; then
+            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
        fi
        volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
        mapfile -t volumeNames <<< "$volumeNames"
@@ -98,14 +136,18 @@ for variable in "${DEPLOYMENTS[@]}"; do
            if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                sed -i "/volumeMountsInitRmLostFound:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
                # Workaround for the database volume
                if [ "$volumeName" = nextcloud-aio-database ]; then
                    sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                elif [ "$volumeName" = nextcloud-aio-clamav ]; then
+                    sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
                fi
                
            fi
        done
-        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        sed -i "s|volumeMountsInitContainer:|volumeMounts:|" "$variable"
+        sed -i "s|volumeMountsInitRmLostFound:|volumeMounts:|" "$variable"
        if grep -q claimName "$variable"; then
            claimNames="$(grep claimName "$variable")"
            mapfile -t claimNames <<< "$claimNames"
@@ -149,8 +191,6 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
-# shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 echo '---' > /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
@@ -168,6 +208,10 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
@@ -188,6 +232,47 @@ for variable in "${VOLUMES[@]}"; do
    find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
 done

+# Additional config
+cat << EOL > /tmp/additional.config
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
+
+# Additional config
+cat << EOL > /tmp/additional-apache.config
+            - name: ADDITIONAL_TRUSTED_DOMAIN
+              value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config"  \{} \;
+
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -215,8 +300,6 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
-# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
@@ -225,6 +308,26 @@ for variable in "${VOLUME_VARIABLE[@]}"; do
 done
 sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
 sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+
+# Additional config
+cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+ADDITIONAL_CONFIG
+
 mv /tmp/sample.conf ../helm-chart/values.yaml

 ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"
@@ -241,6 +344,10 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
    # shellcheck disable=SC1083
    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done

 chmod 777 -R ./
--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -33,7 +33,6 @@ NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster

 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
@@ -46,3 +45,18 @@ NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextclou
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.8.0",
+            "version": "7.8.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9"
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1110f66a6530a40fe7aea0378fe608ee2b2248f9",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
                "shasum": ""
            },
            "require": {
@@ -32,11 +32,11 @@
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
                "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
@@ -114,7 +114,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.8.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
            },
            "funding": [
                {
@@ -130,28 +130,28 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-08-27T10:20:53+00:00"
+            "time": "2023-12-03T20:35:24+00:00"
        },
        {
            "name": "guzzlehttp/promises",
-            "version": "2.0.1",
+            "version": "2.0.2",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d"
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/111166291a0f8130081195ac4556a5587d7f1b5d",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
            },
            "type": "library",
            "extra": {
@@ -197,7 +197,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.1"
+                "source": "https://github.com/guzzle/promises/tree/2.0.2"
            },
            "funding": [
                {
@@ -213,20 +213,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-08-03T15:11:55+00:00"
+            "time": "2023-12-03T20:19:20+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.6.1",
+            "version": "2.6.2",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727"
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/45b30f99ac27b5ca93cb4831afe16285f57b8221",
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221",
                "shasum": ""
            },
            "require": {
@@ -240,9 +240,9 @@
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.6.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.6.2"
            },
            "funding": [
                {
@@ -329,7 +329,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-08-27T10:13:57+00:00"
+            "time": "2023-12-03T20:05:35+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -391,16 +391,16 @@
        },
        {
            "name": "laravel/serializable-closure",
-            "version": "v1.3.2",
+            "version": "v1.3.3",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c"
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3dbf8a8e914634c48d389c1234552666b3d43754",
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754",
                "shasum": ""
            },
            "require": {
@@ -447,7 +447,7 @@
                "issues": "https://github.com/laravel/serializable-closure/issues",
                "source": "https://github.com/laravel/serializable-closure"
            },
-            "time": "2023-10-17T13:38:16+00:00"
+            "time": "2023-11-08T14:08:06+00:00"
        },
        {
            "name": "nikic/fast-route",
@@ -1090,16 +1090,16 @@
        },
        {
            "name": "slim/csrf",
-            "version": "1.3.0",
+            "version": "1.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7"
+                "reference": "f66be9740283ed4f432535aff3623540e178013a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ebaaf295fd6d7224078d8ae3bba45329b31798c7",
-                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/f66be9740283ed4f432535aff3623540e178013a",
+                "reference": "f66be9740283ed4f432535aff3623540e178013a",
                "shasum": ""
            },
            "require": {
@@ -1110,10 +1110,10 @@
                "psr/http-server-middleware": "^1.0"
            },
            "require-dev": {
-                "phpspec/prophecy": "^1.15",
-                "phpspec/prophecy-phpunit": "^2.0",
-                "phpunit/phpunit": "^9.5",
-                "squizlabs/php_codesniffer": "^3.7"
+                "phpspec/prophecy": "^1.18",
+                "phpspec/prophecy-phpunit": "^2.1",
+                "phpunit/phpunit": "^9.6",
+                "squizlabs/php_codesniffer": "^3.8"
            },
            "type": "library",
            "autoload": {
@@ -1142,9 +1142,9 @@
            ],
            "support": {
                "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.3.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.4.0"
            },
-            "time": "2022-11-05T19:27:53+00:00"
+            "time": "2024-01-22T09:08:27+00:00"
        },
        {
            "name": "slim/slim",
@@ -1328,7 +1328,7 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.3.0",
+            "version": "v3.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1375,7 +1375,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
            },
            "funding": [
                {
@@ -1395,16 +1395,16 @@
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb"
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
-                "reference": "ea208ce43cbb04af6867b4fdddb1bdbf84cc28cb",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4",
+                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4",
                "shasum": ""
            },
            "require": {
@@ -1418,9 +1418,6 @@
            },
            "type": "library",
            "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                "thanks": {
                    "name": "symfony/polyfill",
                    "url": "https://github.com/symfony/polyfill"
@@ -1457,7 +1454,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0"
            },
            "funding": [
                {
@@ -1473,20 +1470,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-01-26T09:26:14+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.28.0",
+            "version": "v1.29.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "42292d99c55abe617799667f454222c54c60e229"
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/42292d99c55abe617799667f454222c54c60e229",
-                "reference": "42292d99c55abe617799667f454222c54c60e229",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
                "shasum": ""
            },
            "require": {
@@ -1500,9 +1497,6 @@
            },
            "type": "library",
            "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
-                },
                "thanks": {
                    "name": "symfony/polyfill",
                    "url": "https://github.com/symfony/polyfill"
@@ -1540,7 +1534,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
            },
            "funding": [
                {
@@ -1556,20 +1550,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-07-28T09:04:16+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
        },
        {
-            "name": "symfony/polyfill-php81",
-            "version": "v1.28.0",
+            "name": "symfony/polyfill-php80",
+            "version": "v1.29.0",
            "source": {
                "type": "git",
-                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b"
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/7581cd600fa9fd681b797d00b02f068e2f13263b",
-                "reference": "7581cd600fa9fd681b797d00b02f068e2f13263b",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
                "shasum": ""
            },
            "require": {
@@ -1577,9 +1571,86 @@
            },
            "type": "library",
            "extra": {
-                "branch-alias": {
-                    "dev-main": "1.28-dev"
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2024-01-29T20:11:03+00:00"
+        },
+        {
+            "name": "symfony/polyfill-php81",
+            "version": "v1.29.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php81.git",
+                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d",
+                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
                "thanks": {
                    "name": "symfony/polyfill",
                    "url": "https://github.com/symfony/polyfill"
@@ -1619,7 +1690,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.28.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0"
            },
            "funding": [
                {
@@ -1635,30 +1706,31 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-01-26T09:26:14+00:00"
+            "time": "2024-01-29T20:11:03+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.7.1",
+            "version": "v3.8.0",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
                "shasum": ""
            },
            "require": {
                "php": ">=7.2.5",
                "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php80": "^1.22"
            },
            "require-dev": {
                "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
            },
            "type": "library",
            "autoload": {
@@ -1694,7 +1766,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
            },
            "funding": [
                {
@@ -1706,7 +1778,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2023-08-28T11:09:02+00:00"
+            "time": "2023-11-21T18:54:41+00:00"
        }
    ],
    "packages-dev": [],
--- a/php/containers.json
+++ b/php/containers.json
@@ -212,8 +212,11 @@
        "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
        "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
        "APACHE_PORT=%APACHE_PORT%",
-        "APACHE_IP_BINDING=%APACHE_IP_BINDING%"
+        "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
+        "THIS_IS_AIO=true"
      ],
+      "stop_grace_period": 600,
      "restart": "unless-stopped",
      "devices": [
        "/dev/dri"
@@ -322,6 +325,9 @@
      ],
      "networks": [
        "nextcloud-aio"
+      ],
+      "cap_add": [
+        "MKNOD"
      ]
    },
    {
--- a/php/domain-validator.php
+++ b/php/domain-validator.php
@@ -8,7 +8,7 @@ if (strpos($domain, '.') === false) {
    http_response_code(400);  
 } elseif (strpos($domain, ':') !== false) { 
    http_response_code(400);  
-} elseif (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { 
+} elseif (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
    http_response_code(400); 
 } elseif (filter_var($domain, FILTER_VALIDATE_IP)) { 
    http_response_code(400); 
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>
+<files psalm-version="5.22.1@e9dad66e11274315dac27e08349c628c7d6a1a43"/>
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -7,6 +7,9 @@ ini_set('memory_limit', '2048M');
 // set max execution time to 2h just in case of a very slow internet connection
 ini_set('max_execution_time', '7200');

+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,11 +26,11 @@ class DockerController
        $this->configurationManager = $configurationManager;
    }

-    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
        }

        // Don't start if container is already running
@@ -43,15 +43,24 @@ class DockerController
        // Skip database image pull if the last shutdown was not clean
        if ($id === 'nextcloud-aio-database') {
            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullContainer = false;
+                $pullImage = false;
                error_log('Not pulling the latest database image because the container was not correctly shut down.');
            }
        }

+        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down 
+        // and try to mitigate issues that are arising due to that
+        if ($pullImage) {
+            if (!$this->dockerActionManager->isDockerHubReachable($container)) {
+                $pullImage = false;
+                error_log('Not pulling the image for the ' . $container->GetContainerName() . ' container because docker hub does not seem to be reachable.');
+            }
+        }
+
        $this->dockerActionManager->DeleteContainer($container);
        $this->dockerActionManager->CreateVolumes($container);
-        if ($pullContainer) {
-            $this->dockerActionManager->PullContainer($container);
+        if ($pullImage) {
+            $this->dockerActionManager->PullImage($container);
        }
        $this->dockerActionManager->CreateContainer($container);
        $this->dockerActionManager->StartContainer($container);
@@ -164,7 +173,7 @@ class DockerController
        }

        if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 27;
+            $installLatestMajor = 28;
        } else {
            $installLatestMajor = "";
        }
@@ -188,7 +197,7 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function startTopContainer(bool $pullContainer) : void {
+    public function startTopContainer(bool $pullImage) : void {
        $config = $this->configurationManager->GetConfig();
        // set AIO_TOKEN
        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -199,7 +208,7 @@ class DockerController

        $id = self::TOP_CONTAINER;

-        $this->PerformRecursiveContainerStart($id, $pullContainer);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
    }

    public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -30,7 +30,7 @@ class LoginController
            return $response->withHeader('Location', '/')->withStatus(201);
        }

-        $response->getBody()->write("The password is false.");
+        $response->getBody()->write("The password is incorrect.");
        return $response->withHeader('Location', '/')->withStatus(422);
    }

--- a/php/src/Cron/StartAndUpdateContainers.php
+++ b/php/src/Cron/StartAndUpdateContainers.php
@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');

+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;

 require __DIR__ . '/../../vendor/autoload.php';
--- a/php/src/Cron/StartContainers.php
+++ b/php/src/Cron/StartContainers.php
@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');

+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;

 require __DIR__ . '/../../vendor/autoload.php';
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -12,7 +12,7 @@ class ConfigurationManager
        if(file_exists(DataConst::GetConfigFile()))
        {
            $configContent = file_get_contents(DataConst::GetConfigFile());
-            return json_decode($configContent, true);
+            return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
        }

        return [];
@@ -286,7 +286,7 @@ class ConfigurationManager
        }

        // Validate domain
-        if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
+        if (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) {
            throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
        }

@@ -305,7 +305,7 @@ class ConfigurationManager

            if (empty($dnsRecordIP)) {
                $record = dns_get_record($domain, DNS_AAAA);
-                if (!empty($record)) {
+                if (!empty($record[0]['ipv6'])) {
                    $dnsRecordIP = $record[0]['ipv6'];
                }
            }
@@ -320,7 +320,7 @@ class ConfigurationManager

            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                if ($port === '443') {
-                    throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work!");
                } else {
                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                }
@@ -331,7 +331,7 @@ class ConfigurationManager
            if ($connection) {
                fclose($connection);
            } else {
-                throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
+                throw new InvalidSettingConfigurationException("The domain is not reachable on Port 443 from within this container. Have you opened port 443/tcp in your router/firewall? If yes is the problem most likely that the router or firewall forbids local access to your domain. You can work around that by setting up a local DNS-server.");
            }

            // Get Instance ID
@@ -359,7 +359,13 @@ class ConfigurationManager
                error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
                error_log('Expected was: ' . $instanceID);
                error_log('The error message was: ' . curl_error($ch));
-                throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+                $notice = "Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')";
+                if ($port === '443') {
+                    $notice .= " If you should be using Cloudflare, make sure to disable the Cloudflare Proxy feature as it might block the domain validation. Same for any other firewall or service that blocks unencrypted access on port 443.";
+                } else {
+                    error_log('Please follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things in order to debug things!');
+                }
+                throw new InvalidSettingConfigurationException($notice);
            }
        }

@@ -514,7 +520,7 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
        }
        $df = disk_free_space(DataConst::GetDataDirectory());
-        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
+        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
        $size = strlen($content) + 10240;
        if ($df !== false && (int)$df < $size) {
            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -186,7 +186,11 @@ class DockerActionManager

    public function StartContainer(Container $container) : void {
        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
-        $this->guzzleClient->post($url);
+        try {
+            $this->guzzleClient->post($url);
+        } catch (RequestException $e) {
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
+        }
    }

    public function CreateVolumes(Container $container): void
@@ -406,6 +410,13 @@ class DockerActionManager
                // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
                } elseif ($out[1] === 'AIO_DATABASE_HOST') {
                    $replacements[1] = gethostbyname('nextcloud-aio-database');
+                // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+                } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
+                    $replacements[1] = '';
+                    $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
+                    if (in_array('caddy', $communityContainers, true)) {
+                        $replacements[1] = gethostbyname('nextcloud-aio-caddy');
+                    }
                } else {
                    $secret = $this->configurationManager->GetSecret($out[1]);
                    if ($secret === "") {
@@ -518,8 +529,10 @@ class DockerActionManager
            $requestBody['HostConfig']['CapDrop'] = ['NET_RAW'];
        }

+        // Disable SELinux for AIO containers so that it does not break them
+        $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
        if ($container->isApparmorUnconfined()) {
-            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
+            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined", "label:disable"];
        }

        $mounts = [];
@@ -553,9 +566,6 @@ class DockerActionManager
                }
                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
            }
-        // Special things for the watchtower and docker-socket-proxy container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-watchtower' || $container->GetIdentifier() === 'nextcloud-aio-docker-socket-proxy') {
-            $requestBody['HostConfig']['SecurityOpt'] = ["label:disable"];
        }

        if (count($mounts) > 0) {
@@ -572,16 +582,45 @@ class DockerActionManager
                ]
            );
        } catch (RequestException $e) {
-            throw $e;
+            throw new \Exception("Could not create container " . $container->GetIdentifier() . ": " . $e->getMessage());
        }

    }

-    public function PullContainer(Container $container) : void
+    public function isDockerHubReachable(Container $container) : bool {
+        $tag = $container->GetImageTag();
+        if ($tag === '%AIO_CHANNEL%') {
+            $tag = $this->GetCurrentChannel();
+        }
+
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+
+        if ($remoteDigest === null) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+    public function PullImage(Container $container) : void
    {
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
-        // do not catch any exception so that it always throws and logs the error
-        $this->guzzleClient->post($url);
+        $imageName = $this->BuildImageName($container);
+        $encodedImageName = urlencode($imageName);
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
+        $imageIsThere = true;
+        try {
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+        } catch (\Throwable $e) {
+            $imageIsThere = false;
+        }
+        try {
+            $this->guzzleClient->post($url);
+        } catch (RequestException $e) {
+            if ($imageIsThere === false) {
+                throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+            }
+        }
    }

    private function isContainerUpdateAvailable(string $id) : string
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
    </header>

    <div class="content">
-        <h1>Nextcloud AIO v7.6.2</h1>
+        <h1>Nextcloud AIO v7.13.0</h1>

        {# Add 2nd tab warning #}
        <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -28,7 +28,7 @@
        {% set isBackupOrRestoreRunning = false %}
        {% set isApacheStarting = false %}
        {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 28 %}

        {% if is_backup_container_running == true %}
            {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -55,11 +55,11 @@
        {% endfor %}

        {% if is_daily_backup_running == true %}
-            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
+            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br /><br />
            {% if automatic_updates == true %}
                It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
                {% if is_mastercontainer_update_available == true %}
-                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
                {% endif %}
            {% endif %}
            {% if has_update_available == false %}
@@ -69,7 +69,7 @@
            {% endif %}
            <a href="" class="button reload">Reload ↻</a><br/>
        {% elseif isWatchtowerRunning == true %}
-            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
            <a href="" class="button reload">Reload ↻</a><br/>
        {% else %}
            {% if is_backup_container_running == false and domain == "" %}
@@ -86,7 +86,7 @@
                    </form>
                {% else %}
                    {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                        You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
                        {{ include('includes/aio-config.twig') }}
                        <h2>New AIO instance</h2>
@@ -128,7 +128,7 @@
                        {% if borg_backup_host_location != '' and borg_restore_password != '' %}
                            {% if borg_backup_mode in ['test', 'check'] %}
                                {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    {% if borg_backup_mode == 'test' %}
                                        Please adjust the path and/or the password in order to make it work!<br><br>
                                    {% elseif borg_backup_mode == 'check' %}
@@ -144,7 +144,7 @@
                                        </details><br />
                                    {% endif %}
                                {% elseif backup_exit_code == 0 %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    {% if borg_backup_mode == 'test' %}
                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
@@ -167,7 +167,7 @@
                                {% endif %}
                            {% elseif borg_backup_mode == 'restore' %}
                                {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
                                {% endif %}
                            {% endif %}
@@ -198,14 +198,14 @@

            {% if was_start_button_clicked == true %}
                {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
                {% else %}
                    No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
                {% endif %}
            {% endif %}

            {% if is_backup_container_running == true %}
-                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                <a href="" class="button reload">Reload ↻</a><br/><br>
            {% endif %}

@@ -257,21 +257,21 @@
                                <li>
                                    {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                        <span class="status running"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
                                        {% if container.GetDocumentation() != '' %}
                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                        {% endif %}
                                        </span>
                                    {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                                        <span class="status success"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
                                        {% if container.GetDocumentation() != '' %}
                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                        {% endif %}
                                        </span>
                                    {% else %}
                                        <span class="status error"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
                                        {% if container.GetDocumentation() != '' %}
                                            (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                        {% endif %}
@@ -383,7 +383,7 @@
                            {% if is_backup_container_running == false %}
                                <h2>Backup and restore</h2>
                                {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    {% if borg_backup_mode == "check" %}
                                        The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
                                        <details>
@@ -407,9 +407,9 @@
                                    {% endif %}
                                {% elseif backup_exit_code == 0 %}
                                    {% if borg_backup_mode == "backup" %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    {% else %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                    {% endif %}
                                {% endif %}
                            {% endif %}
--- a/Show More
+++ b/Show More