Add dev convenience script for building containers

Merge pull request #7845 from nextcloud/enh/noid/fix-automatic-reloading
aio-interface: fix page not automatic reloading after container starting progress spinner
2026-05-22 19:30:11 +00:00 · 2026-04-02 10:31:30 -07:00 · 2026-04-02 14:17:06 +02:00 · 2026-04-02 14:06:39 +02:00 · 2026-04-02 13:52:52 +02:00 · 2026-04-02 13:50:47 +02:00
12 changed files with 77 additions and 56 deletions
--- a/Containers/mastercontainer/internal.Caddyfile
+++ b/Containers/mastercontainer/internal.Caddyfile
@@ -1,8 +1,11 @@
 {
 	admin off

+	# auto_https will be handled manually in acme.Caddyfile
+	auto_https disable_redirects
+
 	storage file_system {
-		root /mnt/docker-aio-config/caddy/
+		root /mnt/docker-aio-config/caddy-internal/
 	}

 	log {
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -364,6 +364,7 @@ fi
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
 mkdir -p /mnt/docker-aio-config/caddy/
+mkdir -p /mnt/docker-aio-config/caddy-internal/

 # Adjust permissions for all instances
 chmod 770 -R /mnt/docker-aio-config
@@ -371,6 +372,7 @@ chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
+chown www-data:www-data -R /mnt/docker-aio-config/caddy-internal/

 print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0

 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=32.0.7
+ENV NEXTCLOUD_VERSION=32.0.8
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4039,16 +4039,16 @@
        },
        {
            "name": "symfony/console",
-            "version": "v6.4.35",
+            "version": "v6.4.36",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/console.git",
-                "reference": "49257c96304c508223815ee965c251e7c79e614e"
+                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/49257c96304c508223815ee965c251e7c79e614e",
-                "reference": "49257c96304c508223815ee965c251e7c79e614e",
+                "url": "https://api.github.com/repos/symfony/console/zipball/9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
+                "reference": "9f481cfb580db8bcecc9b2d4c63f3e13df022ad5",
                "shasum": ""
            },
            "require": {
@@ -4113,7 +4113,7 @@
                "terminal"
            ],
            "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.35"
+                "source": "https://github.com/symfony/console/tree/v6.4.36"
            },
            "funding": [
                {
@@ -4133,20 +4133,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-03-06T13:31:08+00:00"
+            "time": "2026-03-27T15:30:51+00:00"
        },
        {
            "name": "symfony/filesystem",
-            "version": "v8.0.6",
+            "version": "v8.0.8",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/filesystem.git",
-                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770"
+                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/7bf9162d7a0dff98d079b72948508fa48018a770",
-                "reference": "7bf9162d7a0dff98d079b72948508fa48018a770",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/66b769ae743ce2d13e435528fbef4af03d623e5a",
+                "reference": "66b769ae743ce2d13e435528fbef4af03d623e5a",
                "shasum": ""
            },
            "require": {
@@ -4183,7 +4183,7 @@
            "description": "Provides basic utilities for the filesystem",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.0.6"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.8"
            },
            "funding": [
                {
@@ -4203,7 +4203,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-02-25T16:59:43+00:00"
+            "time": "2026-03-30T15:14:47+00:00"
        },
        {
            "name": "symfony/finder",
@@ -4609,16 +4609,16 @@
        },
        {
            "name": "symfony/string",
-            "version": "v7.4.6",
+            "version": "v7.4.8",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/string.git",
-                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b"
+                "reference": "114ac57257d75df748eda23dd003878080b8e688"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/9f209231affa85aa930a5e46e6eb03381424b30b",
-                "reference": "9f209231affa85aa930a5e46e6eb03381424b30b",
+                "url": "https://api.github.com/repos/symfony/string/zipball/114ac57257d75df748eda23dd003878080b8e688",
+                "reference": "114ac57257d75df748eda23dd003878080b8e688",
                "shasum": ""
            },
            "require": {
@@ -4676,7 +4676,7 @@
                "utf8"
            ],
            "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.6"
+                "source": "https://github.com/symfony/string/tree/v7.4.8"
            },
            "funding": [
                {
@@ -4696,7 +4696,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-02-09T09:33:46+00:00"
+            "time": "2026-03-24T13:12:05+00:00"
        },
        {
            "name": "vimeo/psalm",
--- a/php/public/automatic_reload.js
+++ b/php/public/automatic_reload.js
@@ -1,4 +1,4 @@
-document.addEventListener("DOMContentLoaded", function(event) {
+window.addEventListener("load", function(event) {
    if (document.hasFocus()) {
        // hide reload button if the site reloads automatically
        let list = document.getElementsByClassName("reload button");
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -29,9 +29,6 @@ function showPassword(id) {
    const xhr = e.target;
    if (xhr.status === 201) {
      window.location.replace(xhr.getResponseHeader('Location'));
-    } else if ([422, 429].includes(xhr.status)) {
-      disableSpinner()
-      showError(xhr.response);
    } else if (xhr.status === 422) {
      disableSpinner()
      showError(xhr.response);
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -26,6 +26,7 @@ readonly class AuthManager {
    public function SetAuthState(bool $isLoggedIn) : void {

        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            session_regenerate_id(true);
            $date = new DateTime();
            $dateTime = $date->getTimestamp();
            $_SESSION['date_time'] = $dateTime;
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -11,52 +11,23 @@ use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;

 readonly class LoginController {
-    private const int MAX_LOGIN_ATTEMPTS_PER_TTL = 5;
-    private const int LOGIN_COUNTER_TTL = 300;
-    private const string RATE_LIMIT_CACHE_KEY = 'login_failed_attempts';
-
    public function __construct(
        private AuthManager $authManager,
        private DockerActionManager $dockerActionManager,
    ) {
    }

-    private function getFailedLoginCount() : int {
-        $count = apcu_fetch(self::RATE_LIMIT_CACHE_KEY);
-        return $count !== false ? (int)$count : 0;
-    }
-
-    private function incrementFailedLoginCount() : void {
-        if (!apcu_exists(self::RATE_LIMIT_CACHE_KEY)) {
-            apcu_store(self::RATE_LIMIT_CACHE_KEY, 1, self::LOGIN_COUNTER_TTL);
-        } else {
-            apcu_inc(self::RATE_LIMIT_CACHE_KEY);
-        }
-    }
-
-    private function resetFailedLoginCount() : void {
-        apcu_delete(self::RATE_LIMIT_CACHE_KEY);
-    }
-
    public function TryLogin(Request $request, Response $response, array $args) : Response {
        if (!$this->dockerActionManager->isLoginAllowed()) {
            $response->getBody()->write("The login is blocked since Nextcloud is running.");
            return $response->withHeader('Location', '.')->withStatus(422);
        }
-
-        if ($this->getFailedLoginCount() >= self::MAX_LOGIN_ATTEMPTS_PER_TTL) {
-            $response->getBody()->write("Too many failed login attempts. Please try again in some minutes.");
-            return $response->withHeader('Location', '.')->withStatus(429);
-        }
-
        $password = $request->getParsedBody()['password'] ?? '';
        if($this->authManager->CheckCredentials($password)) {
-            $this->resetFailedLoginCount();
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '.')->withStatus(201);
        }

-        $this->incrementFailedLoginCount();
        $response->getBody()->write("The password is incorrect.");
        return $response->withHeader('Location', '.')->withStatus(422);
    }
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -657,7 +657,7 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("Please enter your current password.");
        }

-        if ($currentPassword !== $this->password) {
+        if (!hash_equals($this->password, $currentPassword)) {
            throw new InvalidSettingConfigurationException("The entered current password is not correct.");
        }

--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -635,7 +635,7 @@
            {% endif %}

        {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
-            <script type="text/javascript" src="automatic_reload.js"></script>
+            <script type="text/javascript" src="automatic_reload.js?v1"></script>
        {% else %}
            <script type="text/javascript" src="before-unload.js"></script>
        {% endif %}
--- a/readme.md
+++ b/readme.md
@@ -151,7 +151,7 @@ sudo docker run \
  - `--sig-proxy=false` — prevents Ctrl+C in the attached terminal from stopping the container.  
  - `--name nextcloud-aio-mastercontainer` — the container name. Do not change this name; mastercontainer updates rely on it.  
  - `--restart always` — ensures the container restarts automatically with the Docker daemon.  
-  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates). Not required if you run AIO behind a reverse proxy.  
+  - `--publish 80:80` — publishes container port 80 on host port 80 (used for ACME http-challenge when obtaining certificates, used for for the AIO-interface running inside the mastercontainer). Not required if you run AIO behind a reverse proxy.
  - `--publish 8080:8080` — publishes the AIO interface (self-signed certificate) on host port 8080. You may map a different host port if 8080 is in use (e.g. `--publish 8081:8080`).  
  - `--publish 8443:8443` — publishes the AIO interface with a valid certificate on host port 8443 (requires ports 80 and 8443 to be reachable and a domain pointing to your server). Not required if you run AIO behind a reverse proxy.  
  - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` — stores mastercontainer configuration in the named Docker volume. Do not change this volume name; built-in backups depend on it.  
--- a/scripts/build-containers.sh
+++ b/scripts/build-containers.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+VARIANT="develop"
+CONTAINERS=()
+
+# Parse flags first
+while [[ $# -gt 0 && $1 == --* ]]; do
+  case $1 in
+    --variant)
+      VARIANT="$2"
+      shift 2
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+done
+
+# Remaining arguments are containers
+CONTAINERS=("$@")
+
+if [ ${#CONTAINERS[@]} -eq 0 ]; then
+    echo "Usage: $0 [--variant develop|beta] <container1> [container2] [container3] ..."
+    echo "Example: $0 --variant beta apache mastercontainer"
+    exit 1
+fi
+
+# Change to project root
+cd "$(dirname "$0")/.." || exit 1
+
+for container in "${CONTAINERS[@]}"; do
+  if [[ $container == "mastercontainer" ]]; then
+    TAG="all-in-one"
+  else
+    TAG="aio-$container"
+  fi
+
+  if [[ $container == "mastercontainer" || $container == "nextcloud" ]]; then
+      CONTEXT="."
+  else
+      CONTEXT="Containers/$container"
+  fi
+
+  docker buildx build --file Containers/$container/Dockerfile --tag ghcr.io/nextcloud-releases/"$TAG":"$VARIANT" --load $CONTEXT
+done
+
Author	SHA1	Message	Date
Alan Savage	a34327bd5a	Add dev convenience script for building containers	2026-04-02 10:31:30 -07:00
Simon L.	1a7feba6bd	Merge pull request #7845 from nextcloud/enh/noid/fix-automatic-reloading aio-interface: fix page not automatic reloading after container starting progress spinner	2026-04-02 14:17:06 +02:00
Simon L.	7a9bab5776	aio-interface: fix page not automatic reloading after container starting progress spinner Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-02 14:06:39 +02:00
Simon L.	e45d34ab50	Merge pull request #7844 from nextcloud/enh/noid/disable-redirects internal.Caddyfile: disable auto redirects	2026-04-02 13:52:52 +02:00
Simon L.	41c677abd9	internal.Caddyfile: disable auto redirects Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-02 13:50:47 +02:00
Simon L.	dbf796aba3	Merge pull request #7842 from nextcloud/nextcloud-container-update Nextcloud dependency update	2026-04-02 13:20:30 +02:00
szaimen	a85641ceb9	nextcloud-update automated change Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-02 11:19:39 +00:00
Simon L.	39d3a73088	Merge pull request #7837 from nextcloud/enh/7808/clarify-port-80 readme: clarify for which use case port 80 is used	2026-04-02 12:06:27 +02:00
Simon L.	c7f0aa8a19	Merge pull request #7840 from nextcloud/hash-equal aio-interface: Use timeing-safe password comparison	2026-04-02 10:26:00 +02:00
Simon L.	2eeada43b5	Merge pull request #7839 from nextcloud/regenerate-session-id aio-interface: regenerate session id on login to avoid session fixation attacks	2026-04-02 10:24:40 +02:00
Simon L.	1bbda0a5ce	Merge pull request #7838 from nextcloud/enh/noid/caddy-internal caddy-internal: adjust to different root path to separate from the acme caddy	2026-04-02 10:05:36 +02:00
Simon L.	af9e983b04	caddy-internal: adjust to different root path to separate from the acme caddy Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-02 10:01:03 +02:00
Simon L.	1d2149241d	readme: clarify for which use case port 80 is used Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-04-02 09:45:31 +02:00
Simon L.	b9ec0f2ffe	Merge pull request #7836 from nextcloud/aio-dependency-update PHP dependency updates	2026-04-01 21:38:51 +02:00
szaimen	3586dbedb0	php dependency updates Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2026-04-01 12:14:25 +00:00
Pablo Zmdl	2a7c686247	Use timeing-safe password comparison AI-assistant: Copilot v1.0.7 (Claude Opus 4.6) Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>	2026-03-31 23:56:03 +02:00
Pablo Zmdl	f9e6339044	Regenerate session id on login to avoid session fixation attacks AI-assistant: Copilot v1.0.7 (Claude Opus 4.6) Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>	2026-03-31 23:54:56 +02:00