the dind tag was not found

Signed-off-by: szaimen <szaimen@e.mail.de>
Merge pull request #821 from nextcloud/dependabot/docker/Containers/redis/redis-6.2.7-alpine
2026-05-21 19:00:33 +00:00 · 2022-06-13 12:11:47 +02:00 · 2022-06-13 12:03:06 +02:00 · 2022-06-13 10:02:36 +00:00 · 2022-06-13 12:02:01 +02:00 · 2022-06-13 11:59:30 +02:00
112 changed files with 4148 additions and 599 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -0,0 +1,32 @@
+---
+name: 🐛 Bug report
+about: Help us improving by reporting a bug
+labels: bug, 0. Needs triage
+---
+
+<!--- Please keep this note for other contributors -->
+### How to use GitHub
+
+* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue.
+* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
+* Subscribe to receive notifications on status change and new comments. 
+
+<!--- Please fill out the whole template below -->
+### Steps to reproduce
+1.
+2.
+3.
+
+### Expected behavior <!--- Tell us what should happen -->
+
+### Actual behavior <!--- Tell us what happens instead -->
+
+
+### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
+
+
+#### Nextcloud AIO version <!--- (see Nextcloud AIO interface) -->
+
+#### Current channel <!--- (see the channel name in the AIO interface) -->
+
+#### Other valuable info <!--- (like logs, screenshots & Co.) -->
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -0,0 +1,24 @@
+---
+name: 📖 Existing feature/documentation enhancement
+about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below
+labels: enhancement, 0. Needs triage
+---
+
+<!--- Please keep this note for other contributors -->
+### How to use GitHub
+* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
+* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
+* Subscribe to receive notifications on status change and new comments. 
+
+<!--- Please fill out the whole template below -->
+### Is your feature request related to a problem? Please describe. 
+<!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+
+### Describe the solution you'd like
+<!--- A clear and concise description of what you want to happen. -->
+
+### Describe alternatives you've considered
+<!--- A clear and concise description of any alternative solutions or features you've considered. -->
+
+### Additional context
+<!--- Add any other context or screenshots about the feature request below. -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,14 @@
+blank_issues_enabled: false
+contact_links:
+    - name: 💡 Suggest a new feature or discuss one
+      url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
+      about: For new feature requests and discussion of existing ones
+    - name: ❓ Questions on AIO
+      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
+      about: For questions regarding AIO
+    - name: ⛑️ Community Support and Help
+      url: https://help.nextcloud.com/tag/aio
+      about: For other types of questions
+    - name: 💼 Nextcloud Enterprise
+      url: https://portal.nextcloud.com/
+      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,16 +1,133 @@
 version: 2
 updates:
- package-ecosystem: composer
-  directory: "/php/"
+- package-ecosystem: "github-actions"
+  directory: "/"
  schedule:
-    interval: daily
+    interval: "daily"
    time: "12:00"
  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
- package-ecosystem: "docker"
-  directory: "/Containers/"
+- package-ecosystem: composer
+  directory: "/php/"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/apache"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/borgbackup"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/collabora"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/domaincheck"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/mastercontainer"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "php"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/nextcloud"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "php"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/postgresql"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "postgres"
+      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/redis"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "redis"
+      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/talk"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/watchtower"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/clamav"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/onlyoffice"
  schedule:
    interval: "daily"
    time: "12:00"
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -0,0 +1,54 @@
+name: Create Psalm Container
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+
+jobs:
+  push_to_registry:
+    runs-on: ubuntu-latest
+
+    name: Create Psalm Container
+
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Check out the repo
+        run: |
+          git clone https://github.com/psalm/psalm-github-actions.git
+      
+      - name: Modify the Dockerfile
+        run: |
+          set -x
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          cat << APCU >> "psalm-github-actions/Dockerfile"
+          RUN mkdir -p /usr/src/php/ext/apcu && \
+            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
+            docker-php-ext-install apcu
+          APCU
+
+      - name: Log in to GitHub Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: docker.pkg.github.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build container image
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: 'psalm-github-actions'
+          file: 'psalm-github-actions/Dockerfile'
+          tags: |
+            ghcr.io/nextcloud/all-in-one-psalm:latest
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -9,7 +9,7 @@ jobs:
    name: Run dependency update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - uses: nanasess/setup-php@master
      with:
        php-version: '8.0'
@@ -31,8 +31,20 @@ jobs:
        done
        echo "outdated dependencies:
        $(composer outdated)"
+    - name: Update apcu
+      run: |
+        # APCU
+        apcu_version="$(
+          git ls-remote --tags https://github.com/krakjoe/apcu.git \
+            | cut -d/ -f3 \
+            | grep -viE -- 'rc|b' \
+            | sed -E 's/^v//' \
+            | sort -V \
+            | tail -1
+        )"
+        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v4
      with:
        commit-message: dependency updates
        signoff: true
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -0,0 +1,20 @@
+name: Json Validator
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Json Validator
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Validate Json
+        run: |
+          sudo apt install python3-pip --no-install-recommends
+          sudo pip3 install json-spec
+          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -0,0 +1,48 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+      - stable*
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.0"]
+
+    name: php-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: Lint
+        run: cd php && composer run lint
+
+  summary:
+    runs-on: ubuntu-latest
+    needs: php-lint
+
+    if: always()
+
+    name: php-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -0,0 +1,20 @@
+name: 'Lock Threads'
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  issues: write
+
+concurrency:
+  group: lock
+
+jobs:
+  action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: dessant/lock-threads@v3
+        with: 
+          issue-inactive-days: '14'
+          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -10,7 +10,7 @@ jobs:
    name: Run nextcloud-update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Run nextcloud-update script
      run: |
        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
@@ -19,7 +19,7 @@ jobs:
        apcu_version="$(
          git ls-remote --tags https://github.com/krakjoe/apcu.git \
            | cut -d/ -f3 \
-            | grep -vE -- '-rc|-b' \
+            | grep -viE -- 'rc|b' \
            | sed -E 's/^v//' \
            | sort -V \
            | tail -1
@@ -30,7 +30,7 @@ jobs:
        memcached_version="$(
          git ls-remote --tags https://github.com/php-memcached-dev/php-memcached.git \
            | cut -d/ -f3 \
-            | grep -vE -- '-rc|-b' \
+            | grep -viE -- 'rc|b' \
            | sed -E 's/^[rv]//' \
            | sort -V \
            | tail -1
@@ -60,11 +60,12 @@ jobs:
        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
        
        # Nextcloud
-        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
+        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
+        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
        sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v4
      with:
        commit-message: nextcloud-update automated change
        signoff: true
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -0,0 +1,28 @@
+name: Psalm Analysis
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm
--- a/.github/workflows/psalm-security.yml
+++ b/.github/workflows/psalm-security.yml
@@ -0,0 +1,25 @@
+name: Psalm Security Analysis
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Psalm
+        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+        with:
+          relative_dir: php
+          security_analysis: true
+          composer_ignore_platform_reqs: false
+          report_file: results.sarif
+      - name: Upload Security Analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: php/results.sarif
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -0,0 +1,48 @@
+name: Update Psalm baseline
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+
+jobs:
+  update-psalm-baseline:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline
+          git clean -f lib/composer
+          git checkout composer.json composer.lock lib/composer
+        continue-on-error: true
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: Update psalm baseline
+          committer: GitHub <noreply@github.com>
+          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
+          signoff: true
+          branch: automated/noid/psalm-baseline-update
+          # Make sure we can open multiple PRs
+          branch-suffix: timestamp
+          title: '[Automated] Update psalm-baseline.xml'
+          body: |
+            Auto-generated update psalm-baseline.xml with fixed psalm warnings
+          labels: |
+            3. to review
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -3,13 +3,15 @@ name: Shellcheck
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  shellcheck:
    name: Github Actions
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Run Shellcheck
      uses: ludeeus/action-shellcheck@master
      with:
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -3,6 +3,8 @@ name: 'Spellcheck'
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  spellcheck:
@@ -10,7 +12,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: spelling or typos
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+      - name: fix permission for reviewdog
+        run: sudo chown -R root:root $GITHUB_WORKSPACE
      - name: misspell
        uses: reviewdog/action-misspell@v1
        with:
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -0,0 +1,27 @@
+name: Update Yaml files
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  psalm:
+    name: update yaml files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: update yaml files
+        run: |
+          sudo bash manual-install/update-yaml.sh
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: Yaml updates
+          signoff: true
+          title: Yaml updates
+          body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
+          labels: dependencies
+          milestone: next
+          branch: aio-yaml-update
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,6 @@
 /php/data/configuration.json
 /php/data/backupsecret.json
 /php/vendor
+/manual-install/*.conf
+!/manual-install/sample.conf
+/manual-install/docker-compose.yml
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -6,7 +6,7 @@
    }
 }

-https://{$NC_DOMAIN}:443 {
+{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {

    # Notify Push
    route /push/* {
@@ -22,24 +22,21 @@ https://{$NC_DOMAIN}:443 {

    # Collabora
    route /browser/* {
-        reverse_proxy https://{$COLLABORA_HOST}:9980 {
-            transport http {
-                tls_insecure_skip_verify
-            }
-        }
+        reverse_proxy {$COLLABORA_HOST}:9980
    }
    route /hosting/* {
-        reverse_proxy https://{$COLLABORA_HOST}:9980 {
-            transport http {
-                tls_insecure_skip_verify
-            }
-        }
+        reverse_proxy {$COLLABORA_HOST}:9980
    }
    route /cool/* {
-        reverse_proxy https://{$COLLABORA_HOST}:9980 {
-            transport http {
-                tls_insecure_skip_verify
-            }
+        reverse_proxy {$COLLABORA_HOST}:9980
+    }
+
+    # Onlyoffice
+    route /onlyoffice/* {
+        uri strip_prefix /onlyoffice
+        reverse_proxy {$ONLYOFFICE_HOST}:80 {
+            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Proto https
        }
    }

@@ -48,7 +45,7 @@ https://{$NC_DOMAIN}:443 {
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:80
+        reverse_proxy localhost:8000
    }

    # TLS options
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,4 +1,7 @@
-FROM debian:bullseye-20220125-slim
+# Caddy is a requirement
+FROM caddy:2.5.1-alpine as caddy
+
+FROM debian:bullseye-20220527-slim

 EXPOSE 80

@@ -21,10 +24,8 @@ RUN set -ex; \
    ; \
    rm -rf /var/lib/apt/lists/*

-RUN set -ex; \
-    wget "https://caddyserver.com/api/download?os=linux&arch=$(dpkg-architecture --query DEB_BUILD_ARCH)" -O "/usr/bin/caddy" \
-    && chmod +x /usr/bin/caddy \
-    && /usr/bin/caddy version
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy

 RUN a2enmod rewrite \
    headers \
@@ -39,12 +40,17 @@ RUN a2enmod rewrite \

 COPY nextcloud.conf /etc/apache2/sites-available/

-RUN a2dissite 000-default && \
+RUN rm /etc/apache2/ports.conf; \
+    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
+    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+
+RUN set -ex; \
+    a2dissite 000-default && \
    a2dissite default-ssl && \
    a2ensite nextcloud.conf && \
    rm -rf /var/www/html/* && \
-    service apache2 restart; \
    chown www-data:www-data -R /var/log/apache2; \
+    mkdir -p /var/run/apache2; \
    chown -R www-data:www-data /var/run/apache2; \
    chown -R www-data:www-data /var/www;

@@ -59,7 +65,8 @@ COPY start.sh /usr/bin/
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
    chmod +r /supervisord.conf; \
-    chmod +r /Caddyfile;
+    chown www-data:www-data /Caddyfile; \
+    chmod +r -R /etc/apache2

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,4 +1,5 @@
-<VirtualHost *:80>
+Listen 8000
+<VirtualHost *:8000>
    # PHP match
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -17,11 +17,20 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
    sleep 5
 done

-# Only start container if collabora is started
-while ! nc -z "$COLLABORA_HOST" 9980; do
-    echo "Waiting for Collabora to start..."
-    sleep 5
-done
+if [ -z "$APACHE_PORT" ]; then
+    export APACHE_PORT="443"
+fi
+
+# Change the Caddyfile
+if [ "$APACHE_PORT" != '443' ]; then
+    export PROTOCOL="http"
+    export NC_DOMAIN=""
+    CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
+else
+    export PROTOCOL="https"
+    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
+fi
+echo "$CADDYFILE" > /Caddyfile

 # Add caddy path
 mkdir -p /mnt/data/caddy/
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20220125-slim
+FROM debian:bullseye-20220527-slim

 RUN set -ex; \
    \
@@ -8,6 +8,7 @@ RUN set -ex; \
        rsync \
        fuse \
        python3-llfuse \
+        jq \
    ; \
    rm -rf /var/lib/apt/lists/*

--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -32,20 +32,11 @@ if ! mountpoint -q /mnt/borgbackup; then
 fi

 # Check if target is empty
-if [ "$BORG_MODE" != backup ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
    echo "The repository is empty. cannot perform check or restore."
    exit 1
 fi

-# Break the borg lock if it exists
-if [ -f "$BORG_BACKUP_DIRECTORY/lock.roster" ]; then
-    echo "Breaking the borg lock..."
-    if ! borg break-lock "$BORG_BACKUP_DIRECTORY"; then
-        echo "Could not break the borg lock!"
-        exit 1
-    fi
-fi
-
 # Create lockfile
 if [ "$BORG_MODE" = backup ] || [ "$BORG_MODE" = restore ]; then
    touch "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
@@ -173,17 +164,58 @@ if [ "$BORG_MODE" = restore ]; then
        echo "Could not mount the backup!"
        exit 1
    fi
+
+    # Restore everything except the configuration file
    if ! rsync --stats --archive --human-readable -vv --delete \
    --exclude "nextcloud_aio_mastercontainer/session/"** \
    --exclude "nextcloud_aio_mastercontainer/certs/"** \
+    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
-        echo "Something failed while restoring the boot partition."
+        echo "Something failed while restoring from backup."
        umount /tmp/borg
        exit 1
    fi
-    umount /tmp/borg

-    # TODO: reset fetchtimes in configuration.json so that it doesn't get the latest directly...
+    # Save current aio password
+    AIO_PASSWORD="$(jq '.password' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+
+    # Save current path
+    BORG_LOCATION="$(jq '.borg_backup_host_location' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+
+    # Save current nextcloud datadir
+    if grep -q '"nextcloud_datadir":' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+        NEXTCLOUD_DATADIR="$(jq '.nextcloud_datadir' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    else
+        NEXTCLOUD_DATADIR='""'
+    fi
+
+    # Restore the configuration file
+    if ! rsync --archive --human-readable -vv \
+    /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
+    /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+        echo "Something failed while restoring the configuration.json."
+        umount /tmp/borg
+        exit 1
+    fi
+
+    # Set backup-mode to restore since it was a restore
+    CONTENTS="$(jq '."backup-mode" = "restore"' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
+
+    # Reset the backup path to the currently used one
+    CONTENTS="$(jq ".borg_backup_host_location = $BORG_LOCATION" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
+
+    # Reset the AIO password to the currently used one
+    CONTENTS="$(jq ".password = $AIO_PASSWORD" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
+
+    # Reset the datadir to the one that was used for the restore
+    CONTENTS="$(jq ".nextcloud_datadir = $NEXTCLOUD_DATADIR" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
+    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
+
+    umount /tmp/borg

    # Inform user
    get_expiration_time
@@ -193,16 +225,15 @@ if [ "$BORG_MODE" = restore ]; then
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"

-    # Set backup-mode to restore since it was a restore
-    sed -i 's/"backup-mode":"[a-z]\+"/"backup-mode":"restore"/g' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
-
-    exit 0
+    # Add file to Nextcloud container so that it performs a fingerprint update the next time
+    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
 fi

 # Do the Backup check
 if [ "$BORG_MODE" = check ]; then
    get_start_time
-    echo "Checking the backup integity..."
+    echo "Checking the backup integrity..."

    # Perform the check
    if ! borg check --verify-data --progress "$BORG_BACKUP_DIRECTORY"; then
@@ -215,3 +246,27 @@ if [ "$BORG_MODE" = check ]; then
    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    exit 0
 fi
+
+# Do the backup test
+if [ "$BORG_MODE" = test ]; then
+    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
+        echo "No 'borg' directory in the given backup directory found!"
+        echo "Only the files/folders below have been found in the given directory."
+        ls -a "$MOUNT_DIR"
+        echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
+        exit 1
+    elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+        echo "A 'borg' directory was found but could not find the borg archive."
+        echo "Only the files/folders below have been found in the borg directory."
+        ls -a "$BORG_BACKUP_DIRECTORY"
+        echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
+        exit 1
+    elif ! borg list "$BORG_BACKUP_DIRECTORY"; then
+        echo "The entered path seems to be valid but could not open the backup archive."
+        echo "Most likely the entered password was wrong so please adjust it accordingly!"
+        exit 1
+    else
+        echo "Everything looks fine so feel free to continue!"
+        exit 0
+    fi
+fi
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -1,22 +1,27 @@
 #!/bin/bash

 # Variables
-export BORG_BACKUP_DIRECTORY="/mnt/borgbackup/borg"
+export MOUNT_DIR="/mnt/borgbackup"
+export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"

 # Validate BORG_PASSWORD
-if [ -z "$BORG_PASSWORD" ]; then
-    echo "BORG_PASSWORD is not allowed to be empty."
+if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
+    echo "Neither BORG_PASSWORD nor BACKUP_RESTORE_PASSWORD are set."
    exit 1
 fi

-# Export defaults 
-export BORG_PASSPHRASE="$BORG_PASSWORD"
+# Export defaults
+if [ -n "$BACKUP_RESTORE_PASSWORD" ]; then
+    export BORG_PASSPHRASE="$BACKUP_RESTORE_PASSWORD"
+else
+    export BORG_PASSPHRASE="$BORG_PASSWORD"
+fi
 export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes

 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ]; then
-    echo "No correct BORG_MODE mode applied. Valid are 'backup' and 'restore'."
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
    exit 1
 fi

@@ -31,10 +36,12 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"

 # Get a list of all available borg archives
-set -x
-borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+if borg list "$BORG_BACKUP_DIRECTORY" &>/dev/null; then
+    borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+else
+    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+fi
 chmod +r "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
-set +x

 if [ -n "$FAILED" ]; then
    if [ "$BORG_MODE" = backup ]; then
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -0,0 +1,6 @@
+# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
+FROM clamav/clamav:0.104.2-3
+
+RUN apk add --update --no-cache tzdata
+COPY clamav.conf /tmp/
+RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
--- a/Containers/clamav/clamav.conf
+++ b/Containers/clamav/clamav.conf
@@ -0,0 +1,4 @@
+MaxDirectoryRecursion 30
+MaxFileSize 100M
+PCREMaxFileSize 100M
+StreamMaxLength 100M
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,2 +1,15 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:21.11.1.4.1
+FROM collabora/code:21.11.5.1.1
+
+USER root
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+USER 104
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.15.0
+FROM alpine:3.15.4
 RUN apk add --update --no-cache lighttpd bash

 RUN adduser -S www-data -G www-data
--- a/Containers/domaincheck/lighttpd.conf
+++ b/Containers/domaincheck/lighttpd.conf
@@ -1,6 +1,6 @@
 server.document-root = "/var/www/domaincheck/" 

-server.port = 443
+server.port = env.APACHE_PORT

 server.username = "www-data" 
 server.groupname = "www-data" 
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -7,6 +7,10 @@ fi

 echo "$INSTANCE_ID" > /var/www/domaincheck/index.html

+if [ -z "$APACHE_PORT" ]; then
+    export APACHE_PORT="443"
+fi
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf

--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -1,4 +1,6 @@
 {
+    # auto_https will create redirects for https://{host}:8443 instead of https://{host}
+    # https redirects are added manually in the http://:80 block
    auto_https disable_redirects

    storage file_system {
@@ -6,6 +8,10 @@
    }
 }

+http://:80 {
+  redir https://{host}{uri}
+}
+
 https://:8443 {

    reverse_proxy localhost:8000
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,8 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:20.10.12-dind-alpine3.15 as dind
+FROM docker:20.10.16-dind-alpine3.16 as dind
+
+# Caddy is a requirement
+FROM caddy:2.5.1-alpine as caddy

 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.15-apache-bullseye
+FROM php:8.0.20-apache-bullseye

 EXPOSE 80
 EXPOSE 8080
@@ -23,20 +26,19 @@ RUN apt-get update; \
        openssl \
        sudo \
        dpkg-dev \
+        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*

-RUN set -ex; \
-    curl "https://caddyserver.com/api/download?os=linux&arch=$(dpkg-architecture --query DEB_BUILD_ARCH)" -o "/usr/bin/caddy" \
-    && chmod +x /usr/bin/caddy \
-    && /usr/bin/caddy version
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy

 COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker

-RUN mkdir -p /usr/src/php/ext/apcu && \
-    curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
-    docker-php-ext-install apcu
+RUN set -ex; \
+    pecl install APCu-5.1.21; \
+    docker-php-ext-enable apcu

 RUN set -e && \
    curl -sS https://getcomposer.org/installer | php && \
@@ -83,10 +85,15 @@ RUN mkdir /var/log/supervisord; \

 COPY Caddyfile /
 COPY start.sh /usr/bin/
+COPY backup-time-file-watcher.sh /
+COPY session-deduplicator.sh /
 COPY cron.sh /
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /cron.sh
+    chmod +x /cron.sh; \
+    chmod +x /session-deduplicator.sh; \
+    chmod +x /backup-time-file-watcher.sh; \
+    chmod a+r /Caddyfile

 USER root

--- a/Containers/mastercontainer/backup-time-file-watcher.sh
+++ b/Containers/mastercontainer/backup-time-file-watcher.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+restart_process() {
+    echo "Restarting cron.sh because daily backup time was set, changed or unset."
+    pkill cron.sh
+}
+
+file_present() {
+    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
+        if [ "$FILE_PRESENT" = 0 ]; then
+            restart_process
+        else
+            if [ -n "$BACKUP_TIME" ] && [ "$(cat "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
+                restart_process
+            fi
+        fi
+        FILE_PRESENT=1
+        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
+    else
+        if [ "$FILE_PRESENT" = 1 ]; then
+            restart_process
+        fi
+        FILE_PRESENT=0
+    fi
+}
+
+while true; do
+    file_present
+    sleep 2
+done
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -1,10 +1,99 @@
-#!/bin/sh
-set -eux
+#!/bin/bash

 while true; do
+    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
+        set -x
+        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
+        DAILY_BACKUP=1
+        set +x
+    else
+        BACKUP_TIME="04:00"
+        DAILY_BACKUP=0
+    fi
+
+    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+        LOCK_FILE_PRESENT=1
+    else
+        LOCK_FILE_PRESENT=0
+    fi
+
+    # Allow to continue directly if e.g. the mastercontainer was updated. Otherwise wait for the next execution
+    if [ "$LOCK_FILE_PRESENT" = 0 ]; then
+        while [ "$(date +%H:%M)" != "$BACKUP_TIME" ]; do 
+            sleep 30
+        done
+    fi
+
+    if [ "$DAILY_BACKUP" = 1 ]; then
+        echo "Daily backup has started"
+
+        # Delete all active sessions and create a lock file
+        # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
+        if [ "$LOCK_FILE_PRESENT" = 0 ]; then
+            rm -f "/mnt/docker-aio-config/session/"*
+        fi
+        sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+
+        # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
+        APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+            echo "Waiting for apache to become available"
+            sleep 30
+        done
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+            echo "Waiting for watchtower to stop"
+            sleep 30
+        done
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
+            echo "Waiting for borgbackup to stop"
+            sleep 30
+        done
+
+        # Update the mastercontainer
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+
+        # Wait for watchtower to stop
+        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
+            echo "Something seems to be wrong: Watchtower should be started at this step."
+        else
+            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+                echo "Waiting for watchtower to stop"
+                sleep 30
+            done
+        fi
+
+        # Execute the backup itself and some related tasks
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/DailyBackup.php
+
+        # Delete the lock file
+        rm -f "/mnt/docker-aio-config/data/daily_backup_running"
+
+        # Wait for the nextcloud container to start and send if the backup was successful
+        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
+            echo "Something seems to be wrong: Nextcloud should be started at this step."
+        else
+            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
+                echo "Waiting for the Nextcloud container to start"
+                sleep 30
+            done
+        fi
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+
+        echo "Daily backup has finished"
+    fi
+
+    # Make sure to delete the lock file always
+    rm -f "/mnt/docker-aio-config/data/daily_backup_running"
+
    # Check for updates and send notification if yes
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/cron.php
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
+
+    # Remove sessions older than 24h
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
+
    # Remove dangling images
    sudo -u www-data docker image prune -f
-    sleep 1d
+
+    # Wait 60s so that the whole loop will not be executed again
+    sleep 60
 done
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+while true; do
+    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
+        unset SESSION_FILES
+        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
+        unset SESSION_FILES_ARRAY
+        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
+        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
+            if ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
+                rm "$SESSION_FILE"
+            fi
+        done
+        echo "Deleting duplicate sessions"
+        unset OLDEST_FILE
+        set -x
+        # shellcheck disable=SC2012
+        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
+        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
+        set +x
+    done
+    sleep 5
+done
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -6,6 +6,14 @@ print_green() {
    printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
 }

+# Function to check if number was provided
+check_if_number() {
+case "${1}" in
+    ''|*[!0-9]*) return 1 ;;
+    *) return 0 ;;
+esac
+}
+
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
    echo "Docker socket is not available. Cannot continue."
@@ -23,6 +31,9 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
        echo "Adding internal www-data to group $DOCKER_GROUP"
        usermod -aG "$DOCKER_GROUP" www-data
    else
+        # Delete the docker group for cases when the docker socket permissions changed between restarts
+        groupdel docker &>/dev/null
+
        # If the group doesn't exist, create it
        echo "Creating docker group internally with id $DOCKER_GROUP_ID"
        groupadd -g "$DOCKER_GROUP_ID" docker
@@ -35,7 +46,7 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
 fi

 # Check if api version is supported
-if ! docker info &>/dev/null; then
+if ! sudo -u www-data docker info &>/dev/null; then
    echo "Cannot connect to the docker socket. Cannot proceed."
    exit 1
 fi
@@ -43,10 +54,10 @@ API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
 API_VERSION="$(grep -oP 'const API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
 # shellcheck disable=SC2001
 API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
-LOCAL_API_VERSION_NUMB="$(docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
+LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        echo "Docker v$API_VERSION is not supported by your docker engine. Cannot proceed."
+        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
        exit 1
    fi
 else
@@ -54,6 +65,74 @@ else
    sleep 10
 fi

+# Check if startup command was executed correctly
+if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
+    echo "It seems like you did not give the mastercontainer the correct name?
+Using a different name is not supported!"
+    exit 1
+elif ! sudo -u www-data docker volume ls | grep -q "nextcloud_aio_mastercontainer"; then
+    echo "It seems like you did not give the mastercontainer volume the correct name?
+Using a different name is not supported!"
+    exit 1
+fi
+
+# Check for other options
+if [ -n "$NEXTCLOUD_DATADIR" ]; then
+    if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
+        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+    elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
+        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
+The string must start with '/' and must not be equal to '/'.
+It is set to '$NEXTCLOUD_DATADIR'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_MOUNT" ]; then
+    if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
+        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
+The string must start with '/' and must not be equal to '/'.
+It is set to '$NEXTCLOUD_MOUNT'."
+        exit 1
+    elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
+        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
+    if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
+        echo "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
+        exit 1
+    fi
+fi
+if [ -n "$APACHE_PORT" ]; then
+    if ! check_if_number "$APACHE_PORT"; then
+        echo "You provided an Apache port but did not only use numbers.
+It is set to '$APACHE_PORT'."
+        exit 1
+    elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
+        echo "The provided Apache port is invalid. It must be between 1 and 65535"
+        exit 1
+    fi
+fi
+if [ -n "$DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
+The string must start with '/' and must not end with '/'.
+It is set to '$DOCKER_SOCKET_PATH'."
+        exit 1
+    fi
+fi
+
+# Check DNS resolution
+# Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
+curl https://nextcloud.com &>/dev/null
+if [ "$?" = 6 ]; then
+    echo "Could not resolve the host nextcloud.com."
+    echo "Most likely the DNS resolving does not work."
+    echo "You should be able to fix this by adding the '--dns=\"ip.address.of.dns.server\"' option to the docker run command."
+    exit 1
+fi
+
 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
@@ -65,9 +144,23 @@ chmod 770 -R /mnt/docker-aio-config
 chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
-chown root:root -R /mnt/docker-aio-config/caddy/
+chown www-data:www-data -R /mnt/docker-aio-config/caddy/
 chown root:root -R /mnt/docker-aio-config/certs/

+# Don't allow access to the AIO interface from the Nextcloud container
+# Probably more cosmetic than anything but at least an attempt
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
+    cat << APACHE_CONF >> /etc/apache2/apache2.conf
+# nextcloud-aio-block-start
+<Location />
+order allow,deny
+deny from nextcloud-aio-nextcloud.nextcloud-aio
+allow from all
+</Location>
+# nextcloud-aio-block-end
+APACHE_CONF
+fi
+
 # Adjust certs
 GENERATED_CERTS="/mnt/docker-aio-config/certs"
 TMP_CERTS="/etc/apache2/certs"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -20,7 +20,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run -config /Caddyfile
+command=sudo -u www-data /usr/bin/caddy run -config /Caddyfile

 [program:cron]
 stdout_logfile=/dev/stdout
@@ -28,3 +28,17 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
+
+[program:backup-time-file-watcher]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/backup-time-file-watcher.sh
+
+[program:session-deduplicator]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/session-deduplicator.sh
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.15-fpm-alpine3.15
+FROM php:8.0.20-fpm-alpine3.15

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -61,7 +61,7 @@ RUN set -ex; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
    pecl install APCu-5.1.21; \
-    pecl install memcached-3.1.5; \
+    pecl install memcached-3.2.0; \
    pecl install redis-5.3.7; \
    pecl install imagick-3.7.0; \
    \
@@ -85,7 +85,7 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
-        echo 'opcache.interned_strings_buffer=16'; \
+        echo 'opcache.interned_strings_buffer=64'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
@@ -105,7 +105,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 23.0.2
+ENV NEXTCLOUD_VERSION 23.0.5

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -198,6 +198,7 @@ RUN set -ex; \
        gnupg \
        git \
        postgresql-client \
+        tzdata \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -221,8 +222,6 @@ RUN set -ex; \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
    chown www-data:root -R /var/log/supervisord/ && \
    chown www-data:root -R /var/run/supervisord/ && \
-    mkdir -p /var/log/nextcloud/ && \
-    chown -R www-data:root /var/log/nextcloud/ && \
    rm -r /usr/src/nextcloud/apps/updatenotification

 COPY start.sh /
@@ -233,7 +232,8 @@ RUN set -ex; \
    chmod +x /entrypoint.sh && \
    chmod +r /upgrade.exclude && \
    chmod +x /cron.sh && \
-    chmod +x /notify.sh
+    chmod +x /notify.sh && \
+    chmod +x /activate-collabora.sh

 RUN set -ex; \
    mkdir /mnt/ncdata; \
--- a/Containers/nextcloud/activate-collabora.sh
+++ b/Containers/nextcloud/activate-collabora.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+COLLABORA_ACTIVATED=0
+
+while true; do
+    if [ "$COLLABORA_ENABLED" != yes ]; then
+        # Basically sleep for forever if collabora is not enabled
+        sleep 365d
+    fi
+    if [ "$COLLABORA_ACTIVATED" != 0 ]; then
+        # Basically sleep for forever if collabora was activated
+        sleep 365d
+    fi
+    while ! nc -z "$NC_DOMAIN" 443; do
+        sleep 5
+    done
+    echo "Activating collabora config"
+    php /var/www/html/occ richdocuments:activate-config
+    COLLABORA_ACTIVATED=1
+done
--- a/Containers/nextcloud/config/reverse-proxy.config.php
+++ b/Containers/nextcloud/config/reverse-proxy.config.php
@@ -18,8 +18,3 @@ $overwriteCondAddr = getenv('OVERWRITECONDADDR');
 if ($overwriteCondAddr) {
  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
 }
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 set -eu

 while true; do
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 # version_greater A B returns whether A > B
 version_greater() {
@@ -21,6 +21,15 @@ redis.session.lock_retries = -1
 redis.session.lock_wait_time = 10000
 REDIS_CONF

+# Check permissions in ncdata
+touch "/mnt/ncdata/this-is-a-test-file"
+if ! [ -f "/mnt/ncdata/this-is-a-test-file" ]; then
+    echo "The www-data user doesn't seem to have access rights in /mnt/ncdata.
+Did you maybe change the datadir and did forget to apply the correct permissions?"
+    exit 1
+fi
+rm "/mnt/ncdata/this-is-a-test-file"
+
 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
@@ -39,6 +48,15 @@ if [ "$installed_version" != "0.0.0.0" ]; then
    unset ADMIN_PASSWORD
 fi

+# Don't start the container if Nextcloud is not compatible with the PHP version
+if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
+    echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version."
+    echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container."
+    echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container."
+    echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
 if ! [ -f "/mnt/ncdata/skip.update" ]; then
    if version_greater "$image_version" "$installed_version"; then
@@ -64,6 +82,8 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
            cp /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
+            mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
+            cp /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
            mv /usr/src/nextcloud /usr/src/temp-nextcloud
            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
            rm -r /usr/src/tmp
@@ -150,10 +170,10 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            mkdir -p /var/www/html/data
            php /var/www/html/occ config:system:set loglevel --value=2
            php /var/www/html/occ config:system:set log_type --value=file
-            php /var/www/html/occ config:system:set logfile --value="/var/log/nextcloud/nextcloud.log"
+            php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
            php /var/www/html/occ config:system:set log_rotate_size --value="10485760"
            php /var/www/html/occ app:enable admin_audit
-            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/log/nextcloud/audit.log"
+            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
            php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"

            # Apply preview settings
@@ -202,9 +222,12 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            echo "Upgrading nextcloud from $installed_version to $image_version..."
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
+                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
                exit 1
            fi

+            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
+
            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
            echo "The following apps have been disabled:"
            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
@@ -221,6 +244,27 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            php /var/www/html/occ maintenance:mimetype:update-db
        fi
    fi
+
+    # Performing update of all apps if daily backups are enabled, running and successful
+    if [ "$DAILY_BACKUP_RUNNING" = 'yes' ]; then
+        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
+        if [ -n "$UPDATED_APPS" ]; then
+             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
+        fi
+    fi
+fi
+
+# Check if appdata is present
+# If not, something broke (e.g. changing ncdatadir after aio was first started)
+if [ -z "$(find "/mnt/ncdata/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+    exit 1
+fi
+
+# Perform fingerprint update if instance was restored
+if [ -f "/mnt/ncdata/fingerprint.update" ]; then
+    php /var/www/html/occ maintenance:data-fingerprint
+    rm "/mnt/ncdata/fingerprint.update"
 fi

 # Apply one-click-instance settings
@@ -228,6 +272,11 @@ echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int

+# Adjusting log files to be stored on a volume
+echo "Adjusting log files..."
+php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
+php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
+
 # Apply network settings
 echo "Applying network settings..."
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
@@ -235,6 +284,13 @@ php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_D
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess

+# Disallow creating local external storages when nothing was mounted
+if [ -z "$NEXTCLOUD_MOUNT" ]; then
+    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false
+else
+    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=true
+fi
+
 # AIO app
 if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" = "" ]; then
    php /var/www/html/occ app:enable nextcloud-aio
@@ -250,35 +306,93 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; t
 else
    php /var/www/html/occ app:update notify_push
 fi
+php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
-if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
-    php /var/www/html/occ app:install richdocuments
-elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
-    php /var/www/html/occ app:enable richdocuments
+if [ "$COLLABORA_ENABLED" = 'yes' ]; then
+    if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
+        php /var/www/html/occ app:install richdocuments
+    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable richdocuments
+    else
+        php /var/www/html/occ app:update richdocuments
+    fi
+    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
+    # Fix https://github.com/nextcloud/all-in-one/issues/188:
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    php /var/www/html/occ app:update richdocuments
+    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
+        php /var/www/html/occ config:system:delete allow_local_remote_servers
+        php /var/www/html/occ app:remove richdocuments
+    fi
+fi
+
+# OnlyOffice
+if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
+    while ! nc -z "$ONLYOFFICE_HOST" 80; do
+        echo "waiting for OnlyOffice to become available..."
+        sleep 5
+    done
+    if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+        php /var/www/html/occ app:install onlyoffice
+    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable onlyoffice
+    else
+        php /var/www/html/occ app:update onlyoffice
+    fi
+    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+else
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+        php /var/www/html/occ app:remove onlyoffice
+    fi
 fi
-php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
-# php /var/www/html/occ richdocuments:activate-config
-# Fix https://github.com/nextcloud/all-in-one/issues/188:
-php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true

 # Talk
-if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
-    php /var/www/html/occ app:install spreed
-elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
-    php /var/www/html/occ app:enable spreed
+if [ "$TALK_ENABLED" = 'yes' ]; then
+    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
+        php /var/www/html/occ app:install spreed
+    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable spreed
+    else
+        php /var/www/html/occ app:update spreed
+    fi
+    STUN_SERVERS="[\"$NC_DOMAIN:3478\"]"
+    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:3478\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
+    SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
+    php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
+    php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
+    php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
 else
-    php /var/www/html/occ app:update spreed
+    if [ -d "/var/www/html/custom_apps/spreed" ]; then
+        php /var/www/html/occ app:remove spreed
+    fi
+fi
+
+# Clamav
+if [ "$CLAMAV_ENABLED" = 'yes' ]; then
+    while ! nc -z "$CLAMAV_HOST" 3310; do
+        echo "waiting for clamav to become available..."
+        sleep 5
+    done
+    if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+        php /var/www/html/occ app:install files_antivirus
+    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable files_antivirus
+    else
+        php /var/www/html/occ app:update files_antivirus
+    fi
+    php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
+    php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
+    php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
+    php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
+    php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
+    php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
+else
+    if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+        php /var/www/html/occ app:remove files_antivirus
+    fi
 fi
-STUN_SERVERS="[\"$NC_DOMAIN:3478\"]"
-TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:3478\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
-SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
-php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
-php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
-php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json

 # Remove the update skip file always
 rm -f /mnt/ncdata/skip.update
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -28,3 +28,10 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
+
+[program:activate-collabora]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/activate-collabora.sh
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -0,0 +1,2 @@
+# From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
+FROM onlyoffice/documentserver:7.1.1.23
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:13.5-alpine3.15
+FROM postgres:14.3-alpine3.15

-RUN apk add --update --no-cache bash openssl shadow
+RUN apk add --update --no-cache bash openssl shadow netcat-openbsd

 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -58,8 +58,11 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
    # Create new database
    exec docker-entrypoint.sh postgres &

-    # Wait 10s for creation
-    sleep 10s
+    # Wait for creation
+    while ! nc -z localhost 11000; do
+        echo "Waiting for the database to start."
+        sleep 5
+    done

    # Set correct permissions
    if grep -q "Owner: oc_admin" "$DUMP_FILE" && ! grep -q "Owner: oc_$POSTGRES_USER" "$DUMP_FILE"; then
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.6-alpine3.15
+FROM redis:6.2.7-alpine

 RUN apk add --update --no-cache openssl bash

--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20220113
+FROM ubuntu:focal-20220531

 EXPOSE 3478

@@ -49,12 +49,16 @@ RUN chmod +x /usr/bin/start.sh; \
    sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn; \
    mkdir -p /var/tmp;

+RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.com/rxi/json.lua/master/json.lua"; \
+    curl -sL -o "/usr/share/janus/lua/ansicolors.lua" "https://raw.githubusercontent.com/kikito/ansicolors.lua/master/ansicolors.lua"
+
 RUN mkdir -p /etc/nats; \
    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    chown talk:talk /etc; \
    chown talk:talk -R /etc/nats; \
    chown talk:talk -R /etc/janus; \
    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr/share/janus
+    chown talk:talk -R /usr

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -19,6 +19,7 @@ fi
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=3478
 fingerprint
+lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN
@@ -31,33 +32,51 @@ pidfile=/var/tmp/turnserver.pid
 TURN_CONF

 # Janus
-sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = $JANUS_API_KEY|" /etc/janus/janus.jcfg
-sed -i "s|#full_trickle|full_trickle|g" /etc/janus/janus.jcfg
+set -x
+sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
+sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
+sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
+sed -i "s|#stun_port.*|stun_port = 3478|g" /etc/janus/janus.jcfg
+sed -i "s|#turn_port.*|turn_port = 3478|g" /etc/janus/janus.jcfg
+sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g'/etc/janus/janus.jcfg
+sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
+sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
+set +x

 # Signling
 cat << SIGNALING_CONF > "/etc/signaling/server.conf"
 [http]
 listen = 0.0.0.0:8081
+
 [app]
 debug = false
+
 [sessions]
 hashkey = $(openssl rand -hex 16)
 blockkey = $(openssl rand -hex 16)
+
 [clients]
 internalsecret = $(openssl rand -hex 16)
+
 [backend]
-allowed = ${NC_DOMAIN}
+backends = backend-1
 allowall = false
-secret = ${SIGNALING_SECRET}
 timeout = 10
 connectionsperhost = 8
+
+[backend-1]
+url = https://${NC_DOMAIN}
+secret = ${SIGNALING_SECRET}
+
 [nats]
 url = nats://127.0.0.1:4222
+
 [mcu]
 type = janus
 url = ws://127.0.0.1:8188
+
 [turn]
 apikey = ${JANUS_API_KEY}
 secret = ${TURN_SECRET}
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,7 +27,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=janus
+command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --daemon --log-stdout

 [program:signaling]
 stdout_logfile=/dev/stdout
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.4.0 as watchtower

-FROM alpine:3.15.0
+FROM alpine:3.15.4

 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /
--- a/develop.md
+++ b/develop.md
@@ -14,11 +14,22 @@ nextcloud/all-in-one:develop
 And you are done :)
 It will now also select the developer channel for all other containers automatically.

+## How to publish new releases?
+Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.
+
 ## How to build new containers

 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.

-## How to promote builds from develop to latest
+## How to promote builds from develop to beta

 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
-2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow` and enter your desired container image name that you want to publish from develop to latest. Available image names are listed here: https://github.com/nextcloud-releases/all-in-one/blob/main/.github/workflows/build_images.yml#L21-L30 
+2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.
+
+## How to promote builds from beta to latest
+
+1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
+2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## Where to find the VPS and other builds?
+This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/main/.build
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,17 +2,36 @@ version: "3.8"

 volumes:
  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed

 services:
  nextcloud:
-    image: nextcloud/all-in-one:latest
-    restart: unless-stopped
-    container_name: nextcloud-aio-mastercontainer
+    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
+    restart: always
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
    ports:
-      - 80:80
+      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
-      - 8443:8443
+      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    # environment: # Is needed when using any of the options below
+      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+
+  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+  # caddy:
+  #   image: caddy:alpine
+  #   restart: always
+  #   container_name: caddy
+  #   volumes:
+  #     - ./Caddyfile:/etc/caddy/Caddyfile
+  #     - ./certs:/certs
+  #     - ./config:/config
+  #     - ./data:/data
+  #     - ./sites:/srv
+  #   network_mode: "host"
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -0,0 +1,9 @@
+# Docker rootless
+
+You can run AIO with docker rootless by following the steps below.
+
+0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages**. Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -0,0 +1,136 @@
+version: "3.8"
+
+services:
+  nextcloud-aio-apache:
+    container_name: nextcloud-aio-apache
+    depends_on:
+      - nextcloud-aio-collabora
+      - nextcloud-aio-talk
+      - nextcloud-aio-nextcloud
+    image: nextcloud/aio-apache:latest-arm64
+    ports:
+      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_HOST=nextcloud-aio-talk
+      - APACHE_PORT=${APACHE_PORT}
+      - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:ro
+      - nextcloud_aio_apache:/mnt/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-database:
+    container_name: nextcloud-aio-database
+    image: nextcloud/aio-postgresql:latest-arm64
+    volumes:
+      - nextcloud_aio_database:/var/lib/postgresql/data:rw
+      - nextcloud_aio_database_dump:/mnt/data:rw
+    environment:
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
+    stop_grace_period: 1800s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-nextcloud:
+    container_name: nextcloud-aio-nextcloud
+    depends_on:
+      - nextcloud-aio-database
+      - nextcloud-aio-redis
+    image: nextcloud/aio-nextcloud:latest-arm64
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:rw
+      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
+      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+    environment:
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - AIO_TOKEN=${AIO_TOKEN}
+      - NC_DOMAIN=${NC_DOMAIN}
+      - ADMIN_USER=admin
+      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
+      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
+      - OVERWRITEHOST=${NC_DOMAIN}
+      - OVERWRITEPROTOCOL=https
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - AIO_URL=${AIO_URL}
+      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
+      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_ENABLED=${TALK_ENABLED}
+      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-redis:
+    container_name: nextcloud-aio-redis
+    image: nextcloud/aio-redis:latest-arm64
+    environment:
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-collabora:
+    container_name: nextcloud-aio-collabora
+    image: nextcloud/aio-collabora:latest-arm64
+    environment:
+      - aliasgroup1=https://${NC_DOMAIN}:443
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-talk:
+    container_name: nextcloud-aio-talk
+    image: nextcloud/aio-talk:latest-arm64
+    ports:
+      - 3478:3478/tcp
+      - 3478:3478/udp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+volumes:
+  nextcloud_aio_apache:
+    name: nextcloud_aio_apache
+  nextcloud_aio_database:
+    name: nextcloud_aio_database
+  nextcloud_aio_database_dump:
+    name: nextcloud_aio_database_dump
+  nextcloud_aio_nextcloud:
+    name: nextcloud_aio_nextcloud
+  nextcloud_aio_nextcloud_data:
+    name: nextcloud_aio_nextcloud_data
+
+networks:
+  nextcloud-aio:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -0,0 +1,171 @@
+version: "3.8"
+
+services:
+  nextcloud-aio-apache:
+    container_name: nextcloud-aio-apache
+    depends_on:
+      - nextcloud-aio-onlyoffice
+      - nextcloud-aio-collabora
+      - nextcloud-aio-clamav
+      - nextcloud-aio-talk
+      - nextcloud-aio-nextcloud
+    image: nextcloud/aio-apache:latest
+    ports:
+      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_HOST=nextcloud-aio-talk
+      - APACHE_PORT=${APACHE_PORT}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:ro
+      - nextcloud_aio_apache:/mnt/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-database:
+    container_name: nextcloud-aio-database
+    image: nextcloud/aio-postgresql:latest
+    volumes:
+      - nextcloud_aio_database:/var/lib/postgresql/data:rw
+      - nextcloud_aio_database_dump:/mnt/data:rw
+    environment:
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
+    stop_grace_period: 1800s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-nextcloud:
+    container_name: nextcloud-aio-nextcloud
+    depends_on:
+      - nextcloud-aio-database
+      - nextcloud-aio-redis
+    image: nextcloud/aio-nextcloud:latest
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:rw
+      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
+      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+    environment:
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - AIO_TOKEN=${AIO_TOKEN}
+      - NC_DOMAIN=${NC_DOMAIN}
+      - ADMIN_USER=admin
+      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
+      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
+      - OVERWRITEHOST=${NC_DOMAIN}
+      - OVERWRITEPROTOCOL=https
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - AIO_URL=${AIO_URL}
+      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
+      - CLAMAV_ENABLED=${CLAMAV_ENABLED}
+      - CLAMAV_HOST=nextcloud-aio-clamav
+      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
+      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_ENABLED=${TALK_ENABLED}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-redis:
+    container_name: nextcloud-aio-redis
+    image: nextcloud/aio-redis:latest
+    environment:
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-collabora:
+    container_name: nextcloud-aio-collabora
+    image: nextcloud/aio-collabora:latest
+    environment:
+      - aliasgroup1=https://${NC_DOMAIN}:443
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-talk:
+    container_name: nextcloud-aio-talk
+    image: nextcloud/aio-talk:latest
+    ports:
+      - 3478:3478/tcp
+      - 3478:3478/udp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-clamav:
+    container_name: nextcloud-aio-clamav
+    image: nextcloud/aio-clamav:latest
+    environment:
+      - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_clamav:/var/lib/clamav:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-onlyoffice:
+    container_name: nextcloud-aio-onlyoffice
+    image: nextcloud/aio-onlyoffice:latest
+    environment:
+      - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
+volumes:
+  nextcloud_aio_apache:
+    name: nextcloud_aio_apache
+  nextcloud_aio_clamav:
+    name: nextcloud_aio_clamav
+  nextcloud_aio_database:
+    name: nextcloud_aio_database
+  nextcloud_aio_database_dump:
+    name: nextcloud_aio_database_dump
+  nextcloud_aio_nextcloud:
+    name: nextcloud_aio_nextcloud
+  nextcloud_aio_onlyoffice:
+    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_nextcloud_data:
+    name: nextcloud_aio_nextcloud_data
+
+networks:
+  nextcloud-aio:
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -0,0 +1,41 @@
+# Manual installation
+
+You can run the containers that are build for AIO with docker-compose. This comes with a few downsides, that are discussed below.
+
+### Advantages
+- You can run it without a container having access to the docker socket
+- You can modify all values on your own
+
+### Disadvantages
+- You loose the AIO interface
+- You loose update notifications and automatic updates
+- You loose all AIO backup and restore features
+- You need to know what you are doing, especially when modifying the docker-compose file
+- Probably more
+
+## How to use this?
+First, install docker and docker-compose if not already done. Then simply run the following:
+```bash
+git clone https://github.com/nextcloud/all-in-one.git
+cd all-in-one/manual-install
+```
+Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+
+Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+
+Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+
+## How to update?
+Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
+1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. Back up all important files and folders
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
+1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
+1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
+1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+
+## FAQ
+### Backup and restore?
+If you leave `NEXTLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 
+
+Obviously you also need to back up the conf file and the yaml file if you modified it.
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -0,0 +1,18 @@
+AIO_TOKEN=123456          # Has no function but needs to be set!
+AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.
+DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
+NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
+NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
+NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET=          # TODO! This needs to be a unique and good password!
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -0,0 +1,123 @@
+#!/bin/bash
+
+jq -c . ./php/containers.json > /tmp/containers.json
+sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
+sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+OUTPUT="$(cat /tmp/containers.json)"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+
+snap install yq
+mkdir -p ./manual-install
+echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
+
+cd manual-install || exit
+sed -i "s|'||g" containers.yml
+sed -i 's|production:|services:|' containers.yml
+sed -i 's|- identifier:|  container_name:|' containers.yml
+sed -i 's|restartPolicy:|restart:|' containers.yml
+sed -i 's|environmentVariables:|environment:|' containers.yml
+sed -i '/displayName:/d' containers.yml
+sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/stop_grace_period:/s/$/s/' containers.yml
+sed -i 's|containerName:|image:|' containers.yml
+sed -i '/: \[\]/d' containers.yml
+sed -i 's|dependsOn:|depends_on:|' containers.yml
+sed -i 's|- name: |- |' containers.yml
+
+TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
+mapfile -t TCP <<< "$TCP"
+for port in "${TCP[@]}" 
+do
+    solve_port="${port%%/tcp}"
+    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+done
+
+UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
+mapfile -t UDP <<< "$UDP"
+for port in "${UDP[@]}"
+do
+    solve_port="${port%%/udp}"
+    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+done
+
+rm -f sample.conf
+VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
+mapfile -t VARIABLES <<< "$VARIABLES"
+for variable in "${VARIABLES[@]}"
+do
+    # shellcheck disable=SC2001
+    sole_variable="$(echo "$variable" | sed 's|%||g')"
+    echo "$sole_variable=" >> sample.conf
+    sed -i "s|$variable|\${$sole_variable}|g" containers.yml
+done
+
+sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
+sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
+sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
+sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
+sed -i 's|DAILY_BACKUP_RUNNING=|DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
+sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
+sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
+sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
+sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
+sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
+
+cat sample.conf
+
+OUTPUT="$(cat containers.yml)"
+NAMES="$(grep -oP "container_name:.*" containers.yml | grep -oP 'nextcloud-aio.*')"
+mapfile -t NAMES <<< "$NAMES"
+for name in "${NAMES[@]}"
+do
+    OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name/i\ \ $name:")"
+    if [ "$name" != "nextcloud-aio-apache" ]; then
+        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
+    fi
+done
+
+OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
+
+echo 'version: "3.8"' > containers.yml
+echo "" >> containers.yml
+
+echo "$OUTPUT" >> containers.yml
+
+VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
+mapfile -t VOLUMES <<< "$VOLUMES"
+echo "" >> containers.yml
+echo "volumes:" >> containers.yml
+for volume in "${VOLUMES[@]}" "nextcloud_aio_nextcloud_data"
+do
+    cat << VOLUMES >> containers.yml
+  $volume:
+    name: $volume
+VOLUMES
+done
+
+cat << NETWORK >> containers.yml
+
+networks:
+  nextcloud-aio:
+NETWORK
+
+cat containers.yml > latest.yml
+sed -i '/image:/s/$/:latest/' latest.yml
+
+cat containers.yml > latest-arm64.yml
+sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
+sed -i '/  nextcloud-aio-clamav:/,/^$/d' latest-arm64.yml
+sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
+sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+sed -i '/  nextcloud-aio-onlyoffice:/,/^$/d' latest-arm64.yml
+sed -i '/nextcloud[-_]aio[-_]onlyoffice/d' latest-arm64.yml
+sed -i '/ONLYOFFICE_ENABLED/d' latest-arm64.yml
+
+rm containers.yml
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -0,0 +1,25 @@
+# Manual upgrade
+
+If you do not install any upgrade for around 6-12 months or longer, it can happen that your instance is so outdated that in the meantime the PHP version of the Nextcloud container got bumped to a version that is not compatible with your currently installed Nextcloud version which means that after doing an upgrade after this long time, Nextcloud will suddenly not work anymore. There is unfortunately no way to fix this from the maintainer side if you refrain from upgrading for so long.
+
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below:
+
+1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
+1. Do **not** click on `Stop containers` because you will need them running going forward, see below
+1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
+1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo cat /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+1. Run the following commands in order to reverse engineer the Nextcloud container:
+    ```bash
+        sudo docker pull assaflavie/runlike
+        echo '#/bin/bash' > /tmp/nextcloud-aio-nextcloud
+        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
+        sudo chown root:root /tmp/nextcloud-aio-nextcloud
+    ```
+1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest` on x64 or `nextcloud/aio-nextcloud:php8.0-latest-arm64` on arm64. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
+1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
+1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
+1. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+1. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+1. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+1. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Also you should think about enabling daily backups if doing regularl upgrades is too much effort for you.
--- a/migration.md
+++ b/migration.md
@@ -1,11 +1,11 @@
-## How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
+# How to migrate from an already existing Nextcloud installation to Nextcloud AIO?

 There are basically two ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:

 1. Migrate only the files which is the easiest way
 1. Migrate the files and the database which is much more complicated

-### Migrate only the files 
+## Migrate only the files 
 **Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well!

 The procedure for migrating only the files works like this:
@@ -14,16 +14,16 @@ The procedure for migrating only the files works like this:
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

-### Migrate the files and the database
+## Migrate the files and the database
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!<br>
 Also, you will currently not be able to use local external storage in Nextcloud AIO since that is not supported, yet. See https://github.com/nextcloud/all-in-one/issues/76

 The procedure for migrating the files and the database works like this:
-1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
+1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
 1. Take a backup of your former instance (especially from your datadirectory and database)
 1. If your former installation didn't use Postgresql already, you will now need to convert your old installation to use Postgresql as database temporarily (in order to be able to perform a pg_dump afterwards):
    1. Install Postgresql on your former installation: on a Debian based OS should the following command work:
@@ -36,13 +36,13 @@ The procedure for migrating the files and the database works like this:
        export PG_PASSWORD="my-temporary-password"
        export PG_DATABASE="nextcloud_db"
        sudo -u postgres psql <<END
-        CREATE USER $PG_USER WITH PASSWORD '$PGDB_PASS';
+        CREATE USER $PG_USER WITH PASSWORD '$PG_PASSWORD';
        CREATE DATABASE $PG_DATABASE WITH OWNER $PG_USER TEMPLATE template0 ENCODING 'UTF8';
        END
        ```
    1. Run the following command to start the conversion:
        ```
-        occ db:convert-type --all-apps --password "$PGDB_PASS" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
+        occ db:convert-type --all-apps --password "$PG_PASSWORD" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
        ```
        **Please note:** You might need to change the ip-address `127.0.0.1` based on your exact installation.<br>
        Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type
@@ -54,7 +54,7 @@ The procedure for migrating the files and the database works like this:
    ```
    **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
    And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain (use the same domain that you used on your former installation) and wait until all containers are running
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`.
 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
    1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.
@@ -73,7 +73,7 @@ The procedure for migrating the files and the database works like this:
    sudo rm -r /var/lib/docker/volumes/nextcloud_aio_database/_data/*
    ```
 1. If the commands above were executed successfully, restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions
 1. Edit the Nextcloud AIO config.php file that is stored in `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
 1. Now run `sudo docker exec -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint`.
--- a/php/composer.json
+++ b/php/composer.json
@@ -17,5 +17,10 @@
        "slim/twig-view": "^3.2",
        "slim/csrf": "^1.2",
        "ext-apcu": "*"
-    }
+    },
+    "scripts": {
+		"psalm": "psalm --threads=1",
+		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
+        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
+	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,16 +8,16 @@
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.4.1",
+            "version": "7.4.4",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "ee0a041b1760e6a53d2a39c8c34115adc2af2c79"
+                "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ee0a041b1760e6a53d2a39c8c34115adc2af2c79",
-                "reference": "ee0a041b1760e6a53d2a39c8c34115adc2af2c79",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
+                "reference": "e3ff079b22820c2029d4c2a87796b6a0b8716ad8",
                "shasum": ""
            },
            "require": {
@@ -112,7 +112,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.4.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.4.4"
            },
            "funding": [
                {
@@ -128,7 +128,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-12-06T18:43:05+00:00"
+            "time": "2022-06-09T21:39:15+00:00"
        },
        {
            "name": "guzzlehttp/promises",
@@ -157,12 +157,12 @@
                }
            },
            "autoload": {
-                "psr-4": {
-                    "GuzzleHttp\\Promise\\": "src/"
-                },
                "files": [
                    "src/functions_include.php"
-                ]
+                ],
+                "psr-4": {
+                    "GuzzleHttp\\Promise\\": "src/"
+                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
@@ -216,16 +216,16 @@
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.1.0",
+            "version": "2.3.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "089edd38f5b8abba6cb01567c2a8aaa47cec4c72"
+                "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/089edd38f5b8abba6cb01567c2a8aaa47cec4c72",
-                "reference": "089edd38f5b8abba6cb01567c2a8aaa47cec4c72",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/83260bb50b8fc753c72d14dc1621a2dac31877ee",
+                "reference": "83260bb50b8fc753c72d14dc1621a2dac31877ee",
                "shasum": ""
            },
            "require": {
@@ -249,7 +249,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "2.1-dev"
+                    "dev-master": "2.3-dev"
                }
            },
            "autoload": {
@@ -311,7 +311,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.1.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.3.0"
            },
            "funding": [
                {
@@ -327,7 +327,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-06T17:43:30+00:00"
+            "time": "2022-06-09T08:26:02+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -387,6 +387,65 @@
            },
            "time": "2021-07-21T13:50:14+00:00"
        },
+        {
+            "name": "laravel/serializable-closure",
+            "version": "v1.2.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/laravel/serializable-closure.git",
+                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/09f0e9fb61829f628205b7c94906c28740ff9540",
+                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540",
+                "shasum": ""
+            },
+            "require": {
+                "php": "^7.3|^8.0"
+            },
+            "require-dev": {
+                "pestphp/pest": "^1.18",
+                "phpstan/phpstan": "^0.12.98",
+                "symfony/var-dumper": "^5.3"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "1.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Laravel\\SerializableClosure\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Taylor Otwell",
+                    "email": "taylor@laravel.com"
+                },
+                {
+                    "name": "Nuno Maduro",
+                    "email": "nuno@laravel.com"
+                }
+            ],
+            "description": "Laravel Serializable Closure provides an easy and secure way to serialize closures in PHP.",
+            "keywords": [
+                "closure",
+                "laravel",
+                "serializable"
+            ],
+            "support": {
+                "issues": "https://github.com/laravel/serializable-closure/issues",
+                "source": "https://github.com/laravel/serializable-closure"
+            },
+            "time": "2022-05-16T17:09:47+00:00"
+        },
        {
            "name": "nikic/fast-route",
            "version": "v1.3.0",
@@ -437,71 +496,6 @@
            },
            "time": "2018-02-13T20:26:39+00:00"
        },
-        {
-            "name": "opis/closure",
-            "version": "3.6.3",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/opis/closure.git",
-                "reference": "3d81e4309d2a927abbe66df935f4bb60082805ad"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/opis/closure/zipball/3d81e4309d2a927abbe66df935f4bb60082805ad",
-                "reference": "3d81e4309d2a927abbe66df935f4bb60082805ad",
-                "shasum": ""
-            },
-            "require": {
-                "php": "^5.4 || ^7.0 || ^8.0"
-            },
-            "require-dev": {
-                "jeremeamia/superclosure": "^2.0",
-                "phpunit/phpunit": "^4.0 || ^5.0 || ^6.0 || ^7.0 || ^8.0 || ^9.0"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.6.x-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Opis\\Closure\\": "src/"
-                },
-                "files": [
-                    "functions.php"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Marius Sarca",
-                    "email": "marius.sarca@gmail.com"
-                },
-                {
-                    "name": "Sorin Sarca",
-                    "email": "sarca_sorin@hotmail.com"
-                }
-            ],
-            "description": "A library that can be used to serialize closures (anonymous functions) and arbitrary objects.",
-            "homepage": "https://opis.io/closure",
-            "keywords": [
-                "anonymous functions",
-                "closure",
-                "function",
-                "serializable",
-                "serialization",
-                "serialize"
-            ],
-            "support": {
-                "issues": "https://github.com/opis/closure/issues",
-                "source": "https://github.com/opis/closure/tree/3.6.3"
-            },
-            "time": "2022-01-27T09:35:39+00:00"
-        },
        {
            "name": "php-di/invoker",
            "version": "2.3.3",
@@ -559,21 +553,21 @@
        },
        {
            "name": "php-di/php-di",
-            "version": "6.3.5",
+            "version": "6.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "b8126d066ce144765300ee0ab040c1ed6c9ef588"
+                "reference": "ae0f1b3b03d8b29dff81747063cbfd6276246cc4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/b8126d066ce144765300ee0ab040c1ed6c9ef588",
-                "reference": "b8126d066ce144765300ee0ab040c1ed6c9ef588",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/ae0f1b3b03d8b29dff81747063cbfd6276246cc4",
+                "reference": "ae0f1b3b03d8b29dff81747063cbfd6276246cc4",
                "shasum": ""
            },
            "require": {
-                "opis/closure": "^3.5.5",
-                "php": ">=7.2.0",
+                "laravel/serializable-closure": "^1.0",
+                "php": ">=7.4.0",
                "php-di/invoker": "^2.0",
                "php-di/phpdoc-reader": "^2.0.1",
                "psr/container": "^1.0"
@@ -582,12 +576,12 @@
                "psr/container-implementation": "^1.0"
            },
            "require-dev": {
-                "doctrine/annotations": "~1.2",
+                "doctrine/annotations": "~1.10",
                "friendsofphp/php-cs-fixer": "^2.4",
                "mnapoli/phpunit-easymock": "^1.2",
-                "ocramius/proxy-manager": "^2.0.2",
+                "ocramius/proxy-manager": "^2.11.2",
                "phpstan/phpstan": "^0.12",
-                "phpunit/phpunit": "^8.5|^9.0"
+                "phpunit/phpunit": "^9.5"
            },
            "suggest": {
                "doctrine/annotations": "Install it if you want to use annotations (version ~1.2)",
@@ -619,7 +613,7 @@
            ],
            "support": {
                "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/6.3.5"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/6.4.0"
            },
            "funding": [
                {
@@ -631,7 +625,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-09-02T09:49:58+00:00"
+            "time": "2022-04-09T16:46:38+00:00"
        },
        {
            "name": "php-di/phpdoc-reader",
@@ -1192,22 +1186,22 @@
        },
        {
            "name": "slim/slim",
-            "version": "4.9.0",
+            "version": "4.10.0",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim.git",
-                "reference": "44d3c9c0bfcc47e52e42b097b6062689d21b904b"
+                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/44d3c9c0bfcc47e52e42b097b6062689d21b904b",
-                "reference": "44d3c9c0bfcc47e52e42b097b6062689d21b904b",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
+                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "nikic/fast-route": "^1.3",
-                "php": "^7.3 || ^8.0",
+                "php": "^7.4 || ^8.0",
                "psr/container": "^1.0 || ^2.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.0",
@@ -1218,13 +1212,15 @@
            "require-dev": {
                "adriansuter/php-autoload-override": "^1.2",
                "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.0",
+                "guzzlehttp/psr7": "^2.1",
+                "httpsoft/http-message": "^1.0",
+                "httpsoft/http-server-request": "^1.0",
                "laminas/laminas-diactoros": "^2.8",
-                "nyholm/psr7": "^1.4",
+                "nyholm/psr7": "^1.5",
                "nyholm/psr7-server": "^1.0",
-                "phpspec/prophecy": "^1.14",
+                "phpspec/prophecy": "^1.15",
                "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^0.12.99",
+                "phpstan/phpstan": "^1.4",
                "phpunit/phpunit": "^9.5",
                "slim/http": "^1.2",
                "slim/psr7": "^1.5",
@@ -1301,7 +1297,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-05T03:00:00+00:00"
+            "time": "2022-03-14T14:18:23+00:00"
        },
        {
            "name": "slim/twig-view",
@@ -1370,16 +1366,16 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.0.0",
+            "version": "v3.0.1",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "c726b64c1ccfe2896cb7df2e1331c357ad1c8ced"
+                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/c726b64c1ccfe2896cb7df2e1331c357ad1c8ced",
-                "reference": "c726b64c1ccfe2896cb7df2e1331c357ad1c8ced",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
+                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
                "shasum": ""
            },
            "require": {
@@ -1417,7 +1413,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1"
            },
            "funding": [
                {
@@ -1433,20 +1429,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-11-01T23:48:49+00:00"
+            "time": "2022-01-02T09:55:41+00:00"
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.24.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab"
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
                "shasum": ""
            },
            "require": {
@@ -1461,7 +1457,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1469,12 +1465,12 @@
                }
            },
            "autoload": {
-                "psr-4": {
-                    "Symfony\\Polyfill\\Ctype\\": ""
-                },
                "files": [
                    "bootstrap.php"
-                ]
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Ctype\\": ""
+                }
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
@@ -1499,7 +1495,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1515,20 +1511,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-20T20:35:02+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.24.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
                "shasum": ""
            },
            "require": {
@@ -1543,7 +1539,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1582,7 +1578,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1598,20 +1594,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-11-30T18:21:41+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.24.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f"
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
                "shasum": ""
            },
            "require": {
@@ -1620,7 +1616,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1661,7 +1657,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.24.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1677,20 +1673,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-09-13T13:58:11+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.3.8",
+            "version": "v3.4.1",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c"
+                "reference": "e939eae92386b69b49cfa4599dd9bead6bf4a342"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/972d8604a92b7054828b539f2febb0211dd5945c",
-                "reference": "972d8604a92b7054828b539f2febb0211dd5945c",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/e939eae92386b69b49cfa4599dd9bead6bf4a342",
+                "reference": "e939eae92386b69b49cfa4599dd9bead6bf4a342",
                "shasum": ""
            },
            "require": {
@@ -1705,7 +1701,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "3.3-dev"
+                    "dev-master": "3.4-dev"
                }
            },
            "autoload": {
@@ -1741,7 +1737,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.3.8"
+                "source": "https://github.com/twigphp/Twig/tree/v3.4.1"
            },
            "funding": [
                {
@@ -1753,7 +1749,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-02-04T06:59:48+00:00"
+            "time": "2022-05-17T05:48:52+00:00"
        }
    ],
    "packages-dev": [],
@@ -1770,5 +1766,5 @@
        "ext-apcu": "*"
    },
    "platform-dev": [],
-    "plugin-api-version": "2.2.0"
+    "plugin-api-version": "2.3.0"
 }
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -0,0 +1,79 @@
+{
+	"type": "object",
+	"description": "AIO containers definition schema",
+	"additionalProperties": false,
+	"minProperties": 1,
+	"properties": {
+		"production": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"additionalProperties": false,
+				"minProperties": 11,
+				"properties": {
+					"containerName": {
+						"type": "string"
+					},
+					"dependsOn": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"displayName": {
+						"type": "string"
+					},
+					"environmentVariables": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"identifier": {
+						"type": "string"
+					},
+					"internalPorts": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"maxShutdownTime": {
+						"type": "integer"
+					},
+					"ports": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"restartPolicy": {
+						"type": "string"
+					},
+					"secrets": {
+						"type": "array"
+					},
+					"volumes": {
+						"type": "array",
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"location": {
+									"type": "string"
+								},
+								"name": {
+									"type": "string"
+								},
+								"writeable": {
+									"type": "boolean"
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,26 +1,31 @@
 {
  "production": [
    {
-      "dependsOn": [
-        "nextcloud-aio-nextcloud",
-        "nextcloud-aio-collabora",
-        "nextcloud-aio-talk"
-      ],
      "identifier": "nextcloud-aio-apache",
+      "dependsOn": [
+        "nextcloud-aio-onlyoffice",
+        "nextcloud-aio-collabora",
+        "nextcloud-aio-clamav",
+        "nextcloud-aio-talk",
+        "nextcloud-aio-nextcloud"
+      ],
      "displayName": "Apache",
      "containerName": "nextcloud/aio-apache",
      "ports": [
-        "443/tcp"
+        "%APACHE_PORT%/tcp"
      ],
      "internalPorts": [
-        "443"
+        "%APACHE_PORT%"
      ],
      "secrets": [],
      "environmentVariables": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
        "COLLABORA_HOST=nextcloud-aio-collabora",
-        "TALK_HOST=nextcloud-aio-talk"
+        "TALK_HOST=nextcloud-aio-talk",
+        "APACHE_PORT=%APACHE_PORT%",
+        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [
        {
@@ -38,8 +43,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-database",
+      "dependsOn": [],
      "displayName": "Database",
      "containerName": "nextcloud/aio-postgresql",
      "ports": [],
@@ -64,17 +69,19 @@
      "environmentVariables": [
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
-        "POSTGRES_USER=nextcloud"
+        "POSTGRES_USER=nextcloud",
+        "TZ=%TIMEZONE%",
+        "PGTZ=%TIMEZONE%"
      ],
      "maxShutdownTime": 1800,
      "restartPolicy": "unless-stopped"
    },
    {
+      "identifier": "nextcloud-aio-nextcloud",
      "dependsOn": [
        "nextcloud-aio-database",
        "nextcloud-aio-redis"
      ],
-      "identifier": "nextcloud-aio-nextcloud",
      "displayName": "Nextcloud",
      "containerName": "nextcloud/aio-nextcloud",
      "ports": [],
@@ -95,9 +102,14 @@
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_nextcloud_data",
+          "name": "%NEXTCLOUD_DATADIR%",
          "location": "/mnt/ncdata",
          "writeable": true
+        },
+        {
+          "name": "%NEXTCLOUD_MOUNT%",
+          "location": "%NEXTCLOUD_MOUNT%",
+          "writeable": true
        }
      ],
      "environmentVariables": [
@@ -114,17 +126,26 @@
        "NEXTCLOUD_DATA_DIR=/mnt/ncdata",
        "OVERWRITEHOST=%NC_DOMAIN%",
        "OVERWRITEPROTOCOL=https",
-        "TRUSTED_PROXIES=127.0.0.1",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
-        "AIO_URL=%AIO_URL%"
+        "AIO_URL=%AIO_URL%",
+        "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
+        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
+        "CLAMAV_HOST=nextcloud-aio-clamav",
+        "ONLYOFFICE_ENABLED=%ONLYOFFICE_ENABLED%",
+        "COLLABORA_ENABLED=%COLLABORA_ENABLED%",
+        "COLLABORA_HOST=nextcloud-aio-collabora",
+        "TALK_ENABLED=%TALK_ENABLED%",
+        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
+        "DAILY_BACKUP_RUNNING=%DAILY_BACKUP_RUNNING%",
+        "TZ=%TIMEZONE%"
      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-redis",
+      "dependsOn": [],
      "displayName": "Redis",
      "containerName": "nextcloud/aio-redis",
      "ports": [],
@@ -132,7 +153,8 @@
        "6379"
      ],
      "environmentVariables": [
-        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [
@@ -142,8 +164,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-collabora",
+      "dependsOn": [],
      "displayName": "Collabora",
      "containerName": "nextcloud/aio-collabora",
      "ports": [],
@@ -151,7 +173,9 @@
        "9980"
      ],
      "environmentVariables": [
-        "domain=%NC_DOMAIN%"
+        "aliasgroup1=https://%NC_DOMAIN%:443",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [],
@@ -159,8 +183,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-talk",
+      "dependsOn": [],
      "displayName": "Talk",
      "containerName": "nextcloud/aio-talk",
      "ports": [
@@ -174,7 +198,8 @@
        "NC_DOMAIN=%NC_DOMAIN%",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
-        "JANUS_API_KEY=%JANUS_API_KEY%"
+        "JANUS_API_KEY=%JANUS_API_KEY%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [
@@ -186,8 +211,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-borgbackup",
+      "dependsOn": [],
      "displayName": "Borgbackup",
      "containerName": "nextcloud/aio-borgbackup",
      "ports": [],
@@ -195,7 +220,8 @@
      "environmentVariables": [
        "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
        "BORG_MODE=%BORGBACKUP_MODE%",
-        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%"
+        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
+        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%"
      ],
      "volumes": [
        {
@@ -209,7 +235,7 @@
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_nextcloud_data",
+          "name": "%NEXTCLOUD_DATADIR%",
          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
          "writeable": true
        },
@@ -246,8 +272,8 @@
      "restartPolicy": ""
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-watchtower",
+      "dependsOn": [],
      "displayName": "Watchtower",
      "containerName": "nextcloud/aio-watchtower",
      "ports": [],
@@ -257,7 +283,7 @@
      ],
      "volumes": [
        {
-          "name": "/var/run/docker.sock",
+          "name": "%DOCKER_SOCKET_PATH%",
          "location": "/var/run/docker.sock",
          "writeable": false
        }
@@ -272,11 +298,12 @@
      "displayName": "Domaincheck",
      "containerName": "nextcloud/aio-domaincheck",
      "ports": [
-        "443/tcp"
+        "%APACHE_PORT%/tcp"
      ],
      "internalPorts": [],
      "environmentVariables": [
-        "INSTANCE_ID=%INSTANCE_ID%"
+        "INSTANCE_ID=%INSTANCE_ID%",
+        "APACHE_PORT=%APACHE_PORT%"
      ],
      "volumes": [],
      "secrets": [
@@ -284,6 +311,52 @@
      ],
      "maxShutdownTime": 1,
      "restartPolicy": ""
+    },
+    {
+      "identifier": "nextcloud-aio-clamav",
+      "dependsOn": [],
+      "displayName": "ClamAV",
+      "containerName": "nextcloud/aio-clamav",
+      "ports": [],
+      "internalPorts": [
+        "3310"
+      ],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%"
+      ],
+      "volumes": [
+        {
+          "name": "nextcloud_aio_clamav",
+          "location": "/var/lib/clamav",
+          "writeable": true
+        }
+      ],
+      "secrets": [],
+      "maxShutdownTime": 10,
+      "restartPolicy": "unless-stopped"
+    },
+    {
+      "identifier": "nextcloud-aio-onlyoffice",
+      "dependsOn": [],
+      "displayName": "OnlyOffice",
+      "containerName": "nextcloud/aio-onlyoffice",
+      "ports": [],
+      "internalPorts": [
+        "80"
+      ],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%"
+      ],
+      "volumes": [
+        {
+          "name": "nextcloud_aio_onlyoffice",
+          "location": "/var/lib/onlyoffice",
+          "writeable": true
+        }
+      ],
+      "secrets": [],
+      "maxShutdownTime": 10,
+      "restartPolicy": "unless-stopped"
    }
  ]
 }
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<files psalm-version="4.23.0@f1fe6ff483bf325c803df9f510d09a03fd796f88">
+  <file src="public/index.php">
+    <MissingClosureParamType occurrences="10">
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$request</code>
+      <code>$request</code>
+      <code>$request</code>
+      <code>$response</code>
+      <code>$response</code>
+      <code>$response</code>
+    </MissingClosureParamType>
+  </file>
+  <file src="src/Controller/ConfigurationController.php">
+    <MissingParamType occurrences="1">
+      <code>$args</code>
+    </MissingParamType>
+  </file>
+  <file src="src/Controller/DockerController.php">
+    <MissingParamType occurrences="8">
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+    </MissingParamType>
+    <PossiblyInvalidArrayAccess occurrences="1">
+      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
+    </PossiblyInvalidArrayAccess>
+    <PossiblyNullArrayAccess occurrences="1">
+      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
+    </PossiblyNullArrayAccess>
+  </file>
+  <file src="src/Controller/LoginController.php">
+    <MissingParamType occurrences="3">
+      <code>$args</code>
+      <code>$args</code>
+      <code>$args</code>
+    </MissingParamType>
+    <PossiblyInvalidArrayAccess occurrences="1">
+      <code>$request-&gt;getParsedBody()['password']</code>
+    </PossiblyInvalidArrayAccess>
+    <PossiblyNullArgument occurrences="1">
+      <code>$password</code>
+    </PossiblyNullArgument>
+    <PossiblyNullArrayAccess occurrences="1">
+      <code>$request-&gt;getParsedBody()['password']</code>
+    </PossiblyNullArrayAccess>
+  </file>
+  <file src="src/Docker/DockerActionManager.php">
+    <InvalidReturnType occurrences="1">
+      <code>IContainerState</code>
+    </InvalidReturnType>
+    <InvalidScalarArgument occurrences="1">
+      <code>$internalPort</code>
+    </InvalidScalarArgument>
+    <RedundantCondition occurrences="1">
+      <code>$container-&gt;GetInternalPorts() !== null</code>
+    </RedundantCondition>
+  </file>
+  <file src="src/Middleware/AuthMiddleware.php">
+    <UndefinedInterfaceMethod occurrences="1">
+      <code>withStatus</code>
+    </UndefinedInterfaceMethod>
+  </file>
+  <file src="src/Twig/ClassExtension.php">
+    <MissingParamType occurrences="1">
+      <code>$object</code>
+    </MissingParamType>
+  </file>
+</files>
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0"?>
+<psalm
+	errorLevel="2"
+	resolveFromConfigFile="true"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns="https://getpsalm.org/schema/config"
+	xsi:schemaLocation="https://getpsalm.org/schema/config"
+    errorBaseline="psalm-baseline.xml"
+>
+	<projectFiles>
+		<directory name="templates"/>
+		<directory name="src"/>
+		<file name="public/index.php"/>
+	</projectFiles>
+</psalm>
--- a/php/public/automatic_reload.js
+++ b/php/public/automatic_reload.js
@@ -0,0 +1,17 @@
+if (document.hasFocus()) {
+    // hide reload button if the site reloads automatically
+    var list = document.getElementsByClassName("reload button");
+    for (var i = 0; i < list.length; i++) {
+        // list[i] is a node with the desired class name
+        list[i].style.display = 'none';
+    }
+
+    // set timeout for reload
+    setTimeout(function(){
+    window.location.reload(1);
+    }, 5000);
+} else {
+    window.addEventListener("beforeunload", function() {
+        document.getElementById('overlay').classList.add('loading')
+    });
+}
--- a/php/public/before-unload.js
+++ b/php/public/before-unload.js
@@ -0,0 +1,3 @@
+window.addEventListener("beforeunload", function() {
+    document.getElementById('overlay').classList.add('loading')
+});
--- a/php/public/disable-clamav.js
+++ b/php/public/disable-clamav.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Clamav
+    var clamav = document.getElementById("clamav");
+    clamav.disabled = true;
+});
--- a/php/public/disable-collabora.js
+++ b/php/public/disable-collabora.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Collabora
+    var collabora = document.getElementById("collabora");
+    collabora.disabled = true;
+});
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // OnlyOffice
+    var onlyoffice = document.getElementById("onlyoffice");
+    onlyoffice.disabled = true;
+});
--- a/php/public/disable-talk.js
+++ b/php/public/disable-talk.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Talk
+    var talk = document.getElementById("talk");
+    talk.disabled = true;
+});
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -12,7 +12,7 @@
    }
    lastError = toast
    body.prepend(toast)
-    setTimeout(toast.remove.bind(toast), 3000)
+    setTimeout(toast.remove.bind(toast), 10000)
  }

  function handleEvent(e) {
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -22,11 +22,6 @@ ini_set('session.save_path', $dataConst->GetSessionDirectory());
 // Auto logout on browser close
 ini_set('session.cookie_lifetime', '0');

-// Make sure to delete all stale sessions after at least one day
-ini_set('session.gc_maxlifetime', '86400');
-ini_set('session.gc_probability', '1');
-ini_set('session.gc_divisor', '1');
-
 // Create app
 AppFactory::setContainer($container);
 $app = AppFactory::create();
@@ -53,9 +48,11 @@ $app->add(new \AIO\Middleware\AuthMiddleware($container->get(\AIO\Auth\AuthManag

 // API
 $app->post('/api/docker/watchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
+$app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class . ':StartWatchtowerContainer');
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
@@ -77,17 +74,29 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
    return $view->render($response, 'containers.twig', [
        'domain' => $configurationManager->GetDomain(),
        'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'borg_backup_mode' => $configurationManager->GetBorgBackupMode(),
        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
        'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
        'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
        'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
+        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
        'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
+        'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
+        'borg_backup_mode' => $configurationManager->GetBorgBackupMode(),
        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
        'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
        'last_backup_time' => $configurationManager->GetLastBackupTime(),
        'backup_times' => $configurationManager->GetBackupTimes(),
+        'current_channel' => $dockerActionManger->GetCurrentChannel(),
+        'is_x64_platform' => $configurationManager->isx64Platform(),
+        'is_clamav_enabled' => $configurationManager->isClamavEnabled(),
+        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled(),
+        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled(),
+        'is_talk_enabled' => $configurationManager->isTalkEnabled(),
+        'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
+        'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
+        'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
+        'timezone' => $configurationManager->GetTimezone(),
    ]);
 })->setName('profile');
 $app->get('/login', function ($request, $response, $args) use ($container) {
@@ -142,4 +151,6 @@ $app->get('/', function (\Psr\Http\Message\RequestInterface $request, \Psr\Http\
    }
 });

+$errorMiddleware = $app->addErrorMiddleware(true, true, true);
+
 $app->run();
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -0,0 +1,26 @@
+function makeOptionsFormSubmitVisible() {
+    var optionsFormSubmit = document.getElementById("options-form-submit");
+    optionsFormSubmit.style.display = 'block';
+}
+
+document.addEventListener("DOMContentLoaded", function(event) {
+    // handle submit button for options form
+    var optionsFormSubmit = document.getElementById("options-form-submit");
+    optionsFormSubmit.style.display = 'none';
+
+    // Clamav
+    var clamav = document.getElementById("clamav");
+    clamav.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // OnlyOffice
+    var onlyoffice = document.getElementById("onlyoffice");
+    onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Collabora
+    var collabora = document.getElementById("collabora");
+    collabora.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Talk
+    var talk = document.getElementById("talk");
+    talk.addEventListener('change', makeOptionsFormSubmitVisible);
+});
--- a/php/public/style.css
+++ b/php/public/style.css
@@ -23,6 +23,10 @@ a {
    outline: none;
 }

+summary {
+    cursor: pointer;
+}
+
 ul {
    list-style: none;
    padding: 0;
@@ -136,7 +140,7 @@ input {
    padding: 20px;
    max-width: 100%;
    word-break: break-word;
-    max-width: 450px;
+    max-width: 470px;
    margin: 0 auto;
 }

--- a/php/src/Auth/PasswordGenerator.php
+++ b/php/src/Auth/PasswordGenerator.php
@@ -7792,7 +7792,7 @@ class PasswordGenerator
            if($password !== '') {
                $password = $password . ' ';
            }
-            $password = $password . $this->words[random_int(0, 2047)];
+            $password = $password . $this->words[random_int(0, 7775)];
        }

        return $password;
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -91,6 +91,10 @@ class Container {
        return $this->dockerActionManager->GetContainerRunningState($this);
    }

+    public function GetRestartingState() : IContainerState {
+        return $this->dockerActionManager->GetContainerRestartingState($this);
+    }
+
    public function GetUpdateState() : IContainerState {
        return $this->dockerActionManager->GetContainerUpdateState($this);
    }
--- a/php/src/Container/ContainerVolumes.php
+++ b/php/src/Container/ContainerVolumes.php
@@ -6,7 +6,7 @@ class ContainerVolumes {
    /** @var ContainerVolume[] */
    private array $volumes = [];

-    public function AddVolume(ContainerVolume $volume) {
+    public function AddVolume(ContainerVolume $volume) : void {
        $this->volumes[] = $volume;
    }

--- a/php/src/Container/State/NotRestartingState.php
+++ b/php/src/Container/State/NotRestartingState.php
@@ -0,0 +1,6 @@
+<?php
+
+namespace AIO\Container\State;
+
+class NotRestartingState implements IContainerState
+{}
--- a/php/src/Container/State/RestartingState.php
+++ b/php/src/Container/State/RestartingState.php
@@ -0,0 +1,6 @@
+<?php
+
+namespace AIO\Container\State;
+
+class RestartingState implements IContainerState
+{}
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -27,7 +27,7 @@ class ContainerDefinitionFetcher
        $this->container = $container;
    }

-    public function GetContainerById(string $id): ?Container
+    public function GetContainerById(string $id): Container
    {
        $containers = $this->FetchDefinition();

@@ -37,7 +37,7 @@ class ContainerDefinitionFetcher
            }
        }

-        return null;
+        throw new \Exception("The provided id " . $id . " was not found in the container definition.");
    }

    /**
@@ -49,13 +49,37 @@ class ContainerDefinitionFetcher

        $containers = [];
        foreach ($data['production'] as $entry) {
+            if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+                if (!$this->configurationManager->isClamavEnabled()) {
+                    continue;
+                }
+            } elseif ($entry['identifier'] === 'nextcloud-aio-onlyoffice') {
+                if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                    continue;
+                }
+            } elseif ($entry['identifier'] === 'nextcloud-aio-collabora') {
+                if (!$this->configurationManager->isCollaboraEnabled()) {
+                    continue;
+                }
+            } elseif ($entry['identifier'] === 'nextcloud-aio-talk') {
+                if (!$this->configurationManager->isTalkEnabled()) {
+                    continue;
+                }
+            }
+
            $ports = new ContainerPorts();
            foreach ($entry['ports'] as $port) {
+                if($port === '%APACHE_PORT%/tcp') {
+                    $port = $this->configurationManager->GetApachePort() . '/tcp';
+                }
                $ports->AddPort($port);
            }

            $internalPorts = new ContainerInternalPorts();
            foreach ($entry['internalPorts'] as $internalPort) {
+                if($internalPort === '%APACHE_PORT%') {
+                    $internalPort = $this->configurationManager->GetApachePort();
+                }
                $internalPorts->AddInternalPort($internalPort);
            }

@@ -67,6 +91,28 @@ class ContainerDefinitionFetcher
                        continue;
                    }
                }
+                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['name'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
+                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
+                    if ($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
+                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                }
+                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
+                    $value['location'] = $this->configurationManager->GetNextcloudMount();
+                    if($value['location'] === '') {
+                        continue;
+                    }
+                }
                $volumes->AddVolume(
                    new ContainerVolume(
                        $value['name'],
@@ -76,6 +122,28 @@ class ContainerDefinitionFetcher
                );
            }

+            $dependsOn = [];
+            foreach ($entry['dependsOn'] as $value) {
+                if ($value === 'nextcloud-aio-clamav') {
+                    if (!$this->configurationManager->isClamavEnabled()) {
+                        continue;
+                    }
+                } elseif ($value === 'nextcloud-aio-onlyoffice') {
+                    if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                        continue;
+                    }
+                } elseif ($value === 'nextcloud-aio-collabora') {
+                    if (!$this->configurationManager->isCollaboraEnabled()) {
+                        continue;
+                    }
+                } elseif ($value === 'nextcloud-aio-talk') {
+                    if (!$this->configurationManager->isTalkEnabled()) {
+                        continue;
+                    }
+                }
+                $dependsOn[] = $value;
+            }
+            
            $variables = new ContainerEnvironmentVariables();
            foreach ($entry['environmentVariables'] as $value) {
                $variables->AddVariable($value);
@@ -91,7 +159,7 @@ class ContainerDefinitionFetcher
                $internalPorts,
                $volumes,
                $variables,
-                $entry['dependsOn'],
+                $dependsOn,
                $entry['secrets'],
                $this->container->get(DockerActionManager::class)
            );
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -22,11 +22,69 @@ class ConfigurationController
    public function SetConfig(Request $request, Response $response, $args) : Response {
        try {
            if (isset($request->getParsedBody()['domain'])) {
-                $this->configurationManager->SetDomain($request->getParsedBody()['domain']);
+                $domain = $request->getParsedBody()['domain'] ?? '';
+                $this->configurationManager->SetDomain($domain);
+            }
+
+            if (isset($request->getParsedBody()['current-master-password']) || isset($request->getParsedBody()['new-master-password'])) {
+                $currentMasterPassword = $request->getParsedBody()['current-master-password'] ?? '';
+                $newMasterPassword = $request->getParsedBody()['new-master-password'] ?? '';
+                $this->configurationManager->ChangeMasterPassword($currentMasterPassword, $newMasterPassword);
            }

            if (isset($request->getParsedBody()['borg_backup_host_location'])) {
-                $this->configurationManager->SetBorgBackupHostLocation($request->getParsedBody()['borg_backup_host_location']);
+                $location = $request->getParsedBody()['borg_backup_host_location'] ?? '';
+                $this->configurationManager->SetBorgBackupHostLocation($location);
+            }
+
+            if (isset($request->getParsedBody()['borg_restore_host_location']) || isset($request->getParsedBody()['borg_restore_password'])) {
+                $restoreLocation = $request->getParsedBody()['borg_restore_host_location'] ?? '';
+                $borgPassword = $request->getParsedBody()['borg_restore_password'] ?? '';
+                $this->configurationManager->SetBorgRestoreHostLocationAndPassword($restoreLocation, $borgPassword);
+            }
+
+            if (isset($request->getParsedBody()['daily_backup_time'])) {
+                $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
+                $this->configurationManager->SetDailyBackupTime($dailyBackupTime);
+            }
+
+            if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
+                $this->configurationManager->DeleteDailyBackupTime();
+            }
+
+            if (isset($request->getParsedBody()['delete_timezone'])) {
+                $this->configurationManager->DeleteTimezone();
+            }
+
+            if (isset($request->getParsedBody()['timezone'])) {
+                $timezone = $request->getParsedBody()['timezone'] ?? '';
+                $this->configurationManager->SetTimezone($timezone);
+            }
+
+            if (isset($request->getParsedBody()['options-form'])) {
+                if (isset($request->getParsedBody()['collabora']) && isset($request->getParsedBody()['onlyoffice'])) {
+                    throw new InvalidSettingConfigurationException("Collabora and Onlyoffice are not allowed to be enabled at the same time!");
+                }
+                if (isset($request->getParsedBody()['clamav'])) {
+                    $this->configurationManager->SetClamavEnabledState(1);
+                } else {
+                    $this->configurationManager->SetClamavEnabledState(0);
+                }
+                if (isset($request->getParsedBody()['onlyoffice'])) {
+                    $this->configurationManager->SetOnlyofficeEnabledState(1);
+                } else {
+                    $this->configurationManager->SetOnlyofficeEnabledState(0);
+                }
+                if (isset($request->getParsedBody()['collabora'])) {
+                    $this->configurationManager->SetCollaboraEnabledState(1);
+                } else {
+                    $this->configurationManager->SetCollaboraEnabledState(0);
+                }
+                if (isset($request->getParsedBody()['talk'])) {
+                    $this->configurationManager->SetTalkEnabledState(1);
+                } else {
+                    $this->configurationManager->SetTalkEnabledState(0);
+                }
            }

            return $response->withStatus(201)->withHeader('Location', '/');
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,16 +26,26 @@ class DockerController
        $this->configurationManager = $configurationManager;
    }

-    private function PerformRecursiveContainerStart(string $id) {
+    private function PerformRecursiveContainerStart(string $id) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        foreach($container->GetDependsOn() as $dependency) {
            $this->PerformRecursiveContainerStart($dependency);
        }

+        $pullcontainer = true;
+        if ($id === 'nextcloud-aio-database') {
+            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
+                $pullcontainer = false;
+            }
+        }
        $this->dockerActionManager->DeleteContainer($container);
        $this->dockerActionManager->CreateVolumes($container);
-        $this->dockerActionManager->PullContainer($container);
+        if ($pullcontainer) {
+            $this->dockerActionManager->PullContainer($container);
+        } else {
+            error_log('Not pulling the latest database image because the container was not correctly shut down.');
+        }
        $this->dockerActionManager->CreateContainer($container);
        $this->dockerActionManager->StartContainer($container);
        $this->dockerActionManager->ConnectContainerToNetwork($container);
@@ -44,8 +54,12 @@ class DockerController
    public function GetLogs(Request $request, Response $response, $args) : Response
    {
        $id = $request->getQueryParams()['id'];
-        $container = $this->containerDefinitionFetcher->GetContainerById($id);
-        $logs = $this->dockerActionManager->GetLogs($container);
+        if (str_starts_with($id, 'nextcloud-aio-')) {
+            $logs = $this->dockerActionManager->GetLogs($id);
+        } else {
+            $logs = 'Container not found.';
+        }
+
        $body = $response->getBody();
        $body->write($logs);

@@ -56,6 +70,11 @@ class DockerController
    }

    public function StartBackupContainerBackup(Request $request, Response $response, $args) : Response {
+        $this->startBackup();
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function startBackup() : void {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'backup';
        $this->configurationManager->WriteConfig($config);
@@ -65,8 +84,6 @@ class DockerController

        $id = 'nextcloud-aio-borgbackup';
        $this->PerformRecursiveContainerStart($id);
-
-        return $response->withStatus(201)->withHeader('Location', '/');
    }

    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
@@ -95,17 +112,46 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

+    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'test';
+        $config['instance_restore_attempt'] = 0;
+        $this->configurationManager->WriteConfig($config);
+
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveContainerStop($id);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
    public function StartContainer(Request $request, Response $response, $args) : Response
    {
        $uri = $request->getUri();
        $host = $uri->getHost();
        $port = $uri->getPort();
+        if ($port === 8000) {
+            error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
+            $port = 443;
+        }

        $config = $this->configurationManager->GetConfig();
        // set AIO_URL
        $config['AIO_URL'] = $host . ':' . $port;
        // set wasStartButtonClicked
        $config['wasStartButtonClicked'] = 1;
+        $this->configurationManager->WriteConfig($config);
+
+        // Start container
+        $this->startTopContainer();
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function startTopContainer() : void {
+        $config = $this->configurationManager->GetConfig();
        // set AIO_TOKEN
        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
        $this->configurationManager->WriteConfig($config);
@@ -116,24 +162,28 @@ class DockerController
        $id = self::TOP_CONTAINER;

        $this->PerformRecursiveContainerStart($id);
-        return $response->withStatus(201)->withHeader('Location', '/');
    }

    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
-        $id = 'nextcloud-aio-watchtower';
-
-        $this->PerformRecursiveContainerStart($id);
+        $this->startWatchtower();
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    private function PerformRecursiveContainerStop(string $id)
+    public function startWatchtower() : void {
+        $id = 'nextcloud-aio-watchtower';
+
+        $this->PerformRecursiveContainerStart($id);
+    }
+
+    private function PerformRecursiveContainerStop(string $id) : void
    {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);
        foreach($container->GetDependsOn() as $dependency) {
            $this->PerformRecursiveContainerStop($dependency);
        }

-        $this->dockerActionManager->DisconnectContainerFromNetwork($container);
+        // Disconnecting is not needed. This also allows to start the containers manually via docker-cli
+        //$this->dockerActionManager->DisconnectContainerFromNetwork($container);
        $this->dockerActionManager->StopContainer($container);
    }

@@ -145,28 +195,39 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartDomaincheckContainer()
+    public function StartDomaincheckContainer() : void
    {
        # Don't start if domain is already set
-        if ($this->configurationManager->GetDomain() != '') {
+        if ($this->configurationManager->GetDomain() !== '' || $this->configurationManager->wasStartButtonClicked()) {
            return;
        }

        $id = 'nextcloud-aio-domaincheck';

-        $container = $this->containerDefinitionFetcher->GetContainerById($id);
-        // don't start if the domaincheck is already running
-        if ($container->GetIdentifier() === $id && $container->GetRunningState() instanceof RunningState) {
-            return;
-        // don't start if apache is already running
-        } elseif ($container->GetIdentifier() === self::TOP_CONTAINER && $container->GetRunningState() instanceof RunningState) {
+        $cacheKey = 'domaincheckWasStarted';
+
+        $domaincheckContainer = $this->containerDefinitionFetcher->GetContainerById($id);
+        $apacheContainer = $this->containerDefinitionFetcher->GetContainerById(self::TOP_CONTAINER);
+        // Don't start if apache is already running
+        if ($apacheContainer->GetRunningState() instanceof RunningState) {
            return;
+        // Don't start if domaincheck is already running
+        } elseif ($domaincheckContainer->GetRunningState() instanceof RunningState) {
+            $domaincheckWasStarted = apcu_fetch($cacheKey);
+            // Start domaincheck again when 10 minutes are over by not returning here
+            if($domaincheckWasStarted !== false && is_string($domaincheckWasStarted)) {
+                return;
+            }
        }

+        $this->StopDomaincheckContainer();
        $this->PerformRecursiveContainerStart($id);
+
+        // Cache the start for 10 minutes
+        apcu_add($cacheKey, '1', 600);
    }

-    private function StopDomaincheckContainer()
+    private function StopDomaincheckContainer() : void
    {
        $id = 'nextcloud-aio-domaincheck';
        $this->PerformRecursiveContainerStop($id);
--- a/php/src/Cron/BackupNotification.php
+++ b/php/src/Cron/BackupNotification.php
@@ -0,0 +1,29 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$backupExitCode = $dockerActionManger->GetBackupcontainerExitCode();
+
+if ($backupExitCode === 0) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup successful!', 'You can get further info by looking at the backup logs in the AIO interface.');
+}
+
+if ($backupExitCode > 0) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Daily backup failed!', 'You can get further info by looking at the backup logs in the AIO interface.');
+}
--- a/php/src/Cron/DailyBackup.php
+++ b/php/src/Cron/DailyBackup.php
@@ -0,0 +1,20 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Stop container and start backup
+$dockerController->startBackup();
+
+// Start apache
+$dockerController->startTopContainer();
--- a/php/src/Cron/UpdateMastercontainer.php
+++ b/php/src/Cron/UpdateMastercontainer.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+# Update the mastercontainer
+$dockerController->startWatchtower();
--- a/php/src/Cron/UpdateNotification.php
+++ b/php/src/Cron/UpdateNotification.php
@@ -22,9 +22,9 @@ $isMastercontainerUpdateAvailable = $dockerActionManger->IsMastercontainerUpdate
 $isAnyUpdateAvailable = $dockerActionManger->isAnyUpdateAvailable();

 if ($isMastercontainerUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your management interface to update it.');
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
 }

 if ($isAnyUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your management interface to update them.');
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
 }
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -46,7 +46,7 @@ class ConfigurationManager
        return $config['secrets'][$secretId];
    }

-    private function DoubleSafeBackupSecret(string $borgBackupPassword) {
+    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
        file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
    }

@@ -101,10 +101,9 @@ class ConfigurationManager
                $backupTimes[] = $backupTimesTemp[1];     
            }
        }
-        
-        if (!is_array($backupTimes)) {
-            return [];
-        }
+
+        // Reverse the array to list newest backup first
+        $backupTimes = array_reverse($backupTimes);

        return $backupTimes;
    }
@@ -117,46 +116,140 @@ class ConfigurationManager
        }
    }

+    public function isx64Platform() : bool {
+        if (php_uname('m') === 'x86_64') {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function isClamavEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isClamavEnabled']) && $config['isClamavEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetClamavEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isClamavEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
+    public function isOnlyofficeEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isOnlyofficeEnabled']) && $config['isOnlyofficeEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetOnlyofficeEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isOnlyofficeEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
+    public function isCollaboraEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isCollaboraEnabled']) && $config['isCollaboraEnabled'] === 0) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+    public function SetCollaboraEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isCollaboraEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
+    public function isTalkEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isTalkEnabled']) && $config['isTalkEnabled'] === 0) {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+    public function SetTalkEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isTalkEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
    public function SetDomain(string $domain) : void {
-        // Validate URL
-        if (!filter_var('http://' . $domain, FILTER_VALIDATE_URL)) {
-            throw new InvalidSettingConfigurationException("Domain is not in a valid format!");
+        // Validate domain
+        if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
+            throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
+        }
+
+        // Validate that it is not an IP-address
+        if(filter_var($domain, FILTER_VALIDATE_IP)) {
+            throw new InvalidSettingConfigurationException("Please enter a domain and not an IP-address!");
        }

        $dnsRecordIP = gethostbyname($domain);
+        if ($dnsRecordIP === $domain) {
+            $dnsRecordIP = '';
+        }

        // Validate IP
        if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
-            throw new InvalidSettingConfigurationException("DNS config is not set or domain is not in a valid format!");
+            throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
        }

-        $connection = @fsockopen($domain, 443, $errno, $errstr, 0.1);
+        if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+            throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
+        }
+
+        // Check if port 443 is open
+        $connection = @fsockopen($domain, 443, $errno, $errstr, 10);
        if ($connection) {
            fclose($connection);
        } else {
-            throw new InvalidSettingConfigurationException("The server is not reachable on Port 443.");
+            throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
        }

        // Get Instance ID
        $instanceID = $this->GetSecret('INSTANCE_ID');

+        // set protocol
+        $port = $this->GetApachePort();
+        if ($port !== '443') {
+            $protocol = 'https://';
+        } else {
+            $protocol = 'http://';
+        }
+
+        // Check if response is correct
        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL,'http://' . $domain . ':443');
+        $testUrl = $protocol . $domain . ':443';
+        curl_setopt($ch, CURLOPT_URL, $testUrl);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        $response = curl_exec($ch);
+        $response = (string)curl_exec($ch);
        # Get rid of trailing \n
        $response = str_replace("\n", "", $response);

-        if($response !== $instanceID) {
-            throw new InvalidSettingConfigurationException("Domain does not point to this server.");
+        if ($response !== $instanceID) {
+            error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
+            throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
        }

        // Write domain
        $config = $this->GetConfig();
        $config['domain'] = $domain;
+        // Reset the borg restore password when setting the domain
+        $config['borg_restore_password'] = '';
        $this->WriteConfig($config);
    }

@@ -200,25 +293,15 @@ class ConfigurationManager
     * @throws InvalidSettingConfigurationException
     */
    public function SetBorgBackupHostLocation(string $location) : void {
-        $allowedPrefixes = [
-            '/mnt/',
-            '/media/',
-        ];
-
        $isValidPath = false;
-        foreach($allowedPrefixes as $allowedPrefix) {
-            if(str_starts_with($location, $allowedPrefix) && !str_ends_with($location, '/')) {
-                $isValidPath = true;
-                break;
-            }
-            if ($location === '/var/backups') {
-                $isValidPath = true;
-                break;
-            }
+        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
+            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
        }

-        if(!$isValidPath) {
-            throw new InvalidSettingConfigurationException("The path must start with '/mnt/' or '/media/' or be equal to '/var/backups'.");
+        if (!$isValidPath) {
+            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
        }


@@ -227,6 +310,71 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

+        /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetBorgRestoreHostLocationAndPassword(string $location, string $password) : void {
+        if ($location === '') {
+            throw new InvalidSettingConfigurationException("Please enter a path!");
+        }
+        
+        $isValidPath = false;
+        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
+            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
+        }
+
+        if (!$isValidPath) {
+            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
+        }
+
+        if ($password === '') {
+            throw new InvalidSettingConfigurationException("Please enter the password!");
+        }
+
+        $config = $this->GetConfig();
+        $config['borg_backup_host_location'] = $location;
+        $config['borg_restore_password'] = $password;
+        $config['instance_restore_attempt'] = 1;
+        $this->WriteConfig($config);
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function ChangeMasterPassword(string $currentPassword, string $newPassword) : void {
+        if ($currentPassword === '') {
+            throw new InvalidSettingConfigurationException("Please enter your current password.");
+        }
+
+        if ($currentPassword !== $this->GetPassword()) {
+            throw new InvalidSettingConfigurationException("The entered current password is not correct.");
+        }
+
+        if ($newPassword === '') {
+            throw new InvalidSettingConfigurationException("Please enter a new password.");
+        }
+
+        if (strlen($newPassword) < 24) {
+            throw new InvalidSettingConfigurationException("New passwords must be >= 24 digits.");
+        }
+
+        if (!preg_match("#^[a-zA-Z0-9 ]+$#", $newPassword)) {
+            throw new InvalidSettingConfigurationException('Not allowed characters in the new password.');
+        }
+
+        // All checks pass so set the password
+        $this->SetPassword($newPassword);
+    }
+
+    public function GetApachePort() : string {
+        $envVariableName = 'APACHE_PORT';
+        $configName = 'apache_port';
+        $defaultValue = '443';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
@@ -237,6 +385,28 @@ class ConfigurationManager
        file_put_contents(DataConst::GetConfigFile(), json_encode($config));
    }

+    private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
+        $envVariableOutput = getenv($envVariableName);
+        if ($envVariableOutput === false) {
+            $config = $this->GetConfig();
+            if (!isset($config[$configName]) || $config[$configName] === '') {
+                $config[$configName] = $defaultValue;
+            }
+            return $config[$configName];
+        }
+        if(file_exists(DataConst::GetConfigFile())) {
+            $config = $this->GetConfig();
+            if (!isset($config[$configName])) {
+                $config[$configName] = '';
+            }
+            if ($envVariableOutput !== $config[$configName]) {
+                $config[$configName] = $envVariableOutput;
+                $this->WriteConfig($config);
+            }
+        }
+        return $envVariableOutput;
+    }
+
    public function GetBorgBackupHostLocation() : string {
        $config = $this->GetConfig();
        if(!isset($config['borg_backup_host_location'])) {
@@ -246,6 +416,27 @@ class ConfigurationManager
        return $config['borg_backup_host_location'];
    }

+    public function GetBorgRestorePassword() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['borg_restore_password'])) {
+            $config['borg_restore_password'] = '';
+        }
+
+        return $config['borg_restore_password'];
+    }
+
+    public function isInstanceRestoreAttempt() : bool {
+        $config = $this->GetConfig();
+        if(!isset($config['instance_restore_attempt'])) {
+            $config['instance_restore_attempt'] = '';
+        }
+
+        if ($config['instance_restore_attempt'] === 1) {
+            return true;
+        }
+        return false;
+    }
+
    public function GetBorgBackupMode() : string {
        $config = $this->GetConfig();
        if(!isset($config['backup-mode'])) {
@@ -254,4 +445,92 @@ class ConfigurationManager

        return $config['backup-mode'];
    }
+
+    public function GetNextcloudMount() : string {
+        $envVariableName = 'NEXTCLOUD_MOUNT';
+        $configName = 'nextcloud_mount';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetNextcloudDatadirMount() : string {
+        $envVariableName = 'NEXTCLOUD_DATADIR';
+        $configName = 'nextcloud_datadir';
+        $defaultValue = 'nextcloud_aio_nextcloud_data';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetDockerSocketPath() : string {
+        $envVariableName = 'DOCKER_SOCKET_PATH';
+        $configName = 'docker_socket_path';
+        $defaultValue = '/var/run/docker.sock';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetDailyBackupTime(string $time) : void {
+        if ($time === "") {
+            throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
+        }
+
+        if (!preg_match("#^[0-1][0-9]:[0-5][0-9]$#", $time) && !preg_match("#^2[0-3]:[0-5][0-9]$#", $time)) {
+            throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
+        }
+        
+        file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
+    }
+
+    public function GetDailyBackupTime() : string {
+        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
+            return '';
+        }
+        return file_get_contents(DataConst::GetDailyBackupTimeFile());
+    }
+
+    public function DeleteDailyBackupTime() : void {
+        if (file_exists(DataConst::GetDailyBackupTimeFile())) {
+            unlink(DataConst::GetDailyBackupTimeFile());
+        }
+    }
+
+    public function isDailyBackupRunning() : bool {
+        if (file_exists(DataConst::GetDailyBackupBlockFile())) {
+            return true;
+        }
+        return false;
+    }
+
+    public function GetTimezone() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['timezone'])) {
+            $config['timezone'] = '';
+        }
+
+        return $config['timezone'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetTimezone(string $timezone) : void {
+        if ($timezone === "") {
+            throw new InvalidSettingConfigurationException("The timezone must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z0-9_\-\/\+]+$#", $timezone)) {
+            throw new InvalidSettingConfigurationException("The entered timezone does not seem to be a valid timezone!");
+        }
+
+        $config = $this->GetConfig();
+        $config['timezone'] = $timezone;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteTimezone() : void {
+        $config = $this->GetConfig();
+        $config['timezone'] = '';
+        $this->WriteConfig($config);
+    }
 }
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -27,6 +27,14 @@ class DataConst {
        return self::GetDataDirectory() . '/backupsecret';
    }

+    public static function GetDailyBackupTimeFile() : string {
+        return self::GetDataDirectory() . '/daily_backup_time';
+    }
+
+    public static function GetDailyBackupBlockFile() : string {
+        return self::GetDataDirectory() . '/daily_backup_running';
+    }
+
    public static function GetBackupKeyFile() : string {
        return self::GetDataDirectory() . '/borg.config';
    }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -7,6 +7,8 @@ use AIO\Container\State\IContainerState;
 use AIO\Container\State\ImageDoesNotExistState;
 use AIO\Container\State\StartingState;
 use AIO\Container\State\RunningState;
+use AIO\Container\State\RestartingState;
+use AIO\Container\State\NotRestartingState;
 use AIO\Container\State\VersionDifferentState;
 use AIO\Container\State\StoppedState;
 use AIO\Container\State\VersionEqualState;
@@ -70,18 +72,46 @@ class DockerActionManager
        }
    }

+    public function GetContainerRestartingState(Container $container) : IContainerState
+    {
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->GetIdentifier())));
+        try {
+            $response = $this->guzzleClient->get($url);
+        } catch (RequestException $e) {
+            if ($e->getCode() === 404) {
+                return new ImageDoesNotExistState();
+            }
+            throw $e;
+        }
+
+        $responseBody = json_decode((string)$response->getBody(), true);
+
+        if ($responseBody['State']['Restarting'] === true) {
+            return new RestartingState();
+        } else {
+            return new NotRestartingState();
+        }
+    }
+
    public function GetContainerUpdateState(Container $container) : IContainerState
    {
        $tag = $this->GetCurrentChannel();

-        $runningDigest = $this->GetRepoDigestOfContainer($container->GetIdentifier());
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
-
-        if ($runningDigest === $remoteDigest) {
-            return new VersionEqualState();
-        } else {
+        $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
+        if ($runningDigests === null) {
            return new VersionDifferentState();
        }
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        if ($remoteDigest === null) {
+            return new VersionEqualstate();
+        }
+
+        foreach($runningDigests as $runningDigest) {
+            if ($runningDigest === $remoteDigest) {
+                return new VersionEqualState();
+            }
+        }
+        return new VersionDifferentState();
    }

    public function GetContainerStartingState(Container $container) : IContainerState
@@ -109,7 +139,7 @@ class DockerActionManager
        }
    }

-    public function DeleteContainer(Container $container) {
+    public function DeleteContainer(Container $container) : void {
        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->GetIdentifier())));
        try {
            $this->guzzleClient->delete($url);
@@ -120,12 +150,12 @@ class DockerActionManager
        }
    }

-    public function GetLogs(Container $container) : string
+    public function GetLogs(string $id) : string
    {
        $url = $this->BuildApiUrl(
            sprintf(
                'containers/%s/logs?stdout=true&stderr=true',
-                urlencode($container->GetIdentifier())
+                urlencode($id)
            ));
        $responseBody = (string)$this->guzzleClient->get($url)->getBody();

@@ -142,12 +172,12 @@ class DockerActionManager
        return $response;
    }

-    public function StartContainer(Container $container) {
+    public function StartContainer(Container $container) : void {
        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->GetIdentifier())));
        $this->guzzleClient->post($url);
    }

-    public function CreateVolumes(Container $container)
+    public function CreateVolumes(Container $container): void
    {
        $url = $this->BuildApiUrl('volumes/create');
        foreach($container->GetVolumes()->GetVolumes() as $volume) {
@@ -155,6 +185,10 @@ class DockerActionManager
                '/',
            ];

+            if ($volume->name === 'nextcloud_aio_nextcloud_datadir' || $volume->name === 'nextcloud_aio_backupdir') {
+                return;
+            }
+
            $firstChar = substr($volume->name, 0, 1);
            if(!in_array($firstChar, $forbiddenChars)) {
                $this->guzzleClient->request(
@@ -170,7 +204,7 @@ class DockerActionManager
        }
    }

-    public function CreateContainer(Container $container) {
+    public function CreateContainer(Container $container) : void {
        $volumes = [];
        foreach($container->GetVolumes()->GetVolumes() as $volume) {
            $volumeEntry = $volume->name . ':' . $volume->mountPoint;
@@ -214,6 +248,48 @@ class DockerActionManager
                    $replacements[1] = $this->configurationManager->GetAIOURL();
                } elseif ($out[1] === 'SELECTED_RESTORE_TIME') {
                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
+                } elseif ($out[1] === 'APACHE_PORT') {
+                    $replacements[1] = $this->configurationManager->GetApachePort();
+                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
+                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
+                    $replacements[1] = $this->configurationManager->GetBorgRestorePassword();
+                } elseif ($out[1] === 'CLAMAV_ENABLED') {
+                    if ($this->configurationManager->isClamavEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'ONLYOFFICE_ENABLED') {
+                    if ($this->configurationManager->isOnlyofficeEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'COLLABORA_ENABLED') {
+                    if ($this->configurationManager->isCollaboraEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'TALK_ENABLED') {
+                    if ($this->configurationManager->isTalkEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'DAILY_BACKUP_RUNNING') {
+                    if ($this->configurationManager->isDailyBackupRunning()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'TIMEZONE') {
+                    if ($this->configurationManager->GetTimezone() === '') {
+                        $replacements[1] = 'UTC';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetTimezone();
+                    }
                } else {
                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                }
@@ -248,22 +324,30 @@ class DockerActionManager
        }

        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
-        $this->guzzleClient->request(
-            'POST',
-            $url,
-            [
-                'json' => $requestBody
-            ]
-        );
+        try {
+            $this->guzzleClient->request(
+                'POST',
+                $url,
+                [
+                    'json' => $requestBody
+                ]
+            );
+        } catch (RequestException $e) {
+            throw $e;
+        }
+
    }

-    public function PullContainer(Container $container)
+    public function PullContainer(Container $container) : void
    {
        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
        try {
            $this->guzzleClient->post($url);
        } catch (RequestException $e) {
-            throw $e;
+            error_log('Could not get image ' . $this->BuildImageName($container) . ' from docker hub. Probably due to rate limits. ' . $e->getMessage());
+            // Don't exit here because it is possible that the image is already present 
+            // and we ran into docker hub limits.
+            // We will exit later if not image should be available.
        }
    }

@@ -281,10 +365,9 @@ class DockerActionManager
        return $updateAvailable;
    }

-    public function isAnyUpdateAvailable() {
+    public function isAnyUpdateAvailable() : bool {
        $id = 'nextcloud-aio-apache';

-
        if ($this->isContainerUpdateAvailable($id) !== "") {
            return true;
        } else {
@@ -292,7 +375,7 @@ class DockerActionManager
        }
    }

-    private function GetRepoDigestOfContainer(string $containerName) : ?string {
+    private function GetRepoDigestsOfContainer(string $containerName) : ?array {
        try {
            $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
@@ -301,10 +384,30 @@ class DockerActionManager
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);

-            if(isset($imageOutput['RepoDigests']) && count($imageOutput['RepoDigests']) === 1) {
-                $fullDigest = $imageOutput['RepoDigests'][0];
+            if (!isset($imageOutput['RepoDigests'])) {
+                error_log('RepoDigests is not set of container ' . $containerName);
+                return null;
+            } 

-                return substr($fullDigest, strpos($fullDigest, "@") + 1);
+            if (!is_array($imageOutput['RepoDigests'])) {
+                error_log('RepoDigests of ' . $containerName . ' is not an array which is not allowed!');
+                return null;
+            }
+
+            $repoDigestArray = [];
+            $oneDigestGiven = false;
+            foreach($imageOutput['RepoDigests'] as $repoDigest) {
+                $digestPosition = strpos($repoDigest, '@');
+                if ($digestPosition === false) {
+                    error_log('Somehow the RepoDigest of ' . $containerName . ' does not contain a @.');
+                    return null;
+                }
+                $repoDigestArray[] = substr($repoDigest, $digestPosition + 1);
+                $oneDigestGiven = true;
+            }
+
+            if ($oneDigestGiven) {
+                return $repoDigestArray;
            }

            return null;
@@ -328,8 +431,16 @@ class DockerActionManager
            $tagArray = explode(':', $output['Config']['Image']);
            $tag = $tagArray[1];
            apcu_add($cacheKey, $tag);
+            /**
+             * @psalm-suppress TypeDoesNotContainNull
+             */
+            if ($tag === null) {
+                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
+                $tag = 'latest';
+            }
            return $tag;
        } catch (\Exception $e) {
+            error_log('Could not get current channel ' . $e->getMessage());
        }

        return 'latest';
@@ -342,17 +453,24 @@ class DockerActionManager

        $tag = $this->GetCurrentChannel();

-        $runningDigest = $this->GetRepoDigestOfContainer($containerName);
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
-
-        if ($remoteDigest === $runningDigest) {
-            return false;
-        } else {
+        $runningDigests = $this->GetRepoDigestsOfContainer($containerName);
+        if ($runningDigests === null) {
            return true;
        }
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
+        if ($remoteDigest === null) {
+            return false;
+        }
+
+        foreach ($runningDigests as $runningDigest) {
+            if ($remoteDigest === $runningDigest) {
+                return false;
+            }
+        }
+        return true;
    }

-    public function sendNotification(Container $container, string $subject, string $message)
+    public function sendNotification(Container $container, string $subject, string $message) : void
    {
        if ($this->GetContainerStartingState($container) instanceof RunningState) {

@@ -398,7 +516,7 @@ class DockerActionManager
        }
    }

-    public function DisconnectContainerFromNetwork(Container $container)
+    public function DisconnectContainerFromNetwork(Container $container) : void
    {

        $url = $this->BuildApiUrl(
@@ -416,10 +534,11 @@ class DockerActionManager
                ]
            );
        } catch (RequestException $e) {
+            error_log('Could not disconnect container from network ' . $e->getMessage());
        }
    }

-    private function ConnectContainerIdToNetwork(string $id)
+    private function ConnectContainerIdToNetwork(string $id) : void
    {
        $url = $this->BuildApiUrl('networks/create');
        try {
@@ -428,9 +547,13 @@ class DockerActionManager
                $url,
                [
                    'json' => [
-                        'name' => 'nextcloud-aio',
-                        'checkDuplicate' => true,
-                        'internal' => true,
+                        'Name' => 'nextcloud-aio',
+                        'CheckDuplicate' => true,
+                        'Driver' => 'bridge',
+                        'Internal' => false,
+                        'Options' => [
+                            'com.docker.network.bridge.enable_icc' => 'true'
+                        ]
                    ]
                ]
            );
@@ -462,17 +585,17 @@ class DockerActionManager
        }
    }

-    public function ConnectMasterContainerToNetwork()
+    public function ConnectMasterContainerToNetwork() : void
    {
        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer');
    }

-    public function ConnectContainerToNetwork(Container $container)
+    public function ConnectContainerToNetwork(Container $container) : void
    {
      $this->ConnectContainerIdToNetwork($container->GetIdentifier());
    }

-    public function StopContainer(Container $container) {
+    public function StopContainer(Container $container) : void {
        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->GetIdentifier()), $container->GetMaxShutdownTime()));
        try {
            $this->guzzleClient->post($url);
@@ -506,6 +629,29 @@ class DockerActionManager
        }
    }

+    public function GetDatabasecontainerExitCode() : int
+    {
+        $containerName = 'nextcloud-aio-database';
+        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
+        try {
+            $response = $this->guzzleClient->get($url);
+        } catch (RequestException $e) {
+            if ($e->getCode() === 404) {
+                return -1;
+            }
+            throw $e;
+        }
+
+        $responseBody = json_decode((string)$response->getBody(), true);
+
+        $exitCode = $responseBody['State']['ExitCode'];
+        if (is_int($exitCode)) {
+            return $exitCode;
+        } else {
+            return -1;
+        }
+    }
+
    public function isLoginAllowed() : bool {
        $id = 'nextcloud-aio-apache';
        $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
@@ -514,4 +660,13 @@ class DockerActionManager
        }
        return true;
    }
+
+    public function isBackupContainerRunning() : bool {
+        $id = 'nextcloud-aio-borgbackup';
+        $backupContainer = $this->containerDefinitionFetcher->GetContainerById($id);
+        if ($this->GetContainerRunningState($backupContainer) instanceof RunningState) {
+            return true;
+        }
+        return false;
+    }
 }
--- a/php/src/Docker/DockerHubManager.php
+++ b/php/src/Docker/DockerHubManager.php
@@ -23,6 +23,8 @@ class DockerHubManager
            return $cachedVersion;
        }

+        // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
+
        try {
            $authTokenRequest = $this->guzzleClient->request(
                'GET',
@@ -50,8 +52,10 @@ class DockerHubManager
                }
            }

+            error_log('Could not get digest of container ' . $name . ':' . $tag);
            return null;
        } catch (\Exception $e) {
+            error_log('Could not get digest of container ' . $name . ':' . $tag . ' ' . $e->getMessage());
            return null;
        }
    }
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,63 +16,186 @@
    </header>

    <div class="content">
-        <h1>Nextcloud AIO Beta v0.4.0</h1>
-        This is beta software and not production ready.<br><br>
+        <h1>Nextcloud AIO v1.4.1</h1>

        {% set isAnyRunning = false %}
+        {% set isAnyRestarting = false %}
        {% set isWatchtowerRunning = false %}
-        {% set isBackupContainerRunning = false %}
        {% set isRestoreRunning = false %}
        {% set isBackupOrRestoreRunning = false %}
        {% set isApacheStarting = false %}

+        {% if is_backup_container_running == true %}
+            {% if borg_backup_mode == 'restore' %}
+                {% set isRestoreRunning = true %}
+            {% endif %}
+            {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
+                {% set isBackupOrRestoreRunning = true %}
+            {% endif %}
+        {% endif %}
+
        {% for container in containers %}
-            {% if class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' and container.GetIdentifier() != 'nextcloud-aio-domaincheck' and container.GetIdentifier() != 'nextcloud-aio-borgbackup' and container.GetIdentifier() != 'nextcloud-aio-watchtower' %}
+            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                {% set isAnyRunning = true %}
            {% endif %}
+            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
+                {% set isAnyRestarting = true %}
+            {% endif %}
            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                {% set isWatchtowerRunning = true %}
            {% endif %}
            {% if container.GetIdentifier() == 'nextcloud-aio-apache' and class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                {% set isApacheStarting = true %}
            {% endif %}
-            {% if container.GetIdentifier() == 'nextcloud-aio-borgbackup' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
-                {% set isBackupContainerRunning = true %}
-                {% if borg_backup_mode == 'restore' %}
-                    {% set isRestoreRunning = true %}
-                {% endif %}
-                {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
-                    {% set isBackupOrRestoreRunning = true %}
-                {% endif %}
-            {% endif %}
        {% endfor %}

-        {% if isWatchtowerRunning == true %}
-            Mastercontainer updpate currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until thats done.<br /><br />
+        {% if is_daily_backup_running == true %}
+            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
+            It will update your containers, the mastercontainer and your Nextcloud apps if the backup is successful.<br /><br />
+            {% if is_mastercontainer_update_available == true %}
+                Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            {% endif %}
+            {% if has_update_available == false %}
+                The whole process should not take more than a few minutes.<br /><br />
+            {% else %}
+                The whole process can take a while because your containers get updated.<br /><br />
+            {% endif %}
+            <a href="" class="button reload">Reload ↻</a><br/>
+        {% elseif isWatchtowerRunning == true %}
+            <span class="status running"></span> Mastercontainer update currently running. It will restart the mastercontainer soon which will make it unavailable for a moment. Please wait until that's done. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
            <a href="" class="button reload">Reload ↻</a><br/>
        {% else %}
-            {% if isBackupOrRestoreRunning == false and domain == "" %}
-                Please type in the domain that will be used for Nextcloud:<br><br />
-                <form method="POST" action="/api/configuration" class="xhr">
-                    <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
-                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                    <input class="button" type="submit" value="Submit" />
-                </form>
-                Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
-                If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. 
+            {% if is_backup_container_running == false and domain == "" %}
+                {% if is_mastercontainer_update_available == true %}
+                    <h2>Mastercontainer update</h2>
+                    ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
+                    <form method="POST" action="/api/docker/watchtower" class="xhr">
+                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                        <input class="button" type="submit" value="Update mastercontainer" />
+                    </form>
+                {% else %}
+                    {% if borg_backup_host_location == '' and borg_restore_password == '' %}
+                        Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        <h2>New AIO instance</h2>
+                        Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
+                        <form method="POST" action="/api/configuration" class="xhr">
+                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
+                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                            <input class="button" type="submit" value="Submit" />
+                        </form>
+                        Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
+                        If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
+
+                        <h2>Restore former AIO instance from backup</h2>
+                        You can alternatively restore a former AIO instance from backup.<br><br>
+                    {% endif %}
+
+                    {% if is_instance_restore_attempt == false %}
+                        {% if borg_backup_host_location != '' and borg_restore_password != '' %}
+                            {% if borg_backup_mode in ['test', 'check'] %}
+                                {% if backup_exit_code > 0 %}
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == 'test' %}
+                                        Please adjust the path and/or the password in order to make it work!<br><br>
+                                    {% elseif borg_backup_mode == 'check' %}
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html?highlight=repair#:~:text=repairing%20a%20damaged%20repository"><b>this documentation</b></a>
+                                    {% endif %}
+                                {% elseif backup_exit_code == 0 %}
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == 'test' %}
+                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
+                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Check backup integrity"/><br/>
+                                        </form>
+                                    {% endif %}
+                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!<br><br>
+                                    <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
+                                            {% for restore_time in backup_times %}
+                                                <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
+                                            {% endfor %}
+                                        </select>
+                                        <input class="button" type="submit" value="Restore selected backup"/>
+                                    </form>
+                                {% endif %}
+                            {% elseif borg_backup_mode == 'restore' %}
+                                {% if backup_exit_code > 0 %}
+                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
+                                {% endif %}
+                            {% endif %}
+                        {% endif %}
+
+                        {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
+                            Please enter the location of the backup archive on your host and the password of the backup archive below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
+                                <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="enter the borg password"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+                            An example for Linux is <b>/mnt/backup</b>.<br>
+                            For macOS it may be <b>/var/backup</b>.<br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-it-on-windows"><b>click here</b></a><br><br>
+                            ⚠️ Note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
+                        {% endif %}
+                    {% else %}
+                        <b>Everything set!</b> Click on the button below to test the path and password:<br/><br/>
+                        <form method="POST" action="/api/docker/backup-test" class="xhr">
+                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                            <input class="button" type="submit" value="Test path and password"/><br/>
+                        </form>
+                    {% endif %}
+                {% endif %}
+            {% endif %}
+
+            {% if domain != "" and was_start_button_clicked == true %}
+                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+            {% endif %}
+
+            {% if is_backup_container_running == true %}
+                <span class="status running"></span> Backup container is currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                <a href="" class="button reload">Reload ↻</a><br/><br>
            {% endif %}

            {% if domain != "" %}
-
                {% if isAnyRunning == true %}
                    {% if isApacheStarting != true %}
-                        Initial Nextcloud username: admin<br />
-                        Initial Nextcloud password: {{ nextcloud_password }}<br /><br/>
+                        {% if borg_backup_host_location != '' %}
+                            <details>
+                            <summary>Click here to reveal the initial Nextcloud credentials</summary><br />
+                        {% endif %}
+                                Initial Nextcloud username: <b>admin</b><br />
+                                Initial Nextcloud password: 
+                        {% if borg_backup_host_location != '' %}
+                            {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
+                            <b>{{ nextcloud_password }}</b></details><br /><br />
+                        {% else %}
+                            <b>{{ nextcloud_password }}</b><br><br>
+                        {% endif %}
                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/>
                    {% else %}
-                        Containers are currently starting.<br /><br />
-                        <a href="" class="button reload">Reload ↻</a><br/>
+                        {% if isAnyRestarting == false %}
+                            <span class="status running"></span> Containers are currently starting.<br /><br />
+                            <a href="" class="button reload">Reload ↻</a><br/><br>
+                        {% else %}
+                            It seems like at least one container is currently restarting which means it is not able to start correctly.<br><br>
+                            To break out this endless loop, you can stop the containers below and investigate the issue by having a look at the container logs before starting them again.<br><br>
+                            <form method="POST" action="/api/docker/stop" class="xhr">
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Stop containers" />
+                            </form>
+                        {% endif %}
                    {% endif %}
                {% endif %}

@@ -81,7 +204,7 @@
                    <ul>
                        {# @var containers \AIO\Container\Container[] #}
                        {% for container in containers %}
-                            {% if container.GetIdentifier() != 'nextcloud-aio-borgbackup' and container.GetIdentifier() != 'nextcloud-aio-watchtower' and container.GetIdentifier() != 'nextcloud-aio-domaincheck' %}
+                            {% if container.GetIdentifier() not in ['nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower', 'nextcloud-aio-domaincheck'] %}
                                <li>
                                    {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                        <span class="status running"></span>
@@ -99,18 +222,28 @@
                    </ul>

                    {% if has_update_available == true %}
-                        ⚠ Container updates are available. Click on `Stop Containers` and `Start Containers` to update them. You should consider creating a backup first. The mastercontainer gets updated with a different procedure though and has its own update button which is visible if an update is available.<br><br>
+                        {% if is_mastercontainer_update_available == false %}
+                            ⚠️ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
+                        {% endif %}
                    {% else %}
                        {% if is_mastercontainer_update_available == false %}
                            Your containers are up-to-date.<br><br>
-                        {% else %}
-                            Your containers are up-to-date. (Except the mastercontainer. See the section below.)<br><br>
                        {% endif %}
                    {% endif %}
                {% endif %}

                {% if isAnyRunning == true %}
                    {% if isApacheStarting != true %}
+                        {% if is_mastercontainer_update_available == true %}
+                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
+                            {% if current_channel starts with 'latest' %}
+                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><b>here</b></a><br><br>
+                            {% elseif current_channel starts with 'beta' %}
+                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases"><b>here</b></a><br><br>
+                            {% elseif current_channel starts with 'develop' %}
+                                You can find all changes <a href="https://github.com/nextcloud-releases/all-in-one/commits/main"><b>here</b></a><br><br>
+                            {% endif %}
+                        {% endif %}
                        <form method="POST" action="/api/docker/stop" class="xhr">
                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -126,72 +259,78 @@
                        {% if was_start_button_clicked == false %}
                            Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
                        {% endif %}
-                        {% if was_start_button_clicked == false or has_update_available == false %}
-                            <form method="POST" action="/api/docker/start" class="xhr">
+                        {% if is_mastercontainer_update_available == true %}
+                            ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>
+                            <form method="POST" action="/api/docker/watchtower" class="xhr">
                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Start containers" />
+                                <input class="button" type="submit" value="Update mastercontainer" />
                            </form>
                        {% else %}
-                            <form method="POST" action="/api/docker/start" class="xhr">
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
-                            </form>
+                            {% if was_start_button_clicked == false or has_update_available == false %}
+                                <form method="POST" action="/api/docker/start" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input class="button" type="submit" value="Start containers" />
+                                </form>
+                            {% else %}
+                                <form method="POST" action="/api/docker/start" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input class="button " type="submit" value="Start and update containers" onclick="return confirm('Start and update containers? You should consider creating a backup first.')" />
+                                </form>
+                            {% endif %}
                        {% endif %}
                    {% endif %}
                {% endif %}

-                {% if is_mastercontainer_update_available == true %}
-                    {% if isBackupOrRestoreRunning == false %}
-                        <h2>Mastercontainer update</h2>
-
-                        ⚠ A mastercontainer update is available. Please click on the button below to update it. All other containers get updated independently from the mastercontainer by simply clicking on `Stop containers` and clicking on `Start containers` if a new update is available.<br><br>
-                        <form method="POST" action="/api/docker/watchtower" class="xhr">
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Update mastercontainer" />
-                        </form>
-                    {% endif %}
-                {% endif %}
-
                {% if was_start_button_clicked == true %}
-                    

-                    {% if isBackupOrRestoreRunning == false and borg_backup_host_location == "" and isApacheStarting != true %}
+                    {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
                        <h2>Backup and restore</h2>
                        Please type in the directory where backups will get created on the host system:<br><br>
                        <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" name="borg_backup_host_location" value="/mnt/backup" placeholder="/mnt/backup"/>
+                            <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                            <input class="button" type="submit" value="Submit" />
                        </form>
-                        The folder path that you enter must start with <b>/mnt/</b> or <b>/media/</b> or be equal to <b>/var/backups</b>. So e.g. <b>/mnt/backup</b> or <b>/var/backups</b>
+                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+                            An example for Linux is <b>/mnt/backup</b>.<br>
+                            For macOS it may be <b>/var/backup</b>.<br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-it-on-windows"><b>click here</b></a><br><br>
                    {% endif %}

                    {% if borg_backup_host_location != "" %}
-                        <h2>Backup and restore</h2>
-                        {% if isBackupContainerRunning == false %}
+                        {% if is_backup_container_running == false %}
+                            <h2>Backup and restore</h2>
                            {% if backup_exit_code > 0 %}
                                <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                            {% elseif backup_exit_code == 0 %}
                                {% if borg_backup_mode == "backup" %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }}! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                {% else %}
                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                {% endif %}
                            {% endif %}
                        {% endif %}

-                        {% if isBackupContainerRunning == false %}
-                            This is your encryption password for backups: {{ borgbackup_password }} <br /><br/>
+                        {% if is_backup_container_running == false and isApacheStarting == false %}
+                            {% if has_backup_run_once == true %}
+                                <details>
+                                <summary>Click here to reveal all backup options</summary><br />
+                            {% endif %}
+                            <h3>Backup information</h3>
+                            This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
                            Please save it at a safe place since you won't be able to restore from backup if you loose this password! <br /><br/>
                            Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                            The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup">BorgBackup<a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
-                            Backups get created in the following directory on the host: {{ borg_backup_host_location }}/borg <br /><br/>
+                            The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                            Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
+                            Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.

                            {% if isApacheStarting != true %}
+                                <h3>Backup creation</h3>
+                                Clicking on the button below will create a backup.<br><br/>
                                <form method="POST" action="/api/docker/backup" class="xhr">
                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -199,6 +338,7 @@
                                </form>

                                {% if has_backup_run_once == true %}
+                                    <h3>Backup check</h3>
                                    Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it should't be needed in most situtations.<br><br/>
                                    <form method="POST" action="/api/docker/backup-check" class="xhr">
                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -206,45 +346,140 @@
                                        <input class="button" type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" /><br/>
                                    </form>

+                                    <h3>Backup restore</h3>
                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations.<br><br>
                                    <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                        <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
                                            {% for restore_time in backup_times %}
-                                                <option value="{{ restore_time }}">{{ restore_time }}</option>
+                                                <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
                                            {% endfor %}
                                        </select>
                                        <input class="button" type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
                                    </form>
+
+                                    <h3>Daily backup and automatic updates</h3>
+                                    {% if daily_backup_time == "" %}
+                                        By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC.<br><br/>
+                                        <form method="POST" action="/api/configuration" class="xhr">
+                                            <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Submit" />
+                                        </form>
+                                        This option will also automatically update your containers, the mastercontainer and your Nextcloud apps and will send a notification about the result of the backup.<br><br/>
+                                    {% else %}
+                                        Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup and automatic updates of your containers, the mastercontainer and your Nextcloud apps. You can disable this option again by clicking on the button below.<br><br/>
+                                        <form method="POST" action="/api/configuration" class="xhr">
+                                            <input type="hidden" name="delete_daily_backup_time" value="yes"/>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Disable daily backups" />
+                                        </form>
+                                    {% endif %}
                                {% endif %}
                            {% endif %}
+                            {% if has_backup_run_once == false %}
+                                <br /><br />
+                            {% else %}
+                                </details><br /><br />
+                            {% endif %}
+                        {% endif %}
+                    {% endif %}

+                    {% if is_backup_container_running == false %}
+                        {% if isApacheStarting == false %} 
+                            <h2>AIO password change</h2>
+                            You can change your AIO password below:<br><br />
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
+                                <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br><br>
+                        {% endif %}
+                    {% endif %}
+                {% endif %}
+                {% if is_backup_container_running == false %}
+                    <h2>Optional addons</h2>
+                    In this section you can enable or disable optional addons.<br><br>
+                    {% if isAnyRunning == true %}
+                        <b>Note:</b> You can enable or disable them when your containers are stopped.<br><br>
+                    {% endif %}
+                    <form id="options-form" method="POST" action="/api/configuration" class="xhr">
+                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                        <input type="hidden" name="options-form" value="options-form">
+                        {% if is_clamav_enabled == true %}
+                            <input type="checkbox" id="clamav" name="clamav" checked="checked"><label for="clamav">ClamAV (only supported on x64, needs ~1GB additional RAM)</label><br>
                        {% else %}
-                            <span class="status running"></span> Backup container currently running. (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                            <a href="" class="button reload">Reload ↻</a><br/>
+                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (only supported on x64, needs ~1GB additional RAM)</label><br>
+                        {% endif %}
+                        {% if is_collabora_enabled == true %}
+                            <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label><br>
+                        {% else %}
+                            <input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label><br>
+                        {% endif %}
+                        {% if is_talk_enabled == true %}
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                        {% else %}
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                        {% endif %}
+                        {% if is_onlyoffice_enabled == true %}
+                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
+                        {% else %}
+                            <input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
+                        {% endif %}
+                        <input id="options-form-submit" class="button" type="submit" value="Save changes" />
+                    </form>
+                    <b>System requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV, at least 3GB RAM are required.<br><br>
+                    {% if isAnyRunning == true or is_x64_platform == false %}
+                        <script type="text/javascript" src="disable-clamav.js"></script>
+                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
+                    {% endif %}
+                    {% if isAnyRunning == true %}
+                        <script type="text/javascript" src="disable-talk.js"></script>
+                        <script type="text/javascript" src="disable-collabora.js"></script>
+                    {% endif %}
+
+                    <h2>Timezone change</h2>
+                    {% if isAnyRunning == true %}
+                        {% if timezone != "" %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>.<br><br>
+                        {% endif %}
+                        <b>Note:</b> You can change the timezone when your containers are stopped.<br><br>
+                    {% else %}
+                        {% if timezone == "" %}
+                            In order to get the correct time values for certain Nextcloud features, it makes sense to set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
+                            You can configure the timezone for Nextcloud below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="timezone" placeholder="Europe/Berlin" />
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
+                        {% else %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="hidden" name="delete_timezone" value="yes"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Reset the timezone" />
+                            </form>
                        {% endif %}
                    {% endif %}
                {% endif %}
            {% endif %}
        {% endif %}

-    {% if isApacheStarting == true or isBackupContainerRunning == true or isWatchtowerRunning == true %}
-        <script>
-            if (document.hasFocus()) {
-                // hide reload button if the site reloads automatically
-                var list = document.getElementsByClassName("reload button");
-                for (var i = 0; i < list.length; i++) {
-                    // list[i] is a node with the desired class name
-                    list[i].style.display = 'none';
-                }
-
-                // set timeout for reload
-                setTimeout(function(){
-                window.location.reload(1);
-                }, 5000);
-            }
-        </script>
+    {% if isApacheStarting == true or is_backup_container_running == true or isWatchtowerRunning == true or is_daily_backup_running == true %}
+        <script type="text/javascript" src="automatic_reload.js"></script>
+    {% else %}
+        <script type="text/javascript" src="before-unload.js"></script>
    {% endif %}

    </div>
--- a/php/templates/layout.twig
+++ b/php/templates/layout.twig
@@ -4,6 +4,7 @@
        <link rel="stylesheet" href="/style.css" media="all" />
        <link rel="icon" href="/img/favicon.png">
        <script type="text/javascript" src="forms.js"></script>
+        <script type="text/javascript" src="options-form-submit.js"></script>
    </head>

    <body>
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -1,23 +1,23 @@
-{% extends "layout.twig" %}
-
-{% block body %}
-    <div class="login-wrapper">
-        <div class="login">
-            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Nextcloud AIO Login</h1>
-            {% if is_login_allowed == true %}
-                <p>Log in using your Nextcloud AIO password.</p>
-                <form method="POST" action="/api/auth/login">
-                    <input type="text" name="password" placeholder="Password" />
-                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                    <input type="submit" class="button" value="Login" />
-                </form>
-            {% else %}
-                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
-                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
-            {% endif %}
-        </div>
-    </div>
-{% endblock %}
-
+{% extends "layout.twig" %}
+
+{% block body %}
+    <div class="login-wrapper">
+        <div class="login">
+            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
+            <h1>Nextcloud AIO Login</h1>
+            {% if is_login_allowed == true %}
+                <p>Log in using your Nextcloud AIO password:</p>
+                <form method="POST" action="/api/auth/login">
+                    <input type="text" autocomplete="off" name="password" placeholder="Password" />
+                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                    <input type="submit" class="button" value="Login" />
+                </form>
+            {% else %}
+                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
+                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
+            {% endif %}
+        </div>
+    </div>
+{% endblock %}
+
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -4,9 +4,9 @@
    <div class="login-wrapper">
        <div class="login">
            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Your password for Nextcloud AIO Beta</h1>
-            <p>Please note down the password to access the AIO interface and don't loose it!</p>
+            <h1>Nextcloud AIO setup</h1>
            <p>Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>Please note down the password to access the AIO interface and don't loose it!</p>
            <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
            <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
        </div>
--- a/readme.md
+++ b/readme.md
@@ -1,8 +1,4 @@
-# Nextcloud All In One Beta
-This is beta software and not production ready.
-But feel free to use it at your own risk!
-We expect there to be rough edges and potentially serious bugs.
-
+# Nextcloud All In One
 Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance. 

 Included are:
@@ -11,30 +7,18 @@ Included are:
 - High performance backend for Nextcloud Files
 - High performance backend for Nextcloud Talk
 - Backup solution (based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup))
-
-**Found a bug?** Please file an issue at https://github.com/nextcloud/all-in-one
+- OnlyOffice
+- ClamAV

 ## How to use this?
+The following instructions are especially meant for Linux. For macOS see [this](#how-to-run-it-on-macos), for Windows see [this](#how-to-run-it-on-windows).
 1. Install Docker on your Linux installation using:
    ```
    curl -fsSL get.docker.com | sudo sh
    ```
-2. Make sure to pull the latest image:
-    ```
-    # For x64 CPUs:
-    sudo docker pull nextcloud/all-in-one:latest
-    ```
-    <details>
-    <summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>

-    ```
-    # For arm64 CPUs:
-    sudo docker pull nextcloud/all-in-one:latest-arm64
-    ```
-
-    </details>
-
-3. Run the following command in order to start the container:
+2. Run the command below in order to start the container:<br><br>
+    (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
    ```
    # For x64 CPUs:
    sudo docker run -it \
@@ -65,30 +49,69 @@ Included are:

    </details>

-4. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
-E.g. https://internal.ip.of.this.server:8080<br>
-If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:<br>
-https://your-domain-that-points-to-this-server.tld:8443
+3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
+E.g. `https://ip.address.of.this.server:8080`<br><br>
+If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
+`https://your-domain-that-points-to-this-server.tld:8443`
+4. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!

 ## FAQ
 ### How does it work?
-Nextcloud AIO is inspired by projects like Portainer that allow to manage the docker daemon by talking to the docker socket directly. This concept allows to install only one container with a single command that does the heavy lifting of creating and managing all containers that are needed in order to provide a Nextcloud installation with most features included. It also makes updating a breeze and is not bound to the host system (and its slow updates) anymore as everything is in containers. Additionally, it is very easy to handle from a user perspective because a simple interface for managing your Nextcloud AIO installation is provided.
+Nextcloud AIO is inspired by projects like Portainer that manage the docker daemon by talking to it through the docker socket directly. This concept allows a user to install only one container with a single command that does the heavy lifting of creating and managing all containers that are needed in order to provide a Nextcloud installation with most features included. It also makes updating a breeze and is not bound to the host system (and its slow updates) anymore as everything is in containers. Additionally, it is very easy to handle from a user perspective because a simple interface for managing your Nextcloud AIO installation is provided.

 ### Are reverse proxies supported?
-Reverse proxies are currently because of the above mentioned architecture not supported.<br>
-You might investigate yourself though how it could made work behind reverse proxies. If you open a PR with that we might consider it then :)
+Yes. Please refer to the following documentation on this: [reverse-proxy.md](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)

-### Which ports are mandatory to be open?
-Only those (if you acces the Mastercontainer Interface internally via port 8080):
- `443/TCP` for the Nextcloud container
- `3478/TCP` and `3478/UPD` for the Talk container
+### Which ports are mandatory to be open in your firewall/router?
+Only those (if you access the Mastercontainer Interface internally via port 8080):
+- `443/TCP` for the Apache container
+- `3478/TCP` and `3478/UDP` for the Talk container

 ### Explanation of used ports:
- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://internal.ip.address:8080/`)
+- `8080/TCP`: Mastercontainer Interface with self-signed certificate (works always, also if only access via IP-address is possible, e.g. `https://ip.address.of.this.server:8080/`)
 - `80/TCP`: redirects to Nextcloud (is used for getting the certificate via ACME http-challenge for the Mastercontainer)
- `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
- `443/TCP`: will be used by the Nextcloud container later on and needs to be open
- `3478/TCP` and `3478/UPD`: will be used by the Turnserver inside the Talk container and needs to be open
+- `8443/TCP`: Mastercontainer Interface with valid certificate (only works if port 80 and 8443 are open in your firewall/router and you point a domain to your server. It generates a valid certificate then automatically and access via e.g. `https://public.domain.com:8443/` is possible.)
+- `443/TCP`: will be used by the Apache container later on and needs to be open in your firewall/router
+- `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open in your firewall/router
+
+### How to run it on macOS?
+On macOS, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). You also need to add `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"`to the startup command. Apart from that it should work and behave the same like on Linux.
+
+### How to run it on Windows?
+On Windows, the following command should work in the command prompt after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):
+
+```
+docker run -it ^
+--name nextcloud-aio-mastercontainer ^
+--restart always ^
+-p 80:80 ^
+-p 8080:8080 ^
+-p 8443:8443 ^
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
+--volume //var/run/docker.sock:/var/run/docker.sock:ro ^
+nextcloud/all-in-one:latest
+```
+
+**Please note:** In order to make the built-in backup solution able to back up to the host system, you need to create a volume with the name `nextcloud_aio_backupdir` beforehand:
+```
+docker volume create ^
+--driver local ^
+--name nextcloud_aio_backupdir ^
+-o device="/host_mnt/c/your/backup/path" ^
+-o type="none" ^
+-o o="bind"
+```
+(The value `/host_mnt/c/your/backup/path` in this example would be equivalent to `C:\your\backup\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+
+### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
+It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
+```
+sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
+sudo systemctl restart firewalld docker
+```
+Afterwards it should work.<br>
+
+See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it

 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
@@ -96,6 +119,12 @@ Simply run the following: `sudo docker exec -it nextcloud-aio-nextcloud php occ
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
 Simply run the following command: `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements

+### Update policy
+This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.
+
+### How to switch the channel?
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. For the beta channel on x64 you need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa. For arm64 it is `nextcloud/all-in-one:latest-arm64` and `nextcloud/all-in-one:beta-arm64`, respectively.
+
 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 

@@ -104,20 +133,233 @@ If a new `Mastercontainer` update was found, you'll see an additional section be
 Additionally, there is a cronjob that runs once a day that checks for container and mastercontainer updates and sends a notification to all Nextcloud admins if a new update was found.

 ### How to easily log in to the AIO interface?
-If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. 
+If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.
+
+### How to properly reset the instance?
+If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.
+
+**Please note**: if you already have it running and have data on your instance, you should not follow these instructions as it will delete all data that is coupled to your AIO instance.
+
+Here is how to reset the AIO instance properly:
+1. Stop all containers if they are running from the AIO interface
+1. Stop the mastercontainer with `sudo docker stop nextcloud-aio-mastercontainer`
+1. If the domaincheck container is still running, stop it with `sudo docker stop nextcloud-aio-domaincheck`
+1. Check which containers are stopped: `sudo docker ps --filter "status=exited"`
+1. Now remove all these stopped containers with `sudo docker container prune`
+1. Delete the docker network with `sudo docker network rm nextcloud-aio`
+1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
+1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`)
+1. Optional: You can remove all docker images with `sudo docker image prune -a`.
+1. And you are done! Now feel free to start over with the recommended docker run command!

 ### Backup solution
-Nextcloud AIO provides a local backup solution based on BorgBackup. These backups act as a local restore point in case the installation gets corrupted. 
+Nextcloud AIO provides a local backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a local restore point in case the installation gets corrupted. 

 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 

 If you connect an external drive to your host, and choose the backup directory to be on that drive, you are also kind of save against drive failures of the drive where the docker volumes are stored on. 

-Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore last backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 
+<details>
+<summary>How to do the above step for step</summary>
+
+<br>
+
+1. Mount an external/backup HDD to the host OS using the built-in functionality or udev rules or whatever way you prefer. (E.g. follow this video: https://www.youtube.com/watch?v=2lSyX4D3v_s) and mount the drive in best case in `/mnt/backup`.
+2. If not already done, fire up the docker container and set up Nextcloud as per the guide.
+3. Now open the AIO interface.
+4. Under backup section, add your external disk mountpoint as backup directory, e.g. `/mnt/backup`.
+5. Click on `Create Backup` which should create the first backup on the external disk.
+
+</details>
+
+Backups can be created and restored in the AIO interface using the buttons `Create Backup` and `Restore selected backup`. Additionally, a backup check is provided that checks the integrity of your backups but it shouldn't be needed in most situations. 

 The backups itself get encrypted with an encryption key that gets shown to you in the AIO interface. Please save that at a safe place as you will not be able to restore from backup without this key.

-Note that this implementation does not provide remote backups, for this you can use the [backup app](https://apps.nextcloud.com/apps/backup). 
+Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
+
+Note that this implementation does not provide remote backups, for this you can use the [backup app](https://apps.nextcloud.com/apps/backup).
+
+---
+
+#### Failure of the backup container in LXC containers
+If you are running AIO in a LXC container, you need to make sure that FUSE is enabled in the LXC container settings. Otherwise the backup container will not be able to start as FUSE is required for it to work.
+
+---
+
+#### Pro-tip: Backup archives access
+You can open the BorgBackup archives on your host by following these steps:<br>
+(instructions for Ubuntu Desktop)
+```bash
+# Install borgbackup on the host
+sudo apt update && sudo apt install borgbackup
+
+# Mount the archives to /tmp/borg (if you are using the default backup location /mnt/backup/borg)
+sudo mkdir -p /tmp/borg && sudo borg mount "/mnt/backup/borg" /tmp/borg
+
+# After entering your repository key successfully, you should be able to access all archives in /tmp/borg
+# You can now do whatever you want by syncing them to a different place using rsync or doing other things
+# E.g. you can open the file manager on that location by running:
+xhost +si:localuser:root && sudo nautilus /tmp/borg
+
+# When you are done, simply close the file manager and run the following command to unmount the backup archives:
+sudo umount /tmp/borg
+```
+
+---
+
+#### Delete backup archives manually
+You can delete BorgBackup archives on your host manually by following these steps:<br>
+(instructions for Debian based OS' like Ubuntu)
+```bash
+# Install borgbackup on the host
+sudo apt update && sudo apt install borgbackup
+
+# List all archives (if you are using the default backup location /mnt/backup/borg)
+sudo borg list "/mnt/backup/borg"
+
+# After entering your repository key successfully, you should now see a list of all backup archives
+# An example backup archive might be called 20220223_174237-nextcloud-aio
+# Then you can simply delete the archive with:
+sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud-aio"
+```
+
+After doing so, make sure to update the backup archives list in the AIO interface!<br>
+You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
+
+---
+
+#### Sync the backup regularly to another drive
+For increased backup security, you might consider syncing the backup repository regularly to another drive.
+
+To do that, first add the drive to `/etc/fstab` so that it is able to get automatically mounted and then create a script that does all the things automatically. Here is an example for such a script:
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Please modify all variables below to your needings:
+SOURCE_DIRECTORY="/mnt/backup/borg"
+DRIVE_MOUNTPOINT="/mnt/backup-drive"
+TARGET_DIRECTORY="/mnt/backup-drive/borg"
+
+########################################
+# Please do NOT modify anything below! #
+########################################
+
+if [ "$EUID" -ne 0 ]; then 
+    echo "Please run as root"
+    exit 1
+fi
+
+if ! [ -d "$SOURCE_DIRECTORY" ]; then
+    echo "The source directory does not exist."
+    exit 1
+fi
+
+if [ -z "$(ls -A "$SOURCE_DIRECTORY/")" ]; then
+    echo "The source directory is empty which is not allowed."
+    exit 1
+fi
+
+if ! [ -d "$DRIVE_MOUNTPOINT" ]; then
+    echo "The drive mountpoint must be an existing directory"
+    exit 1
+fi
+
+if ! grep -q " $DRIVE_MOUNTPOINT " /etc/fstab; then
+    echo "Could not find the drive mountpoint in the fstab file. Did you add it there?"
+    exit 1
+fi
+
+if ! mountpoint -q "$DRIVE_MOUNTPOINT"; then
+    mount "$DRIVE_MOUNTPOINT"
+    if ! mountpoint -q "$DRIVE_MOUNTPOINT"; then
+        echo "Could not mount the drive. Is it connected?"
+        exit 1
+    fi
+fi
+
+if [ -f "$SOURCE_DIRECTORY/lock.roster" ]; then
+    echo "Cannot run the script as the backup archive is currently changed. Please try again later."
+    exit 1
+fi
+
+mkdir -p "$TARGET_DIRECTORY"
+if ! [ -d "$TARGET_DIRECTORY" ]; then
+    echo "Could not create target directory"
+    exit 1
+fi
+
+if ! rsync --stats --archive --human-readable --delete "$SOURCE_DIRECTORY/" "$TARGET_DIRECTORY"; then
+    echo "Failed to sync the backup repository to the target directory."
+    exit 1
+fi
+
+umount "$DRIVE_MOUNTPOINT"
+
+if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then
+    docker exec -it nextcloud-aio-nextcloud bash /notify.sh "Rsync backup successful!" "Synced the backup repository successfully."
+else
+    echo "Synced the backup repository successfully."
+fi
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `backup-script.sh` e.g. here: `/root/backup-script.sh`. Do not forget to modify the variables to your requirements!
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/backup-script.sh` and `sudo chmod 700 /root/backup-script.sh`. Then you can create a cronjob that runs e.g. at `20:00` each week on Sundays like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+
+⚠️ **Attention:** Make sure that the execution of the script does not collide with the daily backups from AIO (if configured) since the target backup repository might get into an inconsistent state. (There is no check in place that checks this.)
+
+### How to change the default location of Nextcloud's Datadir?
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+
+- An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
+- On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
+- For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
+- On Windows it must be `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. In order to use this, you need to create the `nextcloud_aio_nextcloud_datadir` volume beforehand:
+    ```
+    docker volume create ^
+    --driver local ^
+    --name nextcloud_aio_nextcloud_datadir ^
+    -o device="/host_mnt/c/your/data/path" ^
+    -o type="none" ^
+    -o o="bind"
+    ```
+    (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+
+⚠️ Please make sure to apply the correct permissions to the chosen directory before starting Nextcloud the first time (not needed on Windows). 
+
+- In this example for Linux, the command for this would be `sudo chown -R 33:0 /mnt/ncdata` and `sudo chmod -R 750 /mnt/ncdata`. 
+- On macOS, the command for this would be `sudo chown -R 33:0 /var/nextcloud-data` and `sudo chmod -R 750 /var/nextcloud-data`.
+- For Synology, the command for this example would be `sudo chown -R 33:0 /volume1/docker/nextcloud/data` and `sudo chmod -R 750 /volume1/docker/nextcloud/data`
+- On Windows, this command is not needed.
+
+⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards!
+
+### How to allow the Nextcloud container to access directories on the host?
+By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+
+- Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
+- For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
+- On Windows is this option not supported.
+
+After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. 
+
+You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
+
+Be aware though that these locations will not be covered by the built-in backup solution!
+
+### How to run this with docker rootless?
+You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)

 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
@@ -125,7 +367,7 @@ When your containers run for a few days without a restart, the container logs th
 ### Access/Edit Nextcloud files/folders manually
 The files and folders that you add to Nextcloud are by default stored in the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/` on the host. If needed, you can modify/add/delete files/folders there but **ATTENTION**: be very careful when doing so because you might corrupt your AIO installation! Best is to create a backup using the built-in backup solution before editing/changing files/folders in there because you will then be able to restore your instance to the backed up state.

-After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all`.
+After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all`.

 ### How to store the files/installation on a separate drive?
 You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
@@ -134,6 +376,9 @@ You can move the whole docker library and all its files including all Nextcloud
 ### How to edit Nextclouds config.php file with a texteditor?
 You can edit Nextclouds config.php file directly from the host with your favorite text editor. E.g. like this: `sudo nano /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php`. Make sure to not break the file though which might corrupt your Nextcloud instance otherwise. In best case, create a backup using the built-in backup solution before editing the file.

+### Custom skeleton directory
+If you want to define a custom skeleton directory, you can do so by putting your skeleton files into `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton/`, applying the correct permissions with `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton` and and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and setting the skeleton directory option with `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)
+
 ### LDAP
 It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/osixia/openldap/. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. **Pro-tip**: You will probably find this app useful: https://apps.nextcloud.com/apps/ldap_write_support

--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -0,0 +1,309 @@
+# Reverse Proxy Documentation
+
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 3](#3-optional-get-a-valid-certificate-for-the-aio-interface). 
+
+In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
+
+**Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps:
+1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
+1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
+- Optional: get a valid certificate for the AIO interface! See [point 3](#3-optional-get-a-valid-certificate-for-the-aio-interface)
+- How to debug things? See [point 4](#4-how-to-debug-things)
+
+## 1. Add this to your reverse proxy config
+
+**Please note:** Since the Apache container gets spawned by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!
+
+### Apache
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+Add this as a new Apache site config:
+
+(The config below assumse that you are using certbot to get your certificates. You need to create them first in order to make it work.)
+
+```
+<VirtualHost *:80>
+    ServerName <your-nc-domain>
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+    RewriteCond %{SERVER_NAME} =<your-nc-domain>
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName <your-nc-domain>
+
+    # Reverse proxy
+    RewriteEngine On
+    ProxyPreserveHost On
+    RewriteCond %{HTTP:Upgrade} websocket [NC]
+    RewriteCond %{HTTP:Connection} upgrade [NC]
+    RewriteRule .* "ws://localhost:11000/$1" [P,L]
+    ProxyPass / http://localhost:11000/
+    ProxyPassReverse / http://localhost:11000/
+
+    # Enable h2, h2c and http1.1
+    Protocols h2 h2c http/1.1
+
+    # SSL
+    SSLEngine on
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/<your-nc-domain>/privkey.pem
+
+    # Disable HTTP TRACE method.
+    TraceEnable off
+    <Files ".ht*">
+        Require all denied
+    </Files>
+</VirtualHost>
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+To make the config work you can run the following command:
+`sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
+
+</details>
+
+### Caddy (Recommended)
+
+<details>
+
+<summary>click here to expand</summary>
+
+Add this to your Caddyfile:
+
+```
+https://<your-nc-domain>:443 {
+    reverse_proxy localhost:11000
+}
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
+### Nginx
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** the config below is not working 100% correctly, yet. See e.g. https://github.com/nextcloud/all-in-one/issues/450, https://github.com/nextcloud/all-in-one/issues/447 and https://github.com/nextcloud/all-in-one/issues/491. Improvements to it are very welcome!
+
+Add this to you nginx config:
+
+```
+location / {
+        proxy_pass http://localhost:11000;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 0;
+
+        # Websocket
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
+### Nginx-Proxy
+
+<details>
+
+<summary>click here to expand</summary>
+
+Unfortunately it is not possible to configure nginx-proxy in a way that works because it completely relies on environmental variables of the docker containers itself. Providing these variables does not work as stated above.
+
+If you really want to use AIO, we recommend you to switch to caddy. It is simply amazing!<br>
+Of course understandable if that is not possible for you.
+
+Apart from that, there is this: [manual-install](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
+
+</details>
+
+### Nginx-Proxy-Manager
+
+<details>
+
+<summary>click here to expand</summary>
+
+See these screenshots for a working config:
+
+![image](https://user-images.githubusercontent.com/75573284/169556183-2999a733-de42-4008-af09-d4151719a474.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169555356-71f32be5-99b5-43ea-8aa7-632c8ef8fad3.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169557664-52db8713-f0ef-42ac-a161-de40280232a3.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169555441-dd9a42f5-aea5-4082-8e26-7adcfa4e6cfa.png)
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
+### Traefik 2
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+1. Add a `nextcloud.toml` to the Treafik rules folder with the following content:
+
+    ```toml
+    [http.routers]
+        [http.routers.nc-rtr]
+            entryPoints = ["https"]
+            rule = "Host(<your-nc-domain>)"
+            service = "nc-svc"
+            middlewares = ["chain-no-auth"]
+            [http.routers.nc-rtr.tls]
+                certresolver = "le"
+
+    [http.services]
+        [http.services.nc-svc]
+            [http.services.nc-svc.loadBalancer]
+                passHostHeader = true
+                [[http.services.nc-svc.loadBalancer.servers]]
+                    url = "http://localhost:11000"
+    ```
+
+2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content:
+
+    ```toml
+    [http.middlewares.nc-middlewares-secure-headers]
+        [http.middlewares.nc-middlewares-secure-headers.headers]
+            hostsProxyHeaders = ["X-Forwarded-Host"]
+            sslRedirect = true
+            referrerPolicy = "same-origin"
+            X-Robots-Tag = "none"
+    ```
+
+3. Add to the bottom of the `middleware-chains.toml` file in the Traefik rules folder the following content:
+
+    ```toml
+    [http.middlewares.chain-nc]
+        [http.middlewares.chain-nc.chain]
+            middlewares = [ "middlewares-rate-limit", "nc-middlewares-secure-headers"]
+    ```
+
+---
+
+Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
+### Others
+
+<details>
+
+<summary>click here to expand</summary>
+
+Config examples for other reverse proxies are currently not documented. Pull requests are welcome!
+
+</details>
+
+## 2. Use this startup command
+
+After adjusting your reverse proxy config, use the following command to start AIO:<br>
+
+(For an docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
+
+```
+# For x64 CPUs:
+sudo docker run -it \
+--name nextcloud-aio-mastercontainer \
+--restart always \
+-p 8080:8080 \
+-e APACHE_PORT=11000 \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest
+```
+
+<details>
+
+<summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
+
+```
+# For arm64 CPUs:
+sudo docker run -it \
+--name nextcloud-aio-mastercontainer \
+--restart always \
+-p 8080:8080 \
+-e APACHE_PORT=11000 \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+--volume /var/run/docker.sock:/var/run/docker.sock:ro \
+nextcloud/all-in-one:latest-arm64
+```
+
+</details>
+
+On macOS see https://github.com/nextcloud/all-in-one#how-to-run-it-on-macos.
+
+<details>
+
+<summary>Command for Windows</summary>
+
+```
+docker run -it ^
+--name nextcloud-aio-mastercontainer ^
+--restart always ^
+-p 8080:8080 ^
+-e APACHE_PORT=11000 ^
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
+--volume //var/run/docker.sock:/var/run/docker.sock:ro ^
+nextcloud/all-in-one:latest
+```
+
+</details>
+
+### Inspiration for a docker-compose file
+
+Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+
+---
+
+### How to continue? 
+After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+
+## 3. Optional: get a valid certificate for the AIO interface
+
+If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
+
+```
+https://<your-nc-domain>:8443 {
+    reverse_proxy https://localhost:8080 {
+        transport http {
+            tls_insecure_skip_verify
+        }
+    }
+}
+```
+
+Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
+
+## 4. How to debug things?
+If something does not work, follow the steps below:
+1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
+1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
+1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
+1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
+1. Try to configure everything from scratch if it still does not work!
--- a/tests/QA/001-initial-setup.md
+++ b/tests/QA/001-initial-setup.md
@@ -0,0 +1,10 @@
+# Initial setup
+
+- [ ] Verify that after starting the test container, you can access the AIO interface using https://internal.ip.address:8080
+- [ ] After clicking the self-signed-certificate warning away, it should show the setup page with an explanation what AIO is and the initial password and a button that contains a link to the AIO login page
+- [ ] After copying the password and clicking on this button, it should open a new tab with the login page
+- [ ] The login page should show an input field that allows to enter the AIO password and a `Log in` button
+- [ ] After pasting the new password into the input field and clicking on this button button, you should be logged in
+- [ ] You should now see the containers page and you should see three sections: one general section which explains what AIO is, one `New AIO instance` section and one section that allows to restore the whole AIO instance from backup.
+
+You can now continue with [002-new-instance.md](./002-new-instance.md) or [010-restore-instance.md](./010-restore-instance.md).
--- a/Show More
+++ b/Show More