Merge pull request #4886 from nextcloud/enh/noid/29.0.3

nextcloud: increase to 29.0.3

.github/workflows/helm-release.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@v1
+        uses: softprops/turnstyle@v2
         with:
           continue-after-seconds: 180
         env:

.github/workflows/imaginary-update.yml

@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v6

.github/workflows/nextcloud-update.yml

@@ -36,7 +36,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install memcached.*\;|pecl install memcached-$memcached_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install memcached.* |pecl install memcached-$memcached_version |" ./Containers/nextcloud/Dockerfile
         
         # Redis
         redis_version="$(
@@ -47,7 +47,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install redis.*\;|pecl install redis-$redis_version\;|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install redis.* |pecl install redis-$redis_version |" ./Containers/nextcloud/Dockerfile
         
         # Imagick
         imagick_version="$(
@@ -60,11 +60,22 @@ jobs:
         )"
         sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
 
+        # Igbinary
+        igbinary_version="$(
+          git ls-remote --tags https://github.com/igbinary/igbinary.git \
+            | cut -d/ -f3 \
+            | grep -viE '[a-z]' \
+            | tr -d '^{}' \
+            | sort -V \
+            | tail -1
+        )"
+        sed -i "s|pecl install igbinary.*\;|pecl install igbinary-$igbinary_version\;|" ./Containers/nextcloud/Dockerfile
+
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
         if [ -n "$NCVERSION" ]; then
-          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
+          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION=$NCVERSION|" ./Containers/nextcloud/Dockerfile
         fi
 
     - name: Create Pull Request

.github/workflows/talk.yml

@@ -21,7 +21,7 @@ jobs:
             | grep -E "^v[0-9\.]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION=$recording_version|" ./Containers/talk-recording/Dockerfile
         curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling

Containers/apache/Caddyfile

@@ -53,11 +53,11 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 
     # Nextcloud
     route {
-        rewrite /.well-known/carddav /remote.php/dav/
-        rewrite /.well-known/caldav /remote.php/dav/
         header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000
+        reverse_proxy 127.0.0.1:8000
     }
+    redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
 
     # TLS options
     tls {

Containers/apache/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine AS caddy
 
-FROM httpd:2.4.59-alpine3.19
+FROM httpd:2.4.59-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
@@ -16,8 +16,6 @@ VOLUME /mnt/data
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
     apk del --no-cache shadow; \

Containers/apache/healthcheck.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-nc -z localhost 8000 || exit 1
-nc -z localhost "$APACHE_PORT" || exit 1
+nc -z 127.0.0.1 8000 || exit 1
+nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
 if ! nc -z "$NC_DOMAIN" 443; then
     echo "Could not reach $NC_DOMAIN on port 443."
     exit 1

Containers/apache/start.sh

@@ -18,10 +18,11 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
 done
 
 # Get ipv4-address of Apache
-IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short +search | head -1)"
+# shellcheck disable=SC2153
+IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
 
 if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"

Containers/borgbackup/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 RUN set -ex; \
     \

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-53
+FROM clamav/clamav:1.3.1-57
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/collabora/Dockerfile

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.3.1.1
+FROM collabora/code:24.04.4.2.1
 
 USER root
-ARG DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 
 # hadolint ignore=DL3008
 RUN set -ex; \
@@ -17,5 +17,5 @@ RUN set -ex; \
 
 USER 100
 
-HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9980 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/docker-socket-proxy/Dockerfile

@@ -1,9 +1,9 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:2.9.7-alpine3.19
+FROM haproxy:3.0.2-alpine
 
 # hadolint ignore=DL3002
 USER root
-ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
+ENV NEXTCLOUD_HOST=nextcloud-aio-nextcloud
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

Containers/docker-socket-proxy/healthcheck.sh

@@ -1,4 +1,4 @@
 #!/bin/bash
 
 nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
-nc -z localhost 2375 || exit 1
+nc -z 127.0.0.1 2375 || exit 1

Containers/domaincheck/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \
@@ -16,5 +16,5 @@ COPY --chmod=775 start.sh /start.sh
 USER www-data
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/fulltextsearch/Dockerfile

@@ -1,10 +1,10 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.13.4
+FROM elasticsearch:8.14.1
 
 USER root
 
-ARG DEBIAN_FRONTEND noninteractive
+ARG DEBIAN_FRONTEND=noninteractive
 
 # hadolint ignore=DL3008
 RUN set -ex; \
@@ -19,5 +19,5 @@ RUN set -ex; \
 
 USER 1000:0
 
-HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/imaginary/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.22.3-alpine3.18 as go
+FROM golang:1.22.4-alpine3.20 AS go
 
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+ENV IMAGINARY_HASH=6cd9edd1d3fb151eb773c14552886e4fc8e50138
 
 RUN set -ex; \
     apk add --no-cache \
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.18.6
+FROM alpine:3.20.1
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \
@@ -30,7 +30,7 @@ RUN set -ex; \
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 COPY --chmod=775 start.sh /start.sh
 
-ENV PORT 9000
+ENV PORT=9000
 
 USER nobody
 
@@ -38,5 +38,5 @@ USER nobody
 ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/mastercontainer/Caddyfile

@@ -16,7 +16,7 @@
     }
 
     on_demand_tls {
-        ask http://localhost:9876/
+        ask http://127.0.0.1:9876/
     }
 }
 
@@ -26,7 +26,7 @@ http://:80 {
 
 https://:8443 {
 
-    reverse_proxy localhost:8000
+    reverse_proxy 127.0.0.1:8000
 
     tls {
         on_demand

Containers/mastercontainer/Dockerfile

@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.3-cli as docker
+FROM docker:26.1.4-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.8.4-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.7-fpm-alpine3.19
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.20/fpm/Dockerfile
+FROM php:8.3.8-fpm-alpine3.20
 
 EXPOSE 80
 EXPOSE 8080
@@ -21,8 +21,6 @@ WORKDIR /var/www/docker-aio
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
     \

Containers/mastercontainer/healthcheck.sh

@@ -1,10 +1,10 @@
 #!/bin/bash
 
 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    nc -z localhost 80 || exit 1
-    nc -z localhost 8000 || exit 1
-    nc -z localhost 8080 || exit 1
-    nc -z localhost 8443 || exit 1
-    nc -z localhost 9000 || exit 1
-    nc -z localhost 9876 || exit 1
+    nc -z 127.0.0.1 80 || exit 1
+    nc -z 127.0.0.1 8000 || exit 1
+    nc -z 127.0.0.1 8080 || exit 1
+    nc -z 127.0.0.1 8443 || exit 1
+    nc -z 127.0.0.1 9000 || exit 1
+    nc -z 127.0.0.1 9876 || exit 1
 fi

Containers/mastercontainer/mastercontainer.conf

@@ -19,7 +19,7 @@ Listen 8080
 
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://localhost:9000"
+        SetHandler "proxy:fcgi://127.0.0.1:9000"
     </FilesMatch>
     # Master dir
     DocumentRoot /var/www/docker-aio/php/public/
@@ -41,8 +41,8 @@ Listen 8080
 # Https host
 <VirtualHost *:8080>
     # Proxy to https
-    ProxyPass / http://localhost:8000/
-    ProxyPassReverse / http://localhost:8000/
+    ProxyPass / http://127.0.0.1:8000/
+    ProxyPassReverse / http://127.0.0.1:8000/
     ProxyPreserveHost On
     # SSL
     SSLCertificateKeyFile /etc/apache2/certs/ssl.key

Containers/nextcloud/Dockerfile

@@ -1,21 +1,22 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.2.19-fpm-alpine3.19
+FROM php:8.2.20-fpm-alpine3.20
 
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 10G
-ENV PHP_MAX_TIME 3600
-ENV SOURCE_LOCATION /usr/src/nextcloud
+ENV PHP_MEMORY_LIMIT=512M
+ENV PHP_UPLOAD_LIMIT=10G
+ENV PHP_MAX_TIME=3600
+ENV SOURCE_LOCATION=/usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.6
-ENV AIO_TOKEN 123456
-ENV AIO_URL localhost
+ENV NEXTCLOUD_VERSION=29.0.3
+ENV AIO_TOKEN=123456
+ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
 COPY supervisord.conf /supervisord.conf
+COPY root.motd /root.motd
 
 VOLUME /mnt/ncdata
 VOLUME /var/www/html
@@ -26,8 +27,6 @@ RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache shadow; \
     deluser www-data; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
     addgroup -g 33 -S www-data; \
     adduser -u 33 -D -S -G www-data www-data; \
     \
@@ -78,12 +77,16 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
+    pecl install igbinary-3.2.15; \ 
     pecl install APCu-5.1.23; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
+    pecl install memcached-3.2.0 \
+        --configureoptions 'enable-memcached-igbinary="yes"'; \
+    pecl install redis-6.0.2 \
+        --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"'; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
+        igbinary \
         apcu \
         memcached \
         redis \
@@ -99,6 +102,11 @@ RUN set -ex; \
     apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
     apk del .build-deps; \
     \
+    { \
+        echo 'apc.serializer=igbinary'; \
+        echo 'session.serialize_handler=igbinary'; \
+    } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
+    \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
     { \
@@ -118,6 +126,7 @@ RUN set -ex; \
         echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
         echo 'max_execution_time=${PHP_MAX_TIME}'; \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
+        echo 'default_socket_timeout=600'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
     { \
@@ -235,6 +244,7 @@ RUN set -ex; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
     cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
 # AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \

Containers/nextcloud/config/redis.config.php

@@ -6,7 +6,6 @@ if (getenv('REDIS_HOST')) {
     'redis' => array(
       'host' => getenv('REDIS_HOST'),
       'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-      // 'dbindex' => (int) getenv('REDIS_DB_INDEX'),
     ),
   );
 
@@ -15,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+
+  if (getenv('REDIS_DB_INDEX') !== false) {
+    $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
+  }
 }

Containers/nextcloud/config/s3.config.php

@@ -11,9 +11,11 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
         'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
         'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'sse_c_key' => getenv('OBJECTSTORE_S3_SSE_C_KEY') ?: '',
         'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
         'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
         'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
         'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,

Containers/nextcloud/entrypoint.sh

@@ -162,8 +162,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 declare -Ag APPSTORAGE
                 echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
                 for app in "${NC_APPS_ARRAY[@]}"; do
-                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
-                    php /var/www/html/occ app:disable "$app"
+                    if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
+                        php /var/www/html/occ app:disable "$app"
+                    else
+                        APPSTORAGE[$app]=""
+                        echo "Not disabling $app because the occ command to get the enabled state was failing."
+                    fi
                 done
             fi
 
@@ -563,7 +567,7 @@ fi
 IPv4_ADDRESS="$(dig nextcloud-aio-nextcloud A +short +search | head -1)" 
 # Bring it in CIDR notation 
 # shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')" 
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')" 
 php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
 
 if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then

Containers/nextcloud/healthcheck.sh

@@ -10,6 +10,6 @@ fi
 # shellcheck disable=SC2153
 nc -z "$POSTGRES_HOST" "$POSTGRES_PORT" || exit 0
 
-if ! nc -z localhost 9000; then
+if ! nc -z 127.0.0.1 9000; then
     exit 1
 fi

Containers/nextcloud/root.motd

@@ -0,0 +1,4 @@
+Warning: You have logged in into the Nextcloud container as root user.
+See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
+Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
+Of course <your-command> needs to be substituted with the command that you want to use.

Containers/notify-push/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/notify-push/healthcheck.sh

@@ -4,4 +4,4 @@ if ! nc -z "$NEXTCLOUD_HOST" 9001; then
     exit 0
 fi
 
-nc -z localhost 7867 || exit 1
+nc -z 127.0.0.1 7867 || exit 1

Containers/onlyoffice/Dockerfile

@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.0.1.1
+FROM onlyoffice/documentserver:8.1.0.1
 
 # USER root is probably used
 
-HEALTHCHECK CMD nc -z localhost 80 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 80 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.7-alpine
+FROM postgres:16.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/postgresql/healthcheck.sh

@@ -2,4 +2,4 @@
 
 test -f "/mnt/data/backup-is-running" && exit 0
 
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1

Containers/postgresql/start.sh

@@ -85,7 +85,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     exec docker-entrypoint.sh postgres &
 
     # Wait for creation
-    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:11000/$POSTGRES_DB" -c "select now()"; do
+    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
         echo "Waiting for the database to start."
         sleep 5
     done
@@ -99,7 +99,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     fi
 
     # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
         echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
         echo "It is not possible to import a database dump from this database owner."

Containers/talk-recording/Dockerfile

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.12.3-alpine3.19
+FROM python:3.12.4-alpine3.20
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v0.1
-ENV ALLOW_ALL false
-ENV HPB_PROTOCOL https
-ENV SKIP_VERIFY false
-ENV HPB_PATH /standalone-signaling/
+ENV RECORDING_VERSION=v0.1
+ENV ALLOW_ALL=false
+ENV HPB_PROTOCOL=https
+ENV SKIP_VERIFY=false
+ENV HPB_PATH=/standalone-signaling/
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -26,9 +26,8 @@ RUN set -ex; \
         pulseaudio \
         openssl \
         build-base \
-        linux-headers; \
-    # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+        linux-headers \
+        geckodriver; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
@@ -54,5 +53,5 @@ USER recording
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
-HEALTHCHECK CMD nc -z localhost 1234 || exit 1
+HEALTHCHECK CMD nc -z 127.0.0.1 1234 || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/talk/Dockerfile

@@ -1,10 +1,10 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.10.16-scratch as nats
+FROM nats:2.10.16-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.3.1 as signaling
-FROM alpine:3.19.1 as janus
+FROM strukturag/nextcloud-spreed-signaling:1.3.1 AS signaling
+FROM alpine:3.20.1 AS janus
 
-ARG JANUS_VERSION=v0.14.2
+ARG JANUS_VERSION=v0.14.3
 WORKDIR /src
 RUN set -ex; \
     apk add --no-cache \
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

Containers/talk/healthcheck.sh

@@ -1,11 +1,7 @@
 #!/bin/bash
 
-nc -z localhost 8081 || exit 1
-nc -z localhost 8188 || exit 1
-nc -z localhost 4222 || exit 1
-nc -z localhost "$TALK_PORT" || exit 1
+nc -z 127.0.0.1 8081 || exit 1
+nc -z 127.0.0.1 8188 || exit 1
+nc -z 127.0.0.1 4222 || exit 1
+nc -z 127.0.0.1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
-if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
-    echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
-    exit 1
-fi

Containers/talk/start.sh

@@ -20,8 +20,10 @@ fi
 
 set -x
 IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+# shellcheck disable=SC2153
+IPv4_ADDRESS_TALK="$(dig "$TALK_HOST" IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+# shellcheck disable=SC2153
+IPv6_ADDRESS_TALK="$(dig "$TALK_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
 if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then

Containers/watchtower/Dockerfile

@@ -1,8 +1,8 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.7.1 as watchtower
+FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.19.1
+FROM alpine:3.20.1
 
 RUN apk upgrade --no-cache -a; \
     apk add --no-cache bash

app/appinfo/info.xml

@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.5.0</version>
+	<version>0.6.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="27" max-version="28"/>
+		<nextcloud min-version="28" max-version="29"/>
 	</dependencies>
 
 	<settings>

community-containers/caddy/readme.md

@@ -1,11 +1,14 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb by listening on `tables.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using an A, AAAA or CNAME record so that caddy can get a certificate automatically for stalwart.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

community-containers/facerecognition/facerecognition.json

@@ -10,10 +10,11 @@
             "restart": "unless-stopped",
             "environment": [
                 "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key"
+                "API_KEY=some-super-secret-api-key",
+                "FACE_MODEL=3"
             ],
             "aio_variables": [
-                "nextcloud_memory_limit=4096M"
+                "nextcloud_memory_limit=2048M"
             ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install facerecognition",
@@ -21,7 +22,7 @@
                 "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
                 "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
                 "php /var/www/html/occ face:setup -m 5",
-                "php /var/www/html/occ face:setup -M 4G",
+                "php /var/www/html/occ face:setup -M 1G",
                 "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
                 "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",

community-containers/facerecognition/readme.md

@@ -3,7 +3,6 @@ This container bundles the external model of facerecognition and auto-configures
 
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
-- Currently, in order to run this correctly, your server should have at least 6 GB of RAM, better 8 GB of RAM.
 - Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
     ```bash
     # Go into the container

community-containers/local-ai/readme.md

@@ -2,7 +2,6 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- This container does not work on arm64! If you add the container on arm64, it will fail to start because no image for arm64 is available!
 - Make sure to have enough storage space available. This container alone needs ~7GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):

community-containers/nocodb/nocodb.json

@@ -0,0 +1,43 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-nocodb",
+            "display_name": "NocoDB",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb",
+            "image": "docjyj/aio-nocodb",
+            "image_tag": "%AIO_CHANNEL%",
+            "internal_port": "10028",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "%APACHE_IP_BINDING%",
+                    "port_number": "10028",
+                    "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "NC_AUTH_JWT_SECRET=%NOCODB_JWT_SECRET%",
+                "NC_PUBLIC_URL=https://tables.%NC_DOMAIN%/",
+                "NC_DASHBOARD_URL=/",
+                "NC_ADMIN_EMAIL=admin@noco.db",
+                "NC_ADMIN_PASS=%NOCODB_USER_PASS%",
+                "PORT=10028",
+                "NC_DISABLE_TELE=true"
+            ],
+            "secrets": [
+                "NOCODB_JWT_SECRET",
+                "NOCODB_USER_PASS"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_nocodb",
+                    "destination": "/usr/app/data",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_nocodb"
+            ]
+        }
+    ]
+}

community-containers/nocodb/readme.md

@@ -0,0 +1,28 @@
+> [!NOTE]
+> This container is there to compensate for the lack of functionality in Nextcloud Tables.
+>
+> When Nextcloud Tables V2 is released, I will stop checking for updates, and will no longer fix any potential issues.
+>
+> Some missing functionality in Nextcloud Tables:
+> - Multiple view layout (Gantt, Kanban, Calendar...)
+> - Field (Person, Tag, File...)
+> - See more here https://github.com/nextcloud/tables/issues/103 
+
+## NocoDb server
+This container bundles NocoDb without synchronization with Nextcloud.
+
+This is an alternative of **Airtable**.
+
+### Notes
+- You need to configure a reverse proxy in order to run this container since nocodb needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
+- Currently, only `tables.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, nocodb will use `tables.your-domain.com`.
+- The data of NocoDb will be automatically included in AIOs backup solution!
+- After adding and starting the container, you need to run `docker inspect nextcloud-aio-nocodb  | grep NC_ADMIN_PASS` to obtain the system administrator password (username: `admin@noco.db`). With this information, you can log in to the web interface at `https://tables.$NC_DOMAIN/#/signin`
+- See https://docs.nocodb.com/ for usage of NocoDb
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/docjyJ/aio-nocodb
+
+### Maintainer
+https://github.com/docjyJ

community-containers/stalwart/readme.md

@@ -4,7 +4,7 @@
 > The stability of Stalwart services is not guaranteed.
 > Do not use this feature as a main mail server without a redundancy system and without knowledge.
 > 
-> To learn or use as a secondary server enjoy it and please report bugs at [marcoambrosini/aio-stalwart](https://github.com/marcoambrosini/aio-stalwart/issues).
+> To learn or use as a secondary server enjoy it and please report bugs at [docjyj/aio-stalwart](https://github.com/docjyj/aio-stalwart/issues).
 
 ## Stalwart mail server
 This container bundles stalwart mail server and auto-configures it for you.
@@ -15,14 +15,14 @@ This container bundles stalwart mail server and auto-configures it for you.
 - You need to configure a reverse proxy in order to run this container since stalwart needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy.
 - Currently, only `mail.$NC_DOMAIN` is supported as subdomain! So if Nextcloud is using `your-domain.com`, Stalwart will use `mail.your-domain.com`.
 - The data of Stalwart will be automatically included in AIOs backup solution!
-- After adding and starting the container, you need to run `docker logs nextcloud-aio-stalwart` to obtain the system administrator account and password. With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
+- After adding and starting the container, you need to run `docker inspect nextcloud-aio-stalwart  | grep STALWART_USER_PASS` to obtain the system administrator password (username: `admin`). With this information, you can log in to the web interface at `https://mail.your-domain.com/login`
 - See https://stalw.art/docs/install/docker/ for next steps.
 - Additionally, you might want to install and configure [snappymail](https://apps.nextcloud.com/apps/snappymail) or [mail](https://apps.nextcloud.com/apps/mail) inside Nextcloud in order to use your mail accounts for sending and retrieving mails.
 - See https://stalw.art/docs/faq for further faq and docs on the project
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository
-https://github.com/marcoambrosini/aio-stalwart
+https://github.com/docjyj/aio-stalwart
 
 ### Maintainer
-https://github.com/marcoambrosini
+https://github.com/docjyj

community-containers/stalwart/stalwart.json

@@ -4,8 +4,8 @@
             "container_name": "nextcloud-aio-stalwart",
             "display_name": "Stalwart",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
-            "image": "marcoambrosini/aio-stalwart",
-            "image_tag": "v2",
+            "image": "docjyj/aio-stalwart",
+            "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10003",
             "restart": "unless-stopped",
             "ports": [
@@ -47,7 +47,11 @@
             ],
             "environment": [
                 "TZ=%TIMEZONE%",
-                "NC_DOMAIN=%NC_DOMAIN%"
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "STALWART_USER_PASS=%STALWART_USER_PASS%"
+            ],
+            "secrets": [
+                "STALWART_USER_PASS"
             ],
             "volumes": [
                 {

manual-install/latest.yml

@@ -24,6 +24,7 @@ services:
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - APACHE_HOST=nextcloud-aio-apache
       - COLLABORA_HOST=nextcloud-aio-collabora
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT=${APACHE_PORT}
@@ -218,6 +219,7 @@ services:
       - nextcloud-aio
     cap_add:
       - MKNOD
+      - SYS_ADMIN
     cap_drop:
       - NET_RAW
 
@@ -231,6 +233,7 @@ services:
       - "8081"
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
+      - TALK_HOST=nextcloud-aio-talk
       - TURN_SECRET=${TURN_SECRET}
       - SIGNALING_SECRET=${SIGNALING_SECRET}
       - TZ=${TIMEZONE}

manual-upgrade.md

@@ -1,26 +1,123 @@
 # Manual upgrade
 
-If you do not install any upgrade for around 6-12 months or longer, it can happen that your instance is so outdated that in the meantime the PHP version of the Nextcloud container got bumped to a version that is not compatible with your currently installed Nextcloud version which means that after doing an upgrade after this long time, Nextcloud will suddenly not work anymore. There is unfortunately no way to fix this from the maintainer side if you refrain from upgrading for so long.
+If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
+There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
 
-The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below:
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
 
-1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
-1. Do **not** click on `Stop containers` because you will need them running going forward, see below
-1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+---
 
-1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
-1. Run the following commands in order to reverse engineer the Nextcloud container:
+## Method 1
+
+1. Start all containers from the AIO interface 
+    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
+    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
+2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
+    - There you will find information about the max. supported PHP version
+    - **Make a mental note of this**
+3. Stop the Nextcloud container and the Apache container by running 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
+    ```
+4. Run the following commands in order to reverse engineer the Nextcloud container:
     ```bash
         sudo docker pull assaflavie/runlike
         echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
         sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
         sudo chown root:root /tmp/nextcloud-aio-nextcloud
     ```
-1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest`. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
-1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
-1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
+
+
+| To change                              | Replace with                                        |
+|----------------------------------------|-----------------------------------------------------|
+| `nextcloud/aio-nextcloud:latest`       | `nextcloud/aio-nextcloud:php{version}-latest`       |
+| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` |
+
+
+
+ - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
+ - However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+ - Using nano and the arrow keys to navigate:
+  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
+6. Next, stop and remove the current container: 
+    ```bash
+        sudo docker stop nextcloud-aio-nextcloud
+        sudo docker rm nextcloud-aio-nextcloud
+    ```
+7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
 **Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
-1. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
-1. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
-1. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
-1. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Also you should think about enabling daily backups if doing regularl upgrades is too much effort for you.
+8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
+
+---
+
+## Method 2
+#### *Approach using portainer if method 1 does not work for you*
+
+Prerequisite: have all containers from AIO interface running.
+
+<details>
+<summary>Click to expand</summary>
+
+##### 1. Install portainer if not installed:
+```bash
+docker volume create portainer_data
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
+```
+- If you have a reverse proxy
+    - you can setup and navigate using a domain name.
+- For the **standard** AIO install
+    - Open port 9443 on your firewall
+    - navigate to `https://<server-ip>:9443`
+- Accept the insecure self-signed certificate and set an admin password
+- If prompted to add an environment
+    - add local
+
+##### 2. Within the local portainer environment navigate to the **containers** tab 
+- Here you should see all the various containers running
+
+##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
+
+-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
+    - or you can click into individual containers and stop them there
+
+##### 4. Find the version of PHP compatible with the running nextcloud container
+- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
+```logs
+This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
+```
+Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
+ - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
+
+##### 5. Find the correct container version
+In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
+
+##### 6. Replace the container
+- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
+- Click ```Duplicate/Edit```
+- Within image, change this to the correct version from Step 5
+- Click ```Deploy the container```
+    - if you are prompted to force repull the image click the slider and press pull image
+
+*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
+
+Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
+
+#### Now you can handle everything through the AIO admin interface and stop and restart the containers normally.
+
+---
+
+##### 7. Last Step is removing portainer if you don't want to keep it
+
+```bash
+docker stop portainer
+docker rm portainer
+docker volume rm portainer_data
+```
+- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
+
+</details>

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 8.3.0
+version: 9.0.1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -44,6 +44,8 @@ spec:
         - env:
             - name: ADDITIONAL_TRUSTED_DOMAIN
               value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
+            - name: APACHE_HOST
+              value: nextcloud-aio-apache
             - name: APACHE_MAX_SIZE
               value: "{{ .Values.APACHE_MAX_SIZE }}"
             - name: APACHE_MAX_TIME
@@ -64,7 +66,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-apache:20240617_084300-latest"
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -59,7 +59,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-clamav:20240617_084300-latest"
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -36,7 +36,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-collabora:20240617_084300-latest"
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -70,7 +70,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-postgresql:20240617_084300-latest"
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -60,7 +60,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-fulltextsearch:20240617_084300-latest"
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -28,7 +28,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-imaginary:20240617_084300-latest"
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -173,7 +173,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-nextcloud:20240617_084300-latest"
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-notify-push:20240617_084300-latest"
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -48,7 +48,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-onlyoffice:20240617_084300-latest"
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-redis:20240617_084300-latest"
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,13 +34,15 @@ spec:
               value: "{{ .Values.NC_DOMAIN }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: TALK_HOST
+              value: nextcloud-aio-talk
             - name: TALK_PORT
               value: "{{ .Values.TALK_PORT }}"
             - name: TURN_SECRET
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk:20240617_084300-latest"
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -32,7 +32,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240606_075829-latest"
+          image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/aio-talk-recording:20240617_084300-latest"
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

php/composer.lock

@@ -830,16 +830,16 @@
         },
         {
             "name": "psr/http-message",
-            "version": "1.1",
+            "version": "2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-message.git",
-                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba"
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-message/zipball/cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
-                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/402d35bcb92c70c026d1a6a9883f06b2ead23d71",
+                "reference": "402d35bcb92c70c026d1a6a9883f06b2ead23d71",
                 "shasum": ""
             },
             "require": {
@@ -848,7 +848,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.1.x-dev"
+                    "dev-master": "2.0.x-dev"
                 }
             },
             "autoload": {
@@ -863,7 +863,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP messages",
@@ -877,9 +877,9 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-message/tree/1.1"
+                "source": "https://github.com/php-fig/http-message/tree/2.0"
             },
-            "time": "2023-04-04T09:50:52+00:00"
+            "time": "2023-04-04T09:54:51+00:00"
         },
         {
             "name": "psr/http-server-handler",
@@ -1090,30 +1090,30 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.4.0",
+            "version": "1.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "f66be9740283ed4f432535aff3623540e178013a"
+                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/f66be9740283ed4f432535aff3623540e178013a",
-                "reference": "f66be9740283ed4f432535aff3623540e178013a",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/179cbcf40ee1d246d4906aefed42d3e62066974b",
+                "reference": "179cbcf40ee1d246d4906aefed42d3e62066974b",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.4 || ^8.0",
-                "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.0",
+                "psr/http-factory": "^1.1",
+                "psr/http-message": "^1.0 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.18",
-                "phpspec/prophecy-phpunit": "^2.1",
+                "phpspec/prophecy": "^1.19",
+                "phpspec/prophecy-phpunit": "^2.2",
                 "phpunit/phpunit": "^9.6",
-                "squizlabs/php_codesniffer": "^3.8"
+                "squizlabs/php_codesniffer": "^3.10"
             },
             "type": "library",
             "autoload": {
@@ -1142,22 +1142,22 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.4.0"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.5.0"
             },
-            "time": "2024-01-22T09:08:27+00:00"
+            "time": "2024-06-08T16:37:18+00:00"
         },
         {
             "name": "slim/slim",
-            "version": "4.13.0",
+            "version": "4.14.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17"
+                "reference": "5943393b88716eb9e82c4161caa956af63423913"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/038fd5713d5a41636fdff0e8dcceedecdd17fc17",
-                "reference": "038fd5713d5a41636fdff0e8dcceedecdd17fc17",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/5943393b88716eb9e82c4161caa956af63423913",
+                "reference": "5943393b88716eb9e82c4161caa956af63423913",
                 "shasum": ""
             },
             "require": {
@@ -1165,7 +1165,7 @@
                 "nikic/fast-route": "^1.3",
                 "php": "^7.4 || ^8.0",
                 "psr/container": "^1.0 || ^2.0",
-                "psr/http-factory": "^1.0",
+                "psr/http-factory": "^1.1",
                 "psr/http-message": "^1.1 || ^2.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0",
@@ -1182,11 +1182,12 @@
                 "nyholm/psr7-server": "^1.1",
                 "phpspec/prophecy": "^1.19",
                 "phpspec/prophecy-phpunit": "^2.1",
-                "phpstan/phpstan": "^1.10",
+                "phpstan/phpstan": "^1.11",
                 "phpunit/phpunit": "^9.6",
                 "slim/http": "^1.3",
                 "slim/psr7": "^1.6",
-                "squizlabs/php_codesniffer": "^3.9"
+                "squizlabs/php_codesniffer": "^3.10",
+                "vimeo/psalm": "^5.24"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1259,7 +1260,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-03-03T21:25:30+00:00"
+            "time": "2024-06-13T08:54:48+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -1395,16 +1396,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4"
+                "reference": "0424dff1c58f028c451efff2045f5d92410bd540"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/ef4d7e442ca910c4764bce785146269b30cb5fc4",
-                "reference": "ef4d7e442ca910c4764bce785146269b30cb5fc4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/0424dff1c58f028c451efff2045f5d92410bd540",
+                "reference": "0424dff1c58f028c451efff2045f5d92410bd540",
                 "shasum": ""
             },
             "require": {
@@ -1454,7 +1455,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1470,20 +1471,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-05-31T15:07:36+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec"
+                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
-                "reference": "9773676c8a1bb1f8d4340a62efe641cf76eda7ec",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/fd22ab50000ef01661e2a31d850ebaa297f8e03c",
+                "reference": "fd22ab50000ef01661e2a31d850ebaa297f8e03c",
                 "shasum": ""
             },
             "require": {
@@ -1534,7 +1535,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1550,20 +1551,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-06-19T12:30:46+00:00"
         },
         {
             "name": "symfony/polyfill-php80",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php80.git",
-                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b"
+                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
-                "reference": "87b68208d5c1188808dd7839ee1e6c8ec3b02f1b",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/77fa7995ac1b21ab60769b7323d600a991a90433",
+                "reference": "77fa7995ac1b21ab60769b7323d600a991a90433",
                 "shasum": ""
             },
             "require": {
@@ -1614,7 +1615,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php80/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1630,20 +1631,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-05-31T15:07:36+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.29.0",
+            "version": "v1.30.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d"
+                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/c565ad1e63f30e7477fc40738343c62b40bc672d",
-                "reference": "c565ad1e63f30e7477fc40738343c62b40bc672d",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/3fb075789fb91f9ad9af537c4012d523085bd5af",
+                "reference": "3fb075789fb91f9ad9af537c4012d523085bd5af",
                 "shasum": ""
             },
             "require": {
@@ -1690,7 +1691,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.29.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.30.0"
             },
             "funding": [
                 {
@@ -1706,7 +1707,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2024-01-29T20:11:03+00:00"
+            "time": "2024-06-19T12:30:46+00:00"
         },
         {
             "name": "twig/twig",

php/containers.json

@@ -29,6 +29,7 @@
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
+        "APACHE_HOST=nextcloud-aio-apache",
         "COLLABORA_HOST=nextcloud-aio-collabora",
         "TALK_HOST=nextcloud-aio-talk",
         "APACHE_PORT=%APACHE_PORT%",
@@ -346,7 +347,8 @@
         "nextcloud-aio"
       ],
       "cap_add": [
-        "MKNOD"
+        "MKNOD",
+        "SYS_ADMIN"
       ],
       "cap_drop": [
         "NET_RAW"
@@ -376,6 +378,7 @@
       "internal_port": "%TALK_PORT%",
       "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
+        "TALK_HOST=nextcloud-aio-talk",
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
         "TZ=%TIMEZONE%",

php/domain-validator.php

@@ -2,11 +2,11 @@
 
 $domain = $_GET['domain'] ?? '';
 
-if (strpos($domain, '.') === false) { 
+if (!str_contains($domain, '.')) { 
     http_response_code(400); 
-} elseif (strpos($domain, '/') !== false) { 
+} elseif (str_contains($domain, '/')) { 
     http_response_code(400);  
-} elseif (strpos($domain, ':') !== false) { 
+} elseif (str_contains($domain, ':')) { 
     http_response_code(400);  
 } elseif (filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) === false) { 
     http_response_code(400); 

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.24.0@462c80e31c34e58cc4f750c656be3927e80e550e"/>
+<files psalm-version="5.25.0@01a8eb06b9e9cc6cfb6a320bf9fb14331919d505"/>

php/src/Data/ConfigurationManager.php

@@ -271,17 +271,17 @@ class ConfigurationManager
      */
     public function SetDomain(string $domain) : void {
         // Validate that at least one dot is contained
-        if (strpos($domain, '.') === false) {
+        if (!str_contains($domain, '.')) {
             throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
         }
 
         // Validate that no slashes are contained
-        if (strpos($domain, '/') !== false) {
+        if (str_contains($domain, '/')) {
             throw new InvalidSettingConfigurationException("Domain must not contain slashes!");
         }
 
         // Validate that no colons are contained
-        if (strpos($domain, ':') !== false) {
+        if (str_contains($domain, ':')) {
             throw new InvalidSettingConfigurationException("Domain must not contain colons!");
         }
 

php/src/Docker/DockerActionManager.php

@@ -44,7 +44,7 @@ class DockerActionManager
     }
 
     private function BuildApiUrl(string $url) : string {
-        return sprintf('http://localhost/%s/%s', self::API_VERSION, $url);
+        return sprintf('http://127.0.0.1/%s/%s', self::API_VERSION, $url);
     }
 
     private function BuildImageName(Container $container) : string {
@@ -166,7 +166,7 @@ class DockerActionManager
     {
         $url = $this->BuildApiUrl(
             sprintf(
-                'containers/%s/logs?stdout=true&stderr=true',
+                'containers/%s/logs?stdout=true&stderr=true&timestamps=true',
                 urlencode($id)
             ));
         $responseBody = (string)$this->guzzleClient->get($url)->getBody();
@@ -223,12 +223,12 @@ class DockerActionManager
     public function CreateContainer(Container $container) : void {
         $volumes = [];
         foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-            // NEXTCLOUD_MOUNT gets added via bind-mount later on
-            if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-                if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-            }
+            // // NEXTCLOUD_MOUNT gets added via bind-mount later on
+            // if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            //     if ($volume->name === $this->configurationManager->GetNextcloudMount()) {
+            //         continue;
+            //     }
+            // }
 
             $volumeEntry = $volume->name . ':' . $volume->mountPoint;
             if ($volume->isWritable) {
@@ -560,14 +560,14 @@ class DockerActionManager
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
             // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
             $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
-        // Special things for the nextcloud container which should not be exposed in the containers.json
-        } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
-            foreach ($container->GetVolumes()->GetVolumes() as $volume) {
-                if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
-                    continue;
-                }
-                $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
-            }
+        // // Special things for the nextcloud container which should not be exposed in the containers.json
+        // } elseif ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+        //     foreach ($container->GetVolumes()->GetVolumes() as $volume) {
+        //         if ($volume->name !== $this->configurationManager->GetNextcloudMount()) {
+        //             continue;
+        //         }
+        //         $mounts[] = ["Type" => "bind", "Source" => $volume->name, "Target" => $volume->mountPoint, "ReadOnly" => !$volume->isWritable, "BindOptions" => [ "Propagation" => "rshared"]];
+        //     }
         // Special things for the caddy community container
         } elseif ($container->GetIdentifier() === 'nextcloud-aio-caddy') {
             $requestBody['HostConfig']['ExtraHosts'] = ['host.docker.internal:host-gateway'];

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v8.3.0</h1>
+        <h1>Nextcloud AIO v9.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -31,7 +31,7 @@
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
         {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-        {% set newMajorVersion = 29 %}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -70,7 +70,8 @@
             {% elseif automatic_updates == true %}
                 The whole process can take a while as your containers will be updated.<br /><br />
             {% endif %}
-            <a href="" class="button reload">Reload ↻</a><br/>
+            <a href="" class="button reload">Reload ↻</a><br/><br/>
+            If the daily bacckup should be stuck somehow, you can make it unstuck by running <strong>sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/daily_backup_running</strong> and afterwards reloading this interface.<br /><br />
         {% elseif isWatchtowerRunning == true %}
             <span class="status running"></span> Mastercontainer update currently running. Once the update is complete the mastercontainer will restart, making it unavailable for a moment. Please wait until it's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower" target="_blank" rel="noopener">Logs</a>)<br /><br />
             <a href="" class="button reload">Reload ↻</a><br/>

readme.md

@@ -310,10 +310,13 @@ You can switch to a different channel like e.g. the beta channel or from the bet
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
 
-If a new `Mastercontainer` update was found, you'll see an additional section below the `containers` section which shows that a mastercontainer update is available. If so, you can simply press on the button to update the container.
+If a new `mastercontainer` update was found, you'll see a note below the `Stop containers` button that allows to show the changelog. If you click that button and the containers are stopped, you will see a new button that allows to update the mastercontainer. After doing so and after the update is gone through, you will have the  option again to `Start and update containers`. It is recommended to create a backup before clicking the `Start and update containers` button.
 
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.
 
+#### How often are update notifications sent?
+AIO ships its own update notifications implementation. It checks if container updates are available. If so, it sends a notification with the title `Container updates available!` on saturdays to Nextcloud users that are part of the `admin` group. If the Nextcloud container image should be older than 90 days (~3 months) and thus badly outdated, AIO sends a notification to all Nextcloud users with the title `AIO is outdated!`. Thus admins should make sure to update the container images at least once every 3 months in order to make sure that the instance gets all security bugfixes as soon as possible.
+
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
 
@@ -372,9 +375,9 @@ If you connect an external drive to your host, and choose the backup directory t
 
 Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore selected backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 
 
-The backups itself get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
+The backups themselves get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.
 
-Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.
+Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to automatically update all containers, Nextcloud and its apps.
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 
@@ -665,7 +668,7 @@ You might want to adjust the Nextcloud apps that are installed upon the first st
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.19. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.20. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 
@@ -821,3 +824,6 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
 1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
+
+### Securing the AIO interface from unauthorized ACME challenges
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.