increase to 7.9.0

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/helm-release.yml

@@ -37,8 +37,7 @@ jobs:
           version: v3.6.3
 
       - name: Run chart-releaser
-        # TODO: switch back @main to a specific version like @v1.5.1 or higher
-        uses: helm/chart-releaser-action@main
+        uses: helm/chart-releaser-action@v1.6.0
         with:
           mark_as_latest: false
           charts_dir: .

.github/workflows/lock-threads.yml

@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

.github/workflows/talk.yml

@@ -11,18 +11,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Run talk-update
+    - name: Run talk-container-update
       run: |
-        # Spreed
-        spreed_version="$(
-          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+        # Recording
+        recording_version="$(
+          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
             | cut -d/ -f3 \
             | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | grep -E "^v[0-9\.]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling
         signaling_version="$(
@@ -49,7 +49,7 @@ jobs:
       with:
         commit-message: talk-update automated change
         signoff: true
-        title: talk update
+        title: talk container update
         body: Automated talk container update
         labels: dependencies, 3. to review
         milestone: next

Containers/apache/Dockerfile

@@ -1,4 +1,4 @@
-FROM caddy:2.7.5-alpine as caddy
+FROM caddy:2.7.6-alpine as caddy
 
 FROM httpd:2.4.58-alpine3.18
 

Containers/apache/nextcloud.conf

@@ -49,4 +49,7 @@ Listen 8000
 
     # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
     ProxyTimeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+    TraceEnable Off
 </VirtualHost>

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 RUN set -ex; \
     \

Containers/clamav/Dockerfile

@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-14
+FROM clamav/clamav:1.2.1-21
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.3.1
+FROM collabora/code:23.05.5.4.1
 
 USER root
 

Containers/docker-socket-proxy/Dockerfile

@@ -1,4 +1,4 @@
-FROM haproxy:2.8.3-alpine3.18
+FROM haproxy:2.9.0-alpine3.18
 
 # hadolint ignore=DL3002
 USER root

Containers/domaincheck/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 RUN set -ex; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
     adduser -S www-data -G www-data; \

Containers/fulltextsearch/Dockerfile

@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.4
+FROM elasticsearch:8.11.0
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,6 +1,6 @@
-FROM golang:1.21.3-alpine3.18 as go
+FROM golang:1.21.5-alpine3.18 as go
 
-ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
+ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -12,7 +12,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 RUN set -ex; \
     apk add --no-cache \
         tzdata \

Containers/mastercontainer/Dockerfile

@@ -2,10 +2,10 @@
 FROM docker:24.0.7-cli as docker
 
 # Caddy is a requirement
-FROM caddy:2.7.5-alpine as caddy
+FROM caddy:2.7.6-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.12-fpm-alpine3.18
+FROM php:8.2.13-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080
@@ -42,7 +42,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \

Containers/mastercontainer/mastercontainer.conf

@@ -49,8 +49,14 @@ Listen 8080
     SSLCertificateFile /etc/apache2/certs/ssl.crt
     SSLEngine               on
     SSLProtocol             -all +TLSv1.2 +TLSv1.3
+    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
+    SSLHonorCipherOrder     off
+    SSLSessionTickets       off
 </VirtualHost>
 
 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
+
+# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
+TraceEnable Off

Containers/nextcloud/Dockerfile

@@ -1,9 +1,9 @@
-FROM php:8.1.25-fpm-alpine3.18
+FROM php:8.1.26-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.3
+ENV NEXTCLOUD_VERSION 27.1.5
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 
@@ -68,7 +68,7 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     pecl install memcached-3.2.0; \
     pecl install redis-6.0.2; \
     pecl install imagick-3.7.0; \

Containers/nextcloud/config/apps.config.php

@@ -12,4 +12,5 @@ $CONFIG = array (
               'writable' => true,
       ),
   ),
+  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : [],
 );

Containers/nextcloud/config/smtp.config.php

@@ -0,0 +1,20 @@
+<?php
+if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
+  $CONFIG = array (
+    'mail_smtpmode' => 'smtp',
+    'mail_smtphost' => getenv('SMTP_HOST'),
+    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+    'mail_domain' => getenv('MAIL_DOMAIN'),
+  );
+
+  if (getenv('SMTP_PASSWORD')) {
+      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+  } else {
+      $CONFIG['mail_smtppassword'] = '';
+  }
+}

Containers/nextcloud/cron.sh

@@ -1,7 +1,20 @@
 #!/bin/bash
 set -eu
 
+wait_for_cron() {
+    set -x
+    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
+        echo "Waiting for cron to stop..."
+        sleep 5
+    done
+    echo "Cronjob successfully exited."
+    set +x
+}
+
+trap wait_for_cron SIGINT SIGTERM
+
 while true; do
     php -f /var/www/html/cron.php &
-    sleep 5m
+    sleep 5m &
+    wait $!
 done

Containers/nextcloud/entrypoint.sh

@@ -256,9 +256,15 @@ DATADIR_PERMISSION_CONF
             unset ADMIN_PASSWORD
 
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updater.release.channel --value=beta
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                php /var/www/html/updater/updater.phar --no-interaction
+                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
+                if [ -n "${INSTALLED_AT}" ]; then
+                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
+                    # shellcheck disable=SC2001
+                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
+                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
+                fi
+                php /var/www/html/updater/updater.phar --no-interaction --no-backup
                 if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                     echo "Installation of Nextcloud failed!"
                     touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -269,7 +275,7 @@ DATADIR_PERMISSION_CONF
                 INSTALLED_MAJOR="${installed_version%%.*}"
                 IMAGE_MAJOR="${image_version%%.*}"
                 if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/updater/updater.phar --no-interaction
+                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
                     if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                         echo "Installation of Nextcloud failed!"
                         touch "$NEXTCLOUD_DATA_DIR/install.failed"
@@ -280,7 +286,6 @@ DATADIR_PERMISSION_CONF
                 fi
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
-                php /var/www/html/occ config:system:set updater.release.channel --value=stable
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns
@@ -464,6 +469,10 @@ php /var/www/html/occ config:system:set one-click-instance --value=true --type=b
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
 php /var/www/html/occ app:enable support
+if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
+    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
+    php /var/www/html/occ config:app:delete support last_check
+fi
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
@@ -471,9 +480,13 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
+    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
+fi
 
 # Apply network settings
 echo "Applying network settings..."
+php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
@@ -491,8 +504,14 @@ else
 fi
 
 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
+if [ "$THIS_IS_AIO" = "true" ]; then
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable nextcloud-aio
+    fi
+else
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
+        php /var/www/html/occ app:disable nextcloud-aio
+    fi
 fi
 
 # Notify push
@@ -503,8 +522,12 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
 fi
+chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
@@ -517,8 +540,6 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update richdocuments
     fi
     php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
-    # Fix https://github.com/nextcloud/all-in-one/issues/188:
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
     COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
     COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
@@ -550,6 +571,11 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
+        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
+                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
+            fi
+        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"
@@ -577,7 +603,6 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
-    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
     if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
         php /var/www/html/occ app:remove onlyoffice

Containers/nextcloud/run-exec-commands.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-while ! nc -z "$NC_DOMAIN" 443; do
-    sleep 5
-done
-sleep 10
+# Wait 15s for domain to be reachable
+sleep 15
 
 if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
     echo "#!/bin/bash" > /tmp/nextcloud-exec-commands

Containers/nextcloud/start.sh

@@ -131,26 +131,25 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-# The below was disabled again because it fails on some deployment methods, e.g. on kubernetes
-# There is apparently no way to make this work reliably automatically
-# while [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-#     echo "Waiting for nextcloud-aio-apache to start..."
-#     sleep 5
-# done
-#
-# set -x
-# if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-#     IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#     IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-#     IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-#
-#     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-#     sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-#     grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
-# fi
-# set +x
+while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
+    echo "Waiting for nextcloud-aio-apache to start..."
+    sleep 5
+done
+
+set -x
+# shellcheck disable=SC2235
+if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+
+    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
+    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
+    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+fi
+set +x
 
 exec "$@"

Containers/notify-push/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/notify-push/start.sh

@@ -42,6 +42,8 @@ if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
     exit 1
 fi
 
+echo "notify-push was started"
+
 # Set sensitive values as env
 export DATABASE_URL="postgres://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
 export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"

Containers/onlyoffice/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.5.0.1
+FROM onlyoffice/documentserver:7.5.1.1
 
 # USER root is probably used
 

Containers/postgresql/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.4-alpine
+FROM postgres:15.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/postgresql/start.sh

@@ -167,25 +167,29 @@ if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
     fi
 fi
 
+do_database_dump() {
+    set -x
+    rm -f "$DUMP_FILE.temp"
+    touch "$DUMP_DIR/export.failed"
+    if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
+        rm -f "$DUMP_FILE"
+        mv "$DUMP_FILE.temp" "$DUMP_FILE"
+        pg_ctl stop -m fast
+        rm "$DUMP_DIR/export.failed"
+        echo 'Database dump successful!'
+        set +x
+        exit 0
+    else
+        pg_ctl stop -m fast
+        echo "Database dump unsuccessful!"
+        set +x
+        exit 1
+    fi
+}
+
 # Catch docker stop attempts
-trap 'true' SIGINT SIGTERM
+trap do_database_dump SIGINT SIGTERM
 
 # Start the database
 exec docker-entrypoint.sh postgres &
 wait $!
-
-# Continue with shutdown procedure: do database dump, etc.
-rm -f "$DUMP_FILE.temp"
-touch "$DUMP_DIR/export.failed"
-if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
-    rm -f "$DUMP_FILE"
-    mv "$DUMP_FILE.temp" "$DUMP_FILE"
-    pg_ctl stop -m fast
-    rm "$DUMP_DIR/export.failed"
-    echo 'Database dump successful!'
-    exit 0
-else
-    pg_ctl stop -m fast
-    echo "Database dump unsuccessful!"
-    exit 1
-fi

Containers/talk-recording/Dockerfile

@@ -1,8 +1,8 @@
-FROM python:3.12.0-alpine3.18
+FROM python:3.12.1-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.1.2
+ENV RECORDING_VERSION v0.1
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
@@ -22,15 +22,16 @@ RUN set -ex; \
         wget \
         shadow \
         pulseaudio \
-        openssl; \
+        openssl \
+        build-base \
+        linux-headers; \
     # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
+    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
-    python3 -m pip install --no-cache-dir /src/recording/src; \
+    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
+    python3 -m pip install --no-cache-dir /src; \
     rm -rf /src; \
     touch /etc/recording.conf; \
     chown recording:recording -R \
@@ -42,7 +43,9 @@ RUN set -ex; \
         git \
         wget \
         shadow \
-        openssl;
+        openssl \
+        build-base \
+        linux-headers;
 
 WORKDIR /tmp
 USER recording

Containers/talk-recording/recording.conf

@@ -96,11 +96,15 @@
 #internalsecret = the-shared-secret-for-internal-clients
 
 [ffmpeg]
-# The options given to FFmpeg to encode the audio output. The options given here
+# The ffmpeg executable (name or full path) and the global options given to
+# ffmpeg. The options given here fully override the default global options.
+#common = ffmpeg -loglevel level+warning -n
+
+# The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus
 
-# The options given to FFmpeg to encode the video output. The options given here
+# The options given to ffmpeg to encode the video output. The options given here
 # fully override the default options for the video output.
 #outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 
@@ -109,3 +113,11 @@
 
 # The extension of the file for audio and video recordings.
 #extensionvideo = .webm
+
+[recording]
+# Browser to use for recordings. Please note that the "chrome" value does not
+# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
+# will use Google Chrome, or Chromium if Google Chrome is not installed.
+# Allowed values: firefox, chrome
+# Defaults to firefox
+# browser = firefox

Containers/talk-recording/start.sh

@@ -26,8 +26,6 @@ listen = 0.0.0.0:1234
 
 [backend]
 allowall = ${ALLOW_ALL}
-# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
-secret = ${RECORDING_SECRET}
 backends = backend-1
 skipverify = ${SKIP_VERIFY}
 maxmessagesize = 1024
@@ -48,10 +46,14 @@ url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]
+# common = ffmpeg -loglevel level+warning -n
 # outputaudio = -c:a libopus
 # outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 extensionaudio = .ogg
 extensionvideo = .webm
+
+[recording]
+browser = firefox
 RECORDING_CONF
 
 exec "$@"

Containers/talk/Dockerfile

@@ -1,9 +1,9 @@
-FROM nats:2.10.4-scratch as nats
+FROM nats:2.10.7-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.0 as signaling
-FROM alpine:3.18.4 as janus
+FROM strukturag/nextcloud-spreed-signaling:1.2.2 as signaling
+FROM alpine:3.18.5 as janus
 
-ARG JANUS_VERSION=v0.14.0
+ARG JANUS_VERSION=v0.14.1
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \
@@ -33,7 +33,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
@@ -65,7 +65,8 @@ RUN set -ex; \
         libusrsctp \
         libwebsockets \
         \
-        shadow; \
+        shadow \
+        grep; \
     useradd --system -u 1000 eturnal; \
     apk del --no-cache \
         shadow; \

Containers/talk/start.sh

@@ -19,10 +19,15 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
+IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
 IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
+if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
+    IPv4_ADDRESS_TALK=""
+fi
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
@@ -36,13 +41,14 @@ eturnal:
   log_dir: stdout
   log_level: warning
   secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
   blacklist_peers:
   - recommended
   whitelist_peers:
   - 127.0.0.1
   - ::1
+  - "$IPv4_ADDRESS_TALK_RELAY"
   - "$IPv4_ADDRESS_TALK"
   - "$IPv6_ADDRESS_TALK"
 TURN_CONF

Containers/watchtower/Dockerfile

@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.6.0 as watchtower
+FROM containrrr/watchtower:1.7.1 as watchtower
 
-FROM alpine:3.18.4
+FROM alpine:3.18.5
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /watchtower

community-containers/caddy/readme.md

@@ -1,10 +1,11 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

community-containers/libretranslate/readme.md

@@ -2,8 +2,6 @@
 This container bundles LibreTranslate and auto-configures it for you.
 
 ### Notes
-
-- Please note that this community container is currently not working since its integration app is not yet compatible with Nextcloud 27 (Hub 6). You can follow the progress here: https://github.com/v1r0x/integration_libretranslate/issues/1
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash
 # Adjust the values `en` and `de` in commands below accordingly

community-containers/memories/memories.json

@@ -0,0 +1,33 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-memories",
+            "display_name": "Memories Transcoder",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories",
+            "image": "radialapps/go-vod",
+            "image_tag": "latest",
+            "internal_port": "47788",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_HOST=https://%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/mnt/ncdata",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install memories",
+                "php /var/www/html/occ app:enable memories",
+                "php /var/www/html/occ config:system:set memories.vod.external --value true --type bool",
+                "php /var/www/html/occ config:system:set memories.vod.connect --value nextcloud-aio-memories:47788"
+            ]
+        }
+    ]
+}

community-containers/memories/readme.md

@@ -0,0 +1,12 @@
+## Memories
+This container bundles the hardware-transcoding container of memories and auto-configures it for you.
+
+### Notes
+- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/pulsejet/memories
+
+### Maintainer
+https://github.com/pulsejet

community-containers/stalwart/readme.md

@@ -0,0 +1,21 @@
+## Stalwart mail server
+This container bundles stalwart mail server and auto-configures it for you.
+
+### Notes
+- This is only intended to run on a VPS with static ip-address.
+- Check with `sudo netstat -tulpn` that no other service is using port 25, 143, 465, 578, 993 nor 4190 yet as otherwise the container will fail to start.
+- You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
+- The data of Stalwart will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `sudo docker exec -it nextcloud-aio-stalwart configure.sh` and follow https://stalw.art/docs/install/docker/#choose-where-to-store-your-data (1. choose `Local disk using Maildir`, 2. choose `No, create a new directory for me` (or select LDAP if you have an LDAP server), 3. type in your `$NC_DOMAIN` as `domain name` and `mail.$NC_DOMAIN` as `server hostname`. 4. add `DKIM, SPF and DMARC` as advised to your DNS config, 5. Take note of the administrator credentials, 6. Now the config script should exit and automatically restart the container and enable your config.
+- See https://stalw.art/docs/directory/types/memory/ how you can easily create new user accounts. (Alternatively see https://stalw.art/docs/directory/types/ldap if you have an LDAP server). You can edit the config file with `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/config.toml`. Also, you might want to enable logging to stdout so that you can see the stalwart logs in your container logs via `sudo docker exec -it nextcloud-aio-stalwart vi /opt/stalwart-mail/etc/common/tracing.toml` (you need to restart the container afterwards with `sudo docker restart nextcloud-aio-stalwart` in order to apply the settings).
+- Afterwards, you can visit the basic admin settings in `https://your-nc-domain.com/settings/admin` and add the your mail server for outgoing mails there.
+- Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
+- See https://stalw.art/docs/faq for further faq and docs on the project
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/marcoambrosini/aio-stalwart
+
+### Maintainer
+https://github.com/marcoambrosini

community-containers/stalwart/stalwart.json

@@ -0,0 +1,64 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-stalwart",
+            "display_name": "Stalwart",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
+            "image": "marcoambrosini/aio-stalwart",
+            "image_tag": "v1",
+            "internal_port": "587",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                  "ip_binding": "",
+                  "port_number": "25",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "143",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "465",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "587",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "993",
+                  "protocol": "tcp"
+                },
+                {
+                  "ip_binding": "",
+                  "port_number": "4190",
+                  "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NC_DOMAIN=%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_stalwart",
+                    "destination": "/opt/stalwart-mail",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_caddy",
+                    "destination": "/caddy",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_stalwart"
+            ]
+        }
+    ]
+}

develop.md

@@ -38,3 +38,6 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## How to connect to the database?
+Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

docker-rootless.md

@@ -1,5 +1,7 @@
 # Docker rootless
 
+**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
+
 You can run AIO with docker rootless by following the steps below.
 
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)

manual-install/latest.yml

@@ -145,6 +145,7 @@ services:
       - REMOVE_DISABLED_APPS=${REMOVE_DISABLED_APPS}
       - APACHE_PORT=${APACHE_PORT}
       - APACHE_IP_BINDING=${APACHE_IP_BINDING}
+    stop_grace_period: 600s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -202,6 +203,8 @@ services:
       - collabora
     networks:
       - nextcloud-aio
+    cap_add:
+      - MKNOD
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest

manual-install/update-yaml.sh

@@ -32,6 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
+sed -i '/THIS_IS_AIO/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.2-dev4
+version: 7.8.1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:develop
+          image: nextcloud/aio-apache:20231212_115941-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-apache
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -24,11 +24,22 @@ spec:
         io.kompose.service: nextcloud-aio-clamav
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
         - name: init-volumes
           image: alpine
           command:
-            - chmod
-            - "777"
+            - chown
+            - 100:100
+            - "-R"
             - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
@@ -39,13 +50,14 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:develop
+          image: nextcloud/aio-clamav:20231212_115941-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/clamav
+              subPath: data
               name: nextcloud-aio-clamav
       volumes:
         - name: nextcloud-aio-clamav

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-clamav
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "3310"
       port: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -37,9 +37,13 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:develop
+          image: nextcloud/aio-collabora:20231212_115941-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
               protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - MKNOD
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-collabora
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9980"
       port: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:develop
+          image: nextcloud/aio-postgresql:20231212_115941-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-database
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "5432"
       port: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:develop
+          image: nextcloud/aio-fulltextsearch:20231212_115941-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-fulltextsearch
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9200"
       port: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:develop
+          image: nextcloud/aio-imaginary:20231212_115941-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-imaginary
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -23,6 +23,17 @@ spec:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
       initContainers:
+        - name: "delete-lost-found"
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - "/nextcloud-aio-nextcloud/lost+found"
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
           image: alpine
           command:
@@ -37,6 +48,30 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
@@ -123,7 +158,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:develop
+          image: nextcloud/aio-nextcloud:20231212_115941-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000
@@ -138,6 +173,7 @@ spec:
             - mountPath: /usr/local/share/ca-certificates
               name: nextcloud-aio-nextcloud-trusted-cacerts
               readOnly: true
+      terminationGracePeriodSeconds: 600
       volumes:
         - name: nextcloud-aio-nextcloud
           persistentVolumeClaim:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-nextcloud
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:develop
+          image: nextcloud/aio-notify-push:20231212_115941-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-notify-push
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "7867"
       port: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:develop
+          image: nextcloud/aio-onlyoffice:20231212_115941-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-onlyoffice
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "80"
       port: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:develop
+          image: nextcloud/aio-redis:20231212_115941-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-redis
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "6379"
       port: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:develop
+          image: nextcloud/aio-talk:20231212_115941-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:develop
+          image: nextcloud/aio-talk-recording:20231212_115941-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-talk-recording
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "1234"
       port: 1234

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml

@@ -11,6 +11,7 @@ metadata:
   name: nextcloud-aio-talk-public
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
   externalTrafficPolicy: Local
   ports:
@@ -35,6 +36,7 @@ metadata:
   name: nextcloud-aio-talk
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "8081"
       port: 8081

nextcloud-aio-helm-chart/update-helm.sh

@@ -81,15 +81,52 @@ cat << EOL > /tmp/initcontainers.database
             - "-R"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.clamav
+      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 100:100
+            - "-R"
+          volumeMountsInitContainer:
+EOL
+cat << EOL > /tmp/initcontainers.nextcloud
+      initContainers:
+        - name: "delete-lost-found"
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - "/nextcloud-aio-nextcloud/lost+found"
+          volumeMountsInitRmLostFound:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
     if grep -q volumeMounts "$variable"; then
-        if ! echo "$variable" | grep -q database; then
-            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
-        else
+        if echo "$variable" | grep -q database; then
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        elif echo "$variable" | grep -q clamav; then
+            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
@@ -98,14 +135,18 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                sed -i "/volumeMountsInitRmLostFound:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                elif [ "$volumeName" = nextcloud-aio-clamav ]; then
+                    sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
                 fi
                 
             fi
         done
-        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        sed -i "s|volumeMountsInitContainer:|volumeMounts:|" "$variable"
+        sed -i "s|volumeMountsInitRmLostFound:|volumeMounts:|" "$variable"
         if grep -q claimName "$variable"; then
             claimNames="$(grep claimName "$variable")"
             mapfile -t claimNames <<< "$claimNames"
@@ -149,8 +190,6 @@ find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{}
 find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
-# shellcheck disable=SC1083
-find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
 echo '---' > /tmp/talk-service.copy
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
@@ -168,6 +207,10 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
@@ -188,6 +231,36 @@ for variable in "${VOLUMES[@]}"; do
     find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
 done
 
+# Additional config
+cat << EOL > /tmp/additional.config
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+            - name: SERVERINFO_TOKEN
+              value: "{{ .Values.SERVERINFO_TOKEN }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -215,8 +288,6 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
-# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
@@ -225,6 +296,25 @@ for variable in "${VOLUME_VARIABLE[@]}"; do
 done
 sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
 sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+
+# Additional config
+cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+ADDITIONAL_CONFIG
+
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"
@@ -241,6 +331,10 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
     # shellcheck disable=SC1083
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done
 
 chmod 777 -R ./

nextcloud-aio-helm-chart/values.yaml

@@ -33,7 +33,6 @@ NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
@@ -46,3 +45,17 @@ NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextclou
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.

php/composer.lock

@@ -8,16 +8,16 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.8.0",
+            "version": "7.8.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9"
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1110f66a6530a40fe7aea0378fe608ee2b2248f9",
-                "reference": "1110f66a6530a40fe7aea0378fe608ee2b2248f9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/41042bc7ab002487b876a0683fc8dce04ddce104",
+                "reference": "41042bc7ab002487b876a0683fc8dce04ddce104",
                 "shasum": ""
             },
             "require": {
@@ -32,11 +32,11 @@
                 "psr/http-client-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                 "ext-curl": "*",
                 "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
                 "php-http/message-factory": "^1.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "suggest": {
@@ -114,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.8.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.8.1"
             },
             "funding": [
                 {
@@ -130,28 +130,28 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-27T10:20:53+00:00"
+            "time": "2023-12-03T20:35:24+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "2.0.1",
+            "version": "2.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d"
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/111166291a0f8130081195ac4556a5587d7f1b5d",
-                "reference": "111166291a0f8130081195ac4556a5587d7f1b5d",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/bbff78d96034045e58e13dedd6ad91b5d1253223",
+                "reference": "bbff78d96034045e58e13dedd6ad91b5d1253223",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.2.5 || ^8.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "bamarni/composer-bin-plugin": "^1.8.2",
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
             },
             "type": "library",
             "extra": {
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.0.1"
+                "source": "https://github.com/guzzle/promises/tree/2.0.2"
             },
             "funding": [
                 {
@@ -213,20 +213,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-03T15:11:55+00:00"
+            "time": "2023-12-03T20:19:20+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.6.1",
+            "version": "2.6.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727"
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
-                "reference": "be45764272e8873c72dbe3d2edcfdfcc3bc9f727",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/45b30f99ac27b5ca93cb4831afe16285f57b8221",
+                "reference": "45b30f99ac27b5ca93cb4831afe16285f57b8221",
                 "shasum": ""
             },
             "require": {
@@ -240,9 +240,9 @@
                 "psr/http-message-implementation": "1.0"
             },
             "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.8.1",
+                "bamarni/composer-bin-plugin": "^1.8.2",
                 "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
+                "phpunit/phpunit": "^8.5.36 || ^9.6.15"
             },
             "suggest": {
                 "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
@@ -313,7 +313,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.6.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.6.2"
             },
             "funding": [
                 {
@@ -329,7 +329,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-27T10:13:57+00:00"
+            "time": "2023-12-03T20:05:35+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.2",
+            "version": "v1.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c"
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
-                "reference": "076fe2cf128bd54b4341cdc6d49b95b34e101e4c",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3dbf8a8e914634c48d389c1234552666b3d43754",
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754",
                 "shasum": ""
             },
             "require": {
@@ -447,7 +447,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-10-17T13:38:16+00:00"
+            "time": "2023-11-08T14:08:06+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -1328,7 +1328,7 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.3.0",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1375,7 +1375,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -1558,6 +1558,89 @@
             ],
             "time": "2023-07-28T09:04:16+00:00"
         },
+        {
+            "name": "symfony/polyfill-php80",
+            "version": "v1.28.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.28-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-01-26T09:26:14+00:00"
+        },
         {
             "name": "symfony/polyfill-php81",
             "version": "v1.28.0",
@@ -1639,26 +1722,27 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.7.1",
+            "version": "v3.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.2.5",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php80": "^1.22"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
             },
             "type": "library",
             "autoload": {
@@ -1694,7 +1778,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
             },
             "funding": [
                 {
@@ -1706,7 +1790,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-28T11:09:02+00:00"
+            "time": "2023-11-21T18:54:41+00:00"
         }
     ],
     "packages-dev": [],

php/containers.json

@@ -212,8 +212,10 @@
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
-        "APACHE_IP_BINDING=%APACHE_IP_BINDING%"
+        "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "THIS_IS_AIO=true"
       ],
+      "stop_grace_period": 600,
       "restart": "unless-stopped",
       "devices": [
         "/dev/dri"
@@ -322,6 +324,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_add": [
+        "MKNOD"
       ]
     },
     {

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>
+<files psalm-version="5.17.0@c620f6e80d0abfca532b00bda366062aaedf6e5d"/>

php/public/index.php

@@ -7,6 +7,9 @@ ini_set('memory_limit', '2048M');
 // set max execution time to 2h just in case of a very slow internet connection
 ini_set('max_execution_time', '7200');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;

php/src/Controller/DockerController.php

@@ -26,11 +26,11 @@ class DockerController
         $this->configurationManager = $configurationManager;
     }
 
-    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
         // Don't start if container is already running
@@ -43,15 +43,15 @@ class DockerController
         // Skip database image pull if the last shutdown was not clean
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullContainer = false;
+                $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
 
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullContainer) {
-            $this->dockerActionManager->PullContainer($container);
+        if ($pullImage) {
+            $this->dockerActionManager->PullImage($container);
         }
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
@@ -164,7 +164,7 @@ class DockerController
         }
 
         if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = 27;
+            $installLatestMajor = 28;
         } else {
             $installLatestMajor = "";
         }
@@ -188,7 +188,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startTopContainer(bool $pullContainer) : void {
+    public function startTopContainer(bool $pullImage) : void {
         $config = $this->configurationManager->GetConfig();
         // set AIO_TOKEN
         $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -199,7 +199,7 @@ class DockerController
 
         $id = self::TOP_CONTAINER;
 
-        $this->PerformRecursiveContainerStart($id, $pullContainer);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
     }
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {

php/src/Cron/StartAndUpdateContainers.php

@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';

php/src/Cron/StartContainers.php

@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';

php/src/Data/ConfigurationManager.php

@@ -12,7 +12,7 @@ class ConfigurationManager
         if(file_exists(DataConst::GetConfigFile()))
         {
             $configContent = file_get_contents(DataConst::GetConfigFile());
-            return json_decode($configContent, true);
+            return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
         return [];
@@ -514,7 +514,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
         $df = disk_free_space(DataConst::GetDataDirectory());
-        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
+        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
         $size = strlen($content) + 10240;
         if ($df !== false && (int)$df < $size) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");

php/src/Docker/DockerActionManager.php

@@ -572,16 +572,23 @@ class DockerActionManager
                 ]
             );
         } catch (RequestException $e) {
-            throw $e;
+            throw new \Exception("Could not start container " . $container->GetIdentifier() . ": " . $e->getMessage());
         }
 
     }
 
-    public function PullContainer(Container $container) : void
+    public function PullImage(Container $container) : void
     {
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
-        // do not catch any exception so that it always throws and logs the error
-        $this->guzzleClient->post($url);
+        $imageName = $this->BuildImageName($container);
+        $encodedImageName = urlencode($imageName);
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $encodedImageName));
+        try {
+            $this->guzzleClient->post($url);
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+        } catch (\Throwable $e) {
+            throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+        }
     }
 
     private function isContainerUpdateAvailable(string $id) : string

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.6.2</h1>
+        <h1>Nextcloud AIO v7.9.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -28,7 +28,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = '' %}
+        {% set newMajorVersion = 28 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -55,11 +55,11 @@
         {% endfor %}
 
         {% if is_daily_backup_running == true %}
-            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
+            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br /><br />
             {% if automatic_updates == true %}
                 It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
                 {% if is_mastercontainer_update_available == true %}
-                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 {% endif %}
             {% endif %}
             {% if has_update_available == false %}
@@ -69,7 +69,7 @@
             {% endif %}
             <a href="" class="button reload">Reload ↻</a><br/>
         {% elseif isWatchtowerRunning == true %}
-            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>
         {% else %}
             {% if is_backup_container_running == false and domain == "" %}
@@ -86,7 +86,7 @@
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                         You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
                         {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
@@ -128,7 +128,7 @@
                         {% if borg_backup_host_location != '' and borg_restore_password != '' %}
                             {% if borg_backup_mode in ['test', 'check'] %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
@@ -144,7 +144,7 @@
                                         </details><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == 'test' %}
                                         Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
                                         <form method="POST" action="/api/docker/backup-check" class="xhr">
@@ -167,7 +167,7 @@
                                 {% endif %}
                             {% elseif borg_backup_mode == 'restore' %}
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
                                 {% endif %}
                             {% endif %}
@@ -198,14 +198,14 @@
 
             {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
-                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank" rel="noopener">Logs</a>)<br><br>
                 {% else %}
                     No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
                 {% endif %}
             {% endif %}
 
             {% if is_backup_container_running == true %}
-                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                 <a href="" class="button reload">Reload ↻</a><br/><br>
             {% endif %}
 
@@ -257,21 +257,21 @@
                                 <li>
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Starting</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Starting</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
                                         </span>
                                     {% elseif class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                                         <span class="status success"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Running</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Running</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
                                         </span>
                                     {% else %}
                                         <span class="status error"></span>
-                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}">Stopped</a>)
+                                        <span>{{ container.GetDisplayName() }} (<a href="/api/docker/logs?id={{ container.GetIdentifier() }}" target="_blank" rel="noopener">Stopped</a>)
                                         {% if container.GetDocumentation() != '' %}
                                             (<a href="{{ container.GetDocumentation() }}">docs</a>)
                                         {% endif %}
@@ -383,7 +383,7 @@
                             {% if is_backup_container_running == false %}
                                 <h2>Backup and restore</h2>
                                 {% if backup_exit_code > 0 %}
-                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
                                         The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
                                         <details>
@@ -407,9 +407,9 @@
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     {% if borg_backup_mode == "backup" %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% else %}
-                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank" rel="noopener">Logs</a>)<br /><br />
                                     {% endif %}
                                 {% endif %}
                             {% endif %}

php/templates/setup.twig

@@ -5,7 +5,7 @@
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO setup</h1>
-            <p>Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
             <p>Please note down the password to access the AIO interface and don't lose it!</p>
             <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
             <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>

readme.md

@@ -1,5 +1,5 @@
 # Nextcloud All-in-One
-Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
+The official Nextcloud installation method. Nextcloud AIO provides easy deployment and maintenance with most features included in this one Nextcloud instance. 
 
 Included are:
 - Nextcloud
@@ -16,7 +16,7 @@ Included are:
 - Simple web interface included that enables easy installation and maintenance
 - [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)
 - Update and backup notifications included
-- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
+- Daily backups can be enabled from the AIO interface which also allows updating all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
 - APCu as local cache
 - Redis as distributed cache and for file locking
@@ -252,15 +252,15 @@ No and it will not be added. If you only want to run it locally, you may have a
 No and it will not be added. However you can use [this feature](https://github.com/nextcloud/all-in-one/blob/main/multiple-instances.md) in order to create multiple AIO instances, one for each domain.
 
 ### Are other ports than the default 443 for Nextcloud supported?
-No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
+No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the a Cloudflare Tunnel if you want to publish it online. You could also use the ACME DNS-challenge to get a valid certificate. However in all cases the Nextcloud interface will redirect you to port 443.
 
 ### Can I run Nextcloud in a subdirectory on my domain?
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-Please note that local access is not possible if you should be running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
 
-Please make sure that if you should be running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
 
 Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
@@ -371,6 +371,9 @@ Be aware that this solution does not back up files and folders that are mounted
 
 ---
 
+#### What is getting backed up by AIO's backup solution?
+Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
+
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
@@ -665,7 +668,7 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://memories.gallery/hw-transcoding/#va-api).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. There is now a community container which allows to easily add the transcoding container of Memories to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories
 
 ### How to keep disabled apps?
 In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ⚠️⚠️⚠️ **Warning** doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
@@ -704,7 +707,7 @@ If you want to use the user_sql app, the easiest way is to create an additional
 It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo docker exec nextcloud-aio-nextcloud grep dbpassword config/config.php` as the password. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/3061#discussioncomment-7307045
 
 ### Mail server
-You can configure one yourself by using either of these three recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server) or [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------). Docker Mailserver and Maddy Mail Server are probably a bit easier to set up as it is possible to run them using only one container but Mailcow and Mailu both have more features. Apart from that there is now a way for the community to add containers: https://github.com/nextcloud/all-in-one/discussions/356#discussioncomment-7133547
+You can configure one yourself by using either of these four recommended projects: [Docker Mailserver](https://github.com/docker-mailserver/docker-mailserver/#docker-mailserver), [Mailu](https://github.com/Mailu/Mailu), [Maddy Mail Server](https://github.com/foxcpp/maddy#maddy-mail-server), [Mailcow](https://github.com/mailcow/mailcow-dockerized#mailcow-dockerized-------) or [Stalwart](https://stalw.art/). There is now a community container which allows to easily add Stalwart Mail server to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)

reverse-proxy.md

@@ -7,30 +7,49 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
 In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
-1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
+1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
 1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
 1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
 
-## 1. Add this to your reverse proxy config
-
 **Please note:** Since the Apache container gets created by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
 
-### Adaptation of the respective sample configuration
-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. Additionally, you might need to adjust `localhost` or `127.0.0.1` based on your setup. See below.
- 
-**Running the Reverse Proxy on the same server, not in a container**<br>
-For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
+## 1. Configure the reverse proxy
 
-**Running the Reverse Proxy in a Docker container on the same server**<br>
-For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
-Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+### Adapting the sample web server configurations below
+1. Replace `<your-nc-domain>` with the domain on which you want to run Nextcloud.
+1. Adjust the port `11000` to match your chosen `APACHE_PORT`.
+1. Adjust `localhost` or `127.0.0.1` to point to the Nextcloud server IP or domain depending on where the reverse proxy is running. See the following options.
 
-**Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
-For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
+    <details>
+
+    <summary>On the same server without a container</summary>
+
+    For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
+
+    </details>
+
+    <details>
+
+    <summary>On the same server in a Docker container</summary>
+
+    For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).
+
+    Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
+
+    </details>
+
+    <details>
+
+    <summary>On a different server (in container or not)</summary>
+
+    Use the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.
+    
+    If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
+
+    </details>
 
 ### Apache
 
@@ -97,7 +116,7 @@ Add this as a new Apache site config:
 </VirtualHost>
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 To make the config work you can run the following command:
 `sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
@@ -119,7 +138,7 @@ https://<your-nc-domain>:443 {
 ```
 The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/575#discussion-4055615) for a more complete example.
 
@@ -143,7 +162,7 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
         }
     }
     ```
-    ⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+    ⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
     You also need to adjust `<provider>` and `<key>` to match your case.
 
@@ -172,7 +191,7 @@ For a reverse proxy example guide for Citrix ADC VPX / Citrix Netscaler, see thi
 Although it does not seem like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. Please see the [caveats](https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel) before proceeding. Here is then how to make it work:
 
 1. Install the Cloudflare Tunnel on the same machine where AIO will be running on and point the Tunnel with the domain that you want to use for AIO to `http://localhost:11000`.<br>
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the domain validation (because it is known that the domain validation will not work behind a Cloudflare Tunnel). So you need to ensure yourself that you've configured everything correctly.
 
 **Advice:** Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
@@ -272,7 +291,7 @@ backend Nextcloud
     server Nextcloud localhost:11000 
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -362,7 +381,7 @@ server {
 
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Advice:** You may have a look at [this](https://github.com/nextcloud/all-in-one/discussions/588#discussioncomment-2811152) for a more complete example.
 
@@ -393,7 +412,7 @@ proxy_read_timeout 86400s;
 client_max_body_size 0;
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 Also change `<you>@<your-mail-provider-domain>` to a mail address of yours.
 
@@ -497,7 +516,7 @@ httpServer.on('upgrade', (req, socket, head) => {
 });
 ```
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -515,7 +534,7 @@ See these screenshots for a working config:
 
 ![image](https://user-images.githubusercontent.com/70434961/213193789-fa936edc-e307-4e6a-9a53-ae26d1bf2f42.jpg)
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 </details>
 
@@ -596,7 +615,7 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 ---
 
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 **Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
@@ -689,7 +708,7 @@ https://<your-nc-domain>:8443 {
     }
 }
 ```
-⚠️ **Please note:** Look into [this](#adaptation-of-the-respective-sample-configuration) to adapt the above example configuration.
+⚠️ **Please note:** Look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
@@ -699,7 +718,7 @@ If something does not work, follow the steps below:
 1. Make sure that you used the docker run command that is described in this reverse proxy documentation. **Hint:** make sure that you have set the `APACHE_PORT` via e.g. `--env APACHE_PORT=11000` during the docker run command!
 1. Make sure to set the `APACHE_IP_BINDING` variable correctly. If in doubt, set it to `--env APACHE_IP_BINDING=0.0.0.0`
 1. Make sure that all ports to which your reverse proxy is pointing match the chosen `APACHE_PORT`.
-1. Make sure to follow [this](#adaptation-of-the-respective-sample-configuration) to adapt the example configurations to your specific setup
+1. Make sure to follow [this](#adapting-the-sample-web-server-configurations-below) to adapt the example configurations to your specific setup
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
 1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Make sure that you are not behind CGNAT. If that is the case, you will not be able to open ports properly. In that case you might use a Cloudflare Tunnel.