fix it!

Signed-off-by: szaimen <szaimen@e.mail.de>
another attempt
2026-05-21 10:50:10 +00:00 · 2022-10-27 18:51:51 +02:00 · 2022-10-27 18:23:16 +02:00 · 2022-10-27 16:11:09 +02:00 · 2022-10-27 15:58:40 +02:00 · 2022-10-27 15:22:47 +02:00
116 changed files with 3965 additions and 776 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -17,9 +17,9 @@ labels: bug, 0. Needs triage
 2.
 3.

-### Expected behaviour <!--- Tell us what should happen -->
+### Expected behavior <!--- Tell us what should happen -->

-### Actual behaviour <!--- Tell us what happens instead -->
+### Actual behavior <!--- Tell us what happens instead -->


 ### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,7 +3,8 @@ updates:
 - package-ecosystem: "github-actions"
  directory: "/"
  schedule:
-    interval: "weekly"
+    interval: "daily"
+    time: "12:00"
  open-pull-requests-limit: 10
 - package-ecosystem: composer
  directory: "/php/"
@@ -91,6 +92,9 @@ updates:
  schedule:
    interval: "daily"
    time: "12:00"
+  ignore:
+    - dependency-name: "redis"
+      update-types: ["version-update:semver-major"]
  open-pull-requests-limit: 10
  labels:
  - 3. to review
@@ -131,3 +135,24 @@ updates:
  labels:
  - 3. to review
  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/imaginary"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/fulltextsearch"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "elasticsearch"
+      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -0,0 +1,51 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Rebase command
+
+on:
+  issue_comment:
+    types: created
+
+permissions:
+  contents: read
+
+jobs:
+  rebase:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: none
+
+    # On pull requests and if the comment starts with `/rebase`
+    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
+
+    steps:
+      - name: Add reaction on start
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "+1"
+
+      - name: Checkout the latest code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Automatic Rebase
+        uses: cirrus-actions/rebase@1.7
+        env:
+          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Add reaction on failure
+        uses: peter-evans/create-or-update-comment@v2
+        if: failure()
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "-1"
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -31,21 +31,21 @@ jobs:
          APCU

      - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: docker.pkg.github.com
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build container image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
        with:
          push: true
          context: 'psalm-github-actions'
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -22,7 +22,7 @@ jobs:
        cd ./php
        composer update
        set +e
-        ALL_LINES="$(composer outdated | grep -v "psr/container")"
+        ALL_LINES="$(composer outdated | grep -v "psr/container\|^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
        set -e
        while [ -n "$ALL_LINES" ]; do
          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
@@ -37,7 +37,7 @@ jobs:
        apcu_version="$(
          git ls-remote --tags https://github.com/krakjoe/apcu.git \
            | cut -d/ -f3 \
-            | grep -vE -- '-rc|-b' \
+            | grep -viE -- 'rc|b' \
            | sed -E 's/^v//' \
            | sort -V \
            | tail -1
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -0,0 +1,20 @@
+name: Json Validator
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Json Validator
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Validate Json
+        run: |
+          sudo apt install python3-pip --no-install-recommends
+          sudo pip3 install json-spec
+          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -0,0 +1,55 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: lint-php-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.0"]
+
+    name: php-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: Lint
+        run: cd php && composer run lint
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: php-lint
+
+    if: always()
+
+    name: php-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -19,7 +19,7 @@ jobs:
        apcu_version="$(
          git ls-remote --tags https://github.com/krakjoe/apcu.git \
            | cut -d/ -f3 \
-            | grep -vE -- '-rc|-b' \
+            | grep -viE -- 'rc|b' \
            | sed -E 's/^v//' \
            | sort -V \
            | tail -1
@@ -30,7 +30,7 @@ jobs:
        memcached_version="$(
          git ls-remote --tags https://github.com/php-memcached-dev/php-memcached.git \
            | cut -d/ -f3 \
-            | grep -vE -- '-rc|-b' \
+            | grep -viE -- 'rc|b' \
            | sed -E 's/^[rv]//' \
            | sort -V \
            | tail -1
@@ -60,7 +60,8 @@ jobs:
        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
        
        # Nextcloud
-        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | sort --version-sort | tail -1)
+        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
+        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
        sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile

    - name: Create Pull Request
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -3,16 +3,26 @@ name: Psalm Analysis
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  psalm:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Psalm
-        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+      - uses: actions/checkout@v3
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
        with:
-          composer_ignore_platform_reqs: false
-          relative_dir: php
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm
--- a/.github/workflows/psalm-security.yml
+++ b/.github/workflows/psalm-security.yml
@@ -20,6 +20,6 @@ jobs:
          composer_ignore_platform_reqs: false
          report_file: results.sarif
      - name: Upload Security Analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: php/results.sarif
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -3,10 +3,12 @@ name: Shellcheck
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  shellcheck:
-    name: Github Actions
+    name: Check Shell
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -3,6 +3,8 @@ name: 'Spellcheck'
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  spellcheck:
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -0,0 +1,27 @@
+name: Update Yaml files
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  psalm:
+    name: update yaml files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: update yaml files
+        run: |
+          sudo bash manual-install/update-yaml.sh
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: Yaml updates
+          signoff: true
+          title: Yaml updates
+          body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
+          labels: dependencies
+          milestone: next
+          branch: aio-yaml-update
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,6 @@
 /php/data/configuration.json
 /php/data/backupsecret.json
 /php/vendor
+/manual-install/*.conf
+!/manual-install/sample.conf
+/manual-install/docker-compose.yml
--- a/1
+++ b/1
@@ -1 +0,0 @@
-*       @szaimen @LukasReschke @azul @juliushaertl
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -11,24 +11,34 @@
    # Notify Push
    route /push/* {
        uri strip_prefix /push
-        reverse_proxy {$NEXTCLOUD_HOST}:7867
+        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
+            # trusted_proxies placeholder
+        }
    }

    # Talk
    route /standalone-signaling/* {
        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081
+        reverse_proxy {$TALK_HOST}:8081 {
+            # trusted_proxies placeholder
+        }
    }

    # Collabora
    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }
    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }
    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }

    # Onlyoffice
@@ -36,6 +46,8 @@
        uri strip_prefix /onlyoffice
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Proto https
+            # trusted_proxies placeholder
        }
    }

@@ -44,7 +56,10 @@
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:80
+        reverse_proxy localhost:8000 {
+            # See https://github.com/nextcloud/all-in-one/issues/828
+            # trusted_proxies placeholder
+        }
    }

    # TLS options
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,9 +1,7 @@
 # Caddy is a requirement
-FROM caddy:2.4.6-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy

-FROM debian:bullseye-20220328-slim
-
-EXPOSE 80
+FROM debian:bullseye-20221024-slim

 RUN mkdir -p /mnt/data; \
    chown www-data:www-data /mnt/data;
@@ -21,6 +19,7 @@ RUN set -ex; \
        openssl \
        netcat \
        dpkg-dev \
+        curl \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -40,12 +39,17 @@ RUN a2enmod rewrite \

 COPY nextcloud.conf /etc/apache2/sites-available/

-RUN a2dissite 000-default && \
+RUN rm /etc/apache2/ports.conf; \
+    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
+    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+
+RUN set -ex; \
+    a2dissite 000-default && \
    a2dissite default-ssl && \
    a2ensite nextcloud.conf && \
    rm -rf /var/www/html/* && \
-    service apache2 restart; \
    chown www-data:www-data -R /var/log/apache2; \
+    mkdir -p /var/run/apache2; \
    chown -R www-data:www-data /var/run/apache2; \
    chown -R www-data:www-data /var/www;

@@ -57,11 +61,13 @@ RUN mkdir /var/log/supervisord; \
 COPY Caddyfile /

 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /usr/bin/healthcheck.sh; \
    chmod +r /supervisord.conf; \
-    chmod a+w /Caddyfile; \
-    chmod a+w /
+    chown www-data:www-data /Caddyfile; \
+    chmod +r -R /etc/apache2

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
@@ -69,4 +75,6 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER www-data

 ENTRYPOINT ["start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD healthcheck.sh
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+curl -skfI localhost:8000 || exit 1
+if [ "$APACHE_PORT" != '443' ]; then
+    nc -z localhost "$APACHE_PORT" || exit 1
+else
+    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
+fi
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,7 +1,12 @@
-<VirtualHost *:80>
+Listen 8000
+<VirtualHost *:8000>
+    # Add error log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+
    # PHP match
    <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"
+        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
    </FilesMatch>
    # Nextcloud dir
    DocumentRoot /var/www/html/
@@ -23,4 +28,13 @@
    # Fix zero file sizes 
    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
    SetEnv proxy-sendcl 1
+
+    # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
+    LimitRequestBody ${APACHE_MAX_SIZE}
+
+    # See https://httpd.apache.org/docs/current/mod/core.html#timeout
+    Timeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
+    ProxyTimeout ${APACHE_MAX_TIME}
 </VirtualHost>
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -21,15 +21,30 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

+# Change variables in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
    export PROTOCOL="http"
    export NC_DOMAIN=""
-    sed -i 's|auto_https.*|auto_https off|' /Caddyfile
 else
    export PROTOCOL="https"
-    sed -i 's|auto_https.*|auto_https disable_redirects|' /Caddyfile
 fi

+# Change the auto_https in case of reverse proxies
+if [ "$APACHE_PORT" != '443' ]; then
+    CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
+else
+    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
+fi
+echo "$CADDYFILE" > /Caddyfile
+
+# Change the trusted_proxies in case of reverse proxies
+if [ "$APACHE_PORT" != '443' ]; then
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies private_ranges|' /Caddyfile)"
+else
+    CADDYFILE="$(sed 's|trusted_proxies private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
+fi
+echo "$CADDYFILE" > /Caddyfile
+
 # Add caddy path
 mkdir -p /mnt/data/caddy/

--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -1,23 +1,23 @@
-[supervisord]
-nodaemon=true
-nodaemon=true
-logfile=/var/log/supervisord/supervisord.log
-pidfile=/var/run/supervisord/supervisord.pid
-childlogdir=/var/log/supervisord/
-logfile_maxbytes=50MB                           
-logfile_backups=10                              
-loglevel=error
-
-[program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=apachectl -DFOREGROUND
-
-[program:caddy]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run -config /Caddyfile
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:apache]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apachectl -DFOREGROUND
+
+[program:caddy]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/bin/caddy run --config /Caddyfile
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,10 +1,11 @@
-FROM debian:bullseye-20220328-slim
+FROM debian:bullseye-20221024-slim

 RUN set -ex; \
    \
+    echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \
    apt-get update; \
+    apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
    apt-get install -y --no-install-recommends \
-        borgbackup \
        rsync \
        fuse \
        python3-llfuse \
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -37,13 +37,11 @@ if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKU
    exit 1
 fi

-# Break the borg lock if it exists
-if [ -f "$BORG_BACKUP_DIRECTORY/lock.roster" ]; then
-    echo "Breaking the borg lock..."
-    if ! borg break-lock "$BORG_BACKUP_DIRECTORY"; then
-        echo "Could not break the borg lock!"
-        exit 1
-    fi
+# Do not continue if this file exists (needed for simple external blocking)
+if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
+    echo "Not continuing because aio-lockfile exists - it seems like a script is externally running which is locking the backup archive."
+    echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
+    exit 1
 fi

 # Create lockfile
@@ -89,10 +87,12 @@ if [ "$BORG_MODE" = backup ]; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            echo "Cannot initialize a new repository as that was already done at least one time."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
            exit 1
        fi

        echo "initializing repository..."
+        NEW_REPOSITORY=1
        if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
            echo "Could not initialize borg repository."
            rm -f "$BORG_BACKUP_DIRECTORY/config"
@@ -126,15 +126,19 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --progress --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Create the backup
    echo "Starting the backup..."
    get_start_time
    if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
        echo "Deleting the failed backup archive..."
-        borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
+        if [ "$NEW_REPOSITORY" = 1 ]; then
+            echo "Deleting borg.config file so that you can choose a different location for the backup."
+            rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
+        fi
        exit 1
    fi

@@ -142,7 +146,7 @@ if [ "$BORG_MODE" = backup ]; then
    rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"

    # Prune options
-    BORG_PRUNE_OPTS=(--stats --progress --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
+    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")

    # Prune archives
    echo "Pruning the archives..."
@@ -151,9 +155,76 @@ if [ "$BORG_MODE" = backup ]; then
        exit 1
    fi

+    # Compact archives
+    echo "Compacting the archives..."
+    if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+        echo "Failed to compact archives!"
+        exit 1
+    fi
+
+    # Back up additional directories of the host
+    if [ "$ADDITIONAL_DIRECTORIES_BACKUP" = 'yes' ]; then
+        if [ -d "/docker_volumes/" ]; then
+            DOCKER_VOLUME_DIRS="$(find /docker_volumes -mindepth 1 -maxdepth 1 -type d)"
+            mapfile -t DOCKER_VOLUME_DIRS <<< "$DOCKER_VOLUME_DIRS"
+            for directory in "${DOCKER_VOLUME_DIRS[@]}"; do
+                if [ -z "$(ls -A "$directory")" ]; then
+                    echo "$directory is empty which is not allowed."
+                    exit 1
+                fi
+            done
+            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+                echo "Deleting the failed backup archive..."
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
+                echo "Backup of additional docker-volumes failed!"
+                exit 1
+            fi
+            if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+                echo "Failed to prune additional docker-volumes archives!"
+                exit 1
+            fi
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
+        fi
+        if [ -d "/host_mounts/" ]; then
+            EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache var/cache lost+found run var/run dev tmp sys proc)
+            # Exclude borg backup cache
+            EXCLUDED_DIRECTORIES+=(var/lib/docker/volumes/nextcloud_aio_backup_cache/_data)
+            # Exclude target directory
+            if [ -n "$BORGBACKUP_HOST_LOCATION" ] && [ "$BORGBACKUP_HOST_LOCATION" != "nextcloud_aio_backupdir" ]; then
+                EXCLUDED_DIRECTORIES+=("$BORGBACKUP_HOST_LOCATION")
+            fi
+            for directory in "${EXCLUDED_DIRECTORIES[@]}"
+            do
+                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
+            done
+            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+                echo "Deleting the failed backup archive..."
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
+                echo "Backup of additional host-mounts failed!"
+                exit 1
+            fi
+            if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+                echo "Failed to prune additional host-mount archives!"
+                exit 1
+            fi
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
+        fi
+    fi
+
    # Inform user
    get_expiration_time
    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/update.failed" ]; then
+        echo "However a Nextcloud update failed. So reporting that the backup failed which will skip any update attempt the next time."
+        echo "Please restore a backup from before the failed Nextcloud update attempt."
+        exit 1
+    fi
    exit 0
 fi

@@ -174,11 +245,22 @@ if [ "$BORG_MODE" = restore ]; then
        exit 1
    fi

+    # Save Additional Backup dirs
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories" ]; then
+        ADDITIONAL_BACKUP_DIRECTORIES="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories)"
+    fi
+
+    # Save daily backup time
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time" ]; then
+        DAILY_BACKUPTIME="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time)"
+    fi
+
    # Restore everything except the configuration file
    if ! rsync --stats --archive --human-readable -vv --delete \
    --exclude "nextcloud_aio_mastercontainer/session/"** \
    --exclude "nextcloud_aio_mastercontainer/certs/"** \
    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
        echo "Something failed while restoring from backup."
@@ -224,6 +306,20 @@ if [ "$BORG_MODE" = restore ]; then
    CONTENTS="$(jq ".nextcloud_datadir = $NEXTCLOUD_DATADIR" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json

+    # Reset the additional backup directories
+    if [ -n "$ADDITIONAL_BACKUP_DIRECTORIES" ]; then
+        echo "$ADDITIONAL_BACKUP_DIRECTORIES" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+        chown 33:0 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+        chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+    fi
+
+    # Reset the additional backup directories
+    if [ -n "$DAILY_BACKUPTIME" ]; then
+        echo "$DAILY_BACKUPTIME" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+        chown 33:0 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+        chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+    fi
+
    umount /tmp/borg

    # Inform user
@@ -233,6 +329,10 @@ if [ "$BORG_MODE" = restore ]; then
    # Add file to Nextcloud container so that it skips any update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
+
+    # Add file to Nextcloud container so that it performs a fingerprint update the next time
+    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
 fi

 # Do the Backup check
@@ -241,7 +341,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg check --verify-data --progress "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
        exit 1
    fi
@@ -256,11 +356,15 @@ fi
 if [ "$BORG_MODE" = test ]; then
    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
        echo "No 'borg' directory in the given backup directory found!"
+        echo "Only the files/folders below have been found in the given directory."
+        ls -a "$MOUNT_DIR"
        echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
        exit 1
    elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
        echo "A 'borg' directory was found but could not find the borg archive."
-        echo "It must be positioned directly in the 'borg' subfolder."
+        echo "Only the files/folders below have been found in the borg directory."
+        ls -a "$BORG_BACKUP_DIRECTORY"
+        echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
        exit 1
    elif ! borg list "$BORG_BACKUP_DIRECTORY"; then
        echo "The entered path seems to be valid but could not open the backup archive."
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -1,7 +1,8 @@
 #!/bin/bash

 # Variables
-export BORG_BACKUP_DIRECTORY="/mnt/borgbackup/borg"
+export MOUNT_DIR="/mnt/borgbackup"
+export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"

 # Validate BORG_PASSWORD
 if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
@@ -35,7 +36,11 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"

 # Get a list of all available borg archives
-borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+if borg list "$BORG_BACKUP_DIRECTORY" &>/dev/null; then
+    borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+else
+    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+fi
 chmod +r "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"

 if [ -n "$FAILED" ]; then
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,6 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:0.104.2-3
+FROM clamav/clamav:0.105.1

+RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,2 +1,18 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:21.11.3.6.1
+FROM collabora/code:22.05.7.2.1
+
+USER root
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+        netcat \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+USER 104
+
+HEALTHCHECK CMD nc -z localhost 9980 || exit 1
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,11 +1,12 @@
-FROM alpine:3.15.4
-RUN apk add --update --no-cache lighttpd bash
+FROM alpine:3.16.2
+RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd

 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
 COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
 RUN chmod +r -R /etc/lighttpd && \
-    chown www-data:www-data -R /var/www
+    chown www-data:www-data -R /var/www && \
+    chown www-data:www-data /etc/lighttpd/lighttpd.conf

 COPY start.sh /
 RUN chmod +x /start.sh
@@ -13,3 +14,5 @@ RUN chmod +x /start.sh
 USER www-data
 RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
--- a/Containers/domaincheck/lighttpd.conf
+++ b/Containers/domaincheck/lighttpd.conf
@@ -13,4 +13,8 @@ mimetype.assign = (
 )

 static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
-index-file.names = ( "index.html" )
+index-file.names = ( "index.html" )
+
+$SERVER["socket"] == "ipv6-placeholder" {
+	server.document-root = "/var/www/domaincheck/" 
+}
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,6 +11,9 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
+echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf

--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -0,0 +1,6 @@
+# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
+FROM elasticsearch:7.17.7
+
+RUN elasticsearch-plugin install --batch ingest-attachment
+
+HEALTHCHECK CMD curl -skfI localhost:9200 || exit 1
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -0,0 +1,16 @@
+# From https://github.com/h2non/imaginary/blob/master/Dockerfile
+FROM nextcloud/imaginary:20221003
+
+USER root
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        ca-certificates \
+        curl \
+        netcat \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+USER nobody
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -1,4 +1,6 @@
 {
+    # auto_https will create redirects for https://{host}:8443 instead of https://{host}
+    # https redirects are added manually in the http://:80 block
    auto_https disable_redirects

    storage file_system {
@@ -6,6 +8,10 @@
    }
 }

+http://:80 {
+  redir https://{host}{uri}
+}
+
 https://:8443 {

    reverse_proxy localhost:8000
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,11 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:20.10.14-dind-alpine3.15 as dind
+FROM docker:20.10.21-dind-alpine3.16 as dind

 # Caddy is a requirement
-FROM caddy:2.4.6-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy

 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.17-apache-bullseye
+FROM php:8.0.24-apache-bullseye

 EXPOSE 80
 EXPOSE 8080
@@ -37,7 +37,7 @@ COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker

 RUN set -ex; \
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
    docker-php-ext-enable apcu

 RUN set -e && \
@@ -88,13 +88,20 @@ COPY start.sh /usr/bin/
 COPY backup-time-file-watcher.sh /
 COPY session-deduplicator.sh /
 COPY cron.sh /
+COPY daily-backup.sh /
 COPY supervisord.conf /
+COPY healthcheck.sh /
 RUN chmod +x /usr/bin/start.sh; \
    chmod +x /cron.sh; \
    chmod +x /session-deduplicator.sh; \
-    chmod +x /backup-time-file-watcher.sh
+    chmod +x /backup-time-file-watcher.sh; \
+    chmod +x /daily-backup.sh; \
+    chmod a+r /Caddyfile; \
+    chmod +x /healthcheck.sh

 USER root

 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/mastercontainer/backup-time-file-watcher.sh
+++ b/Containers/mastercontainer/backup-time-file-watcher.sh
@@ -10,12 +10,12 @@ file_present() {
        if [ "$FILE_PRESENT" = 0 ]; then
            restart_process
        else
-            if [ -n "$BACKUP_TIME" ] && [ "$(cat "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
+            if [ -n "$BACKUP_TIME" ] && [ "$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
                restart_process
            fi
        fi
        FILE_PRESENT=1
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
    else
        if [ "$FILE_PRESENT" = 1 ]; then
            restart_process
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -3,83 +3,36 @@
 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
        set -x
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
-        DAILY_BACKUP=1
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
+        export BACKUP_TIME
+        export DAILY_BACKUP=1
+        if [ "$(sed -n '2p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'automaticUpdatesAreNotEnabled' ]; then
+            export AUTOMATIC_UPDATES=1
+        else
+            export AUTOMATIC_UPDATES=0
+            export START_CONTAINERS=1
+        fi
        set +x
    else
-        BACKUP_TIME="04:00"
-        DAILY_BACKUP=0
+        export BACKUP_TIME="04:00"
+        export DAILY_BACKUP=0
    fi

    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        LOCK_FILE_PRESENT=1
+        export LOCK_FILE_PRESENT=1
    else
-        LOCK_FILE_PRESENT=0
+        export LOCK_FILE_PRESENT=0
    fi

    # Allow to continue directly if e.g. the mastercontainer was updated. Otherwise wait for the next execution
    if [ "$LOCK_FILE_PRESENT" = 0 ]; then
        while [ "$(date +%H:%M)" != "$BACKUP_TIME" ]; do 
-            sleep 1
+            sleep 30
        done
    fi

    if [ "$DAILY_BACKUP" = 1 ]; then
-        echo "Daily backup has started"
-
-        # Delete all active sessions and create a lock file
-        # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
-        if [ "$LOCK_FILE_PRESENT" = 0 ]; then
-            rm -f "/mnt/docker-aio-config/session/"*
-        fi
-        sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-        APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
-            echo "Waiting for apache to become available"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-            echo "Waiting for watchtower to stop"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
-            echo "Waiting for borgbackup to stop"
-            sleep 30
-        done
-
-        # Update the mastercontainer
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
-
-        # Wait for watchtower to stop
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
-            echo "Something seems to be wrong: Watchtower should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-                echo "Waiting for watchtower to stop"
-                sleep 30
-            done
-        fi
-
-        # Execute the backup itself and some related tasks
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/DailyBackup.php
-
-        # Delete the lock file
-        rm -f "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Wait for the nextcloud container to start and send if the backup was successful
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
-            echo "Something seems to be wrong: Nextcloud should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
-                echo "Waiting for the Nextcloud container to start"
-                sleep 30
-            done
-        fi
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
-
-        echo "Daily backup has finished"
+        bash /daily-backup.sh
    fi

    # Make sure to delete the lock file always
@@ -93,4 +46,7 @@ while true; do

    # Remove dangling images
    sudo -u www-data docker image prune -f
+
+    # Wait 60s so that the whole loop will not be executed again
+    sleep 60
 done
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+
+echo "Daily backup script has started"
+
+# Daily backup and backup check cannot be run at the same time
+if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Daily backup and backup check cannot be run at the same time. Exiting..."
+    exit 1
+fi
+
+# Delete all active sessions and create a lock file
+# But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
+if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+    rm -f "/mnt/docker-aio-config/session/"*
+fi
+sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+
+# Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    echo "Waiting for apache to become available"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+    echo "Waiting for watchtower to stop"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
+    echo "Waiting for borgbackup to stop"
+    sleep 30
+done
+
+# Update the mastercontainer
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting mastercontainer update..." 
+    echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+fi
+
+# Wait for watchtower to stop
+if [ "$AUTOMATIC_UPDATES" = 1 ] && ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
+    echo "Something seems to be wrong: Watchtower should be started at this step."
+else
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+fi
+
+# Stop containers if required
+# shellcheck disable=SC2235
+if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
+    echo "Stopping containers..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
+fi
+
+# Execute the backup itself and some related tasks (also stops the containers)
+if [ "$DAILY_BACKUP" = 1 ]; then
+    echo "Creating daily backup..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+fi
+
+# Execute backup check
+if [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Starting backup check..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
+fi
+
+# Start and/or update containers
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting and updating containers..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
+else
+    if [ "$START_CONTAINERS" = 1 ]; then
+        echo "Starting containers without updating them..."
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
+    fi
+fi
+
+# Delete the lock file
+rm -f "/mnt/docker-aio-config/data/daily_backup_running"
+
+# Send backup notification
+# shellcheck disable=SC2235
+if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAINERS" = 1 ]); then
+    # Wait for the nextcloud container to start and send if the backup was successful
+    if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
+        echo "Something seems to be wrong: Nextcloud should be started at this step."
+    else
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
+            echo "Waiting for the Nextcloud container to start"
+            sleep 30
+            if [ "$(docker inspect nextcloud-aio-nextcloud --format "{{.State.Restarting}}")" = "true" ]; then
+                echo "Nextcloud container restarting. Skipping this check!"
+                break
+            fi
+        done
+    fi
+    echo "Sending backup notification..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+fi
+
+echo "Daily backup script has finished"
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
+    nc -z localhost 8080 || exit 1
+fi
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -1,23 +1,22 @@
 #!/bin/bash

+deduplicate_sessions() {
+    echo "Deleting duplicate sessions"
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
+}
+
+compare_times() {
+    if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
+        unset NEW_SESSION_TIME
+        NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
+        if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
+            deduplicate_sessions
+        fi
+        OLD_SESSION_TIME="$NEW_SESSION_TIME"
+    fi
+}
+
 while true; do
-    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
-        unset SESSION_FILES
-        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
-        unset SESSION_FILES_ARRAY
-        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
-        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
-                rm "$SESSION_FILE"
-            fi
-        done
-        echo "Deleting duplicate sessions"
-        unset OLDEST_FILE
-        set -x
-        # shellcheck disable=SC2012
-        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
-        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
-        set +x
-    done
-    sleep 5
+    compare_times
+    sleep 2
 done
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -31,6 +31,9 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
        echo "Adding internal www-data to group $DOCKER_GROUP"
        usermod -aG "$DOCKER_GROUP" www-data
    else
+        # Delete the docker group for cases when the docker socket permissions changed between restarts
+        groupdel docker &>/dev/null
+
        # If the group doesn't exist, create it
        echo "Creating docker group internally with id $DOCKER_GROUP_ID"
        groupadd -g "$DOCKER_GROUP_ID" docker
@@ -54,7 +57,7 @@ API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        echo "Docker v$API_VERSION is not supported by your docker engine. Cannot proceed."
+        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
        exit 1
    fi
 else
@@ -64,39 +67,34 @@ fi

 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
-    echo "It seems like you did not give the mastercontainer the correct name?"
+    echo "It seems like you did not give the mastercontainer the correct name?
+Using a different name is not supported!"
    exit 1
 elif ! sudo -u www-data docker volume ls | grep -q "nextcloud_aio_mastercontainer"; then
-    echo "It seems like you did not give the mastercontainer volume the correct name?"
+    echo "It seems like you did not give the mastercontainer volume the correct name?
+Using a different name is not supported!"
    exit 1
 fi

 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
-    if ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/mnt/" \
-    && ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/media/" \
-    && ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/host_mnt/"
-    then
+    if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
+        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+    elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/mnt/', '/media/' or '/host_mnt/'. E.g. '/mnt/ncdata'"
-        exit 1
-    elif [ "$NEXTCLOUD_DATADIR" = "/mnt/" ] || [ "$NEXTCLOUD_DATADIR" = "/media/" ] || [ "$NEXTCLOUD_DATADIR" = "/host_mnt/" ]; then
-        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/mnt/', '/media/' or '/host_mnt/' and not be equal to these."
+The string must start with '/' and must not be equal to '/'.
+It is set to '$NEXTCLOUD_DATADIR'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
-    if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/" \
-    && ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/media/" \
-    && ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/host_mnt/" \
-    && ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/var/backups$"
-    then
+    if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
-The string must be equal to/start with '/mnt/', '/media/' or '/host_mnt/' or be equal to '/var/backups'."
+The string must start with '/' and must not be equal to '/'.
+It is set to '$NEXTCLOUD_MOUNT'."
        exit 1
    elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
-        echo "/mnt/ncdata and /mnt/ncdata/ are not allowed for NEXTCLOUD_MOUNT."
+        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
        exit 1
    fi
 fi
@@ -106,15 +104,81 @@ if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
        exit 1
    fi
 fi
+if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
+    if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
+        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+The string must start with a number and end with 'G'.
+It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
+    if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
+        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+The string must be a number. E.g. '3600'.
+It is set to '$NEXTCLOUD_MAX_TIME'."
+        exit 1
+    fi
+fi
 if [ -n "$APACHE_PORT" ]; then
    if ! check_if_number "$APACHE_PORT"; then
-        echo "You provided an Apache port but did not only use numbers"
+        echo "You provided an Apache port but did not only use numbers.
+It is set to '$APACHE_PORT'."
        exit 1
    elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
        echo "The provided Apache port is invalid. It must be between 1 and 65535"
        exit 1
    fi
 fi
+if [ -n "$APACHE_IP_BINDING" ]; then
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+It is set to '$APACHE_IP_BINDING'."
+        exit 1
+    fi
+fi
+if [ -n "$TALK_PORT" ]; then
+    if ! check_if_number "$TALK_PORT"; then
+        echo "You provided an Talk port but did not only use numbers.
+It is set to '$TALK_PORT'."
+        exit 1
+    elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
+        echo "The provided Talk port is invalid. It must be between 1 and 65535"
+        exit 1
+    fi
+fi
+if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
+    if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
+        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        exit 1
+    fi
+fi
+if [ -n "$DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
+The string must start with '/' and must not end with '/'.
+It is set to '$DOCKER_SOCKET_PATH'."
+        exit 1
+    fi
+fi
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
+It should be an absolute path to a directory that starts with '/' but not end with '/'.
+It is set to '$TRUSTED_CACERTS_DIR '."
+        exit 1
+    fi
+fi
+
+# Check DNS resolution
+# Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
+curl https://nextcloud.com &>/dev/null
+if [ "$?" = 6 ]; then
+    echo "Could not resolve the host nextcloud.com."
+    echo "Most likely the DNS resolving does not work."
+    echo "You should be able to fix this by adding the '--dns=\"ip.address.of.dns.server\"' option to the docker run command."
+    exit 1
+fi

 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
@@ -127,9 +191,23 @@ chmod 770 -R /mnt/docker-aio-config
 chmod 777 /mnt/docker-aio-config
 chown www-data:www-data -R /mnt/docker-aio-config/data/
 chown www-data:www-data -R /mnt/docker-aio-config/session/
-chown root:root -R /mnt/docker-aio-config/caddy/
+chown www-data:www-data -R /mnt/docker-aio-config/caddy/
 chown root:root -R /mnt/docker-aio-config/certs/

+# Don't allow access to the AIO interface from the Nextcloud container
+# Probably more cosmetic than anything but at least an attempt
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
+    cat << APACHE_CONF >> /etc/apache2/apache2.conf
+# nextcloud-aio-block-start
+<Location />
+order allow,deny
+deny from nextcloud-aio-nextcloud.nextcloud-aio
+allow from all
+</Location>
+# nextcloud-aio-block-end
+APACHE_CONF
+fi
+
 # Adjust certs
 GENERATED_CERTS="/mnt/docker-aio-config/certs"
 TMP_CERTS="/etc/apache2/certs"
@@ -150,7 +228,10 @@ print_green "Initial startup of Nextcloud All In One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080

-If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
+If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"

+# Set the timezone to UTC
+export TZ=UTC
+
 exec "$@"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -20,7 +20,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run -config /Caddyfile
+command=sudo -u www-data /usr/bin/caddy run --config /Caddyfile

 [program:cron]
 stdout_logfile=/dev/stdout
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.17-fpm-alpine3.15
+FROM php:8.0.24-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
@@ -60,8 +61,8 @@ RUN set -ex; \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.21; \
-    pecl install memcached-3.1.5; \
+    pecl install APCu-5.1.22; \
+    pecl install memcached-3.2.0; \
    pecl install redis-5.3.7; \
    pecl install imagick-3.7.0; \
    \
@@ -85,7 +86,7 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
-        echo 'opcache.interned_strings_buffer=16'; \
+        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
@@ -96,6 +97,8 @@ RUN { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
+        echo 'max_execution_time=${PHP_MAX_TIME}'; \
+        echo 'max_input_time=${PHP_MAX_TIME}'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
    mkdir /var/www/data; \
@@ -104,8 +107,7 @@ RUN { \

 VOLUME /var/www/html

-
-ENV NEXTCLOUD_VERSION 23.0.3
+ENV NEXTCLOUD_VERSION 24.0.6

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -198,15 +200,20 @@ RUN set -ex; \
        gnupg \
        git \
        postgresql-client \
+        tzdata \
+        mawk \
+        sudo \
+        grep \
    ; \
    rm -rf /var/lib/apt/lists/*

 RUN set -ex; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_children =.*/pm.max_children = 100/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.start_servers =.*/pm.start_servers = 25/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 25/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 75/' /usr/local/etc/php-fpm.d/www.conf
+    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf

 RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
@@ -219,17 +226,13 @@ RUN set -ex; \
 RUN set -ex; \
    chown www-data:root -R /usr/src && \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
-    chown www-data:root -R /var/log/supervisord/ && \
-    chown www-data:root -R /var/run/supervisord/ && \
-    mkdir -p /var/log/nextcloud/ && \
-    chown -R www-data:root /var/log/nextcloud/ && \
+    chown www-data:root -R /usr/local/etc/php-fpm.d && \
    rm -r /usr/src/nextcloud/apps/updatenotification

 COPY start.sh /
 COPY notify.sh /
 RUN set -ex; \
    chmod +x /start.sh && \
-    chmod +r /supervisord.conf && \
    chmod +x /entrypoint.sh && \
    chmod +r /upgrade.exclude && \
    chmod +x /cron.sh && \
@@ -245,5 +248,7 @@ VOLUME /mnt/ncdata
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-USER www-data
+USER root
 ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
--- a/Containers/nextcloud/activate-collabora.sh
+++ b/Containers/nextcloud/activate-collabora.sh
@@ -1,20 +1,13 @@
 #!/bin/bash

-COLLABORA_ACTIVATED=0
-
-while true; do
-    if [ "$COLLABORA_ENABLED" != yes ]; then
-        # Basically sleep for forever if collabora is not enabled
-        sleep 365d
-    fi
-    if [ "$COLLABORA_ACTIVATED" != 0 ]; then
-        # Basically sleep for forever if collabora was activated
-        sleep 365d
-    fi
-    while ! nc -z "$NC_DOMAIN" 443; do
-        sleep 5
-    done
-    echo "Activating collabora config"
-    php /var/www/html/occ richdocuments:activate-config
-    COLLABORA_ACTIVATED=1
+if [ "$COLLABORA_ENABLED" != yes ]; then
+    # Basically sleep for forever if collabora is not enabled
+    sleep inf
+fi
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
 done
+sleep 10
+echo "Activating collabora config..."
+php /var/www/html/occ richdocuments:activate-config
+sleep inf
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -0,0 +1,27 @@
+<?php
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => array(
+      'class' => '\OC\Files\ObjectStore\S3',
+      'arguments' => array(
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
+        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        // required for some non Amazon S3 implementations
+        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        // required for older protocol versions
+        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+      )
+    )
+  );
+} 
--- a/Containers/nextcloud/config/swift.config.php
+++ b/Containers/nextcloud/config/swift.config.php
@@ -0,0 +1,31 @@
+<?php
+if (getenv('OBJECTSTORE_SWIFT_URL')) {
+    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => [
+      'class' => 'OC\\Files\\ObjectStore\\Swift',
+      'arguments' => [
+        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
+        'user' => [
+          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
+          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
+          'domain' => [
+            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
+          ],
+        ],
+        'scope' => [
+          'project' => [
+            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
+            'domain' => [
+              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
+            ],
+          ],
+        ],
+        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
+        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
+        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
+        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
+      ]
+    ]
+  );
+}
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -10,7 +10,7 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }

-echo "Configuring Redis as session handler"
+echo "Configuring Redis as session handler..."
 cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
 session.save_handler = redis
 session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
@@ -21,14 +21,28 @@ redis.session.lock_retries = -1
 redis.session.lock_wait_time = 10000
 REDIS_CONF

+echo "Setting php max children..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+PHP_MAX_CHILDREN=$((MEMORY/50))
+if [ -n "$PHP_MAX_CHILDREN" ]; then
+    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
+fi
+
 # Check permissions in ncdata
-touch "/mnt/ncdata/this-is-a-test-file"
-if ! [ -f "/mnt/ncdata/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in /mnt/ncdata.
-Did you maybe change the datadir and did forget to apply the correct permissions?"
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    echo "The www-data user doesn't seem to have access rights in the datadir.
+Most likely are the files located on a drive that does not follow linux permissions.
+Please adjust the permissions like mentioned below.
+The found permissions are:
+$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
+(userID:groupID permissions)
+but they should be:
+33:0 750
+(userID:groupID permissions)"
    exit 1
 fi
-rm "/mnt/ncdata/this-is-a-test-file"
+rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"

 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
@@ -48,8 +62,25 @@ if [ "$installed_version" != "0.0.0.0" ]; then
    unset ADMIN_PASSWORD
 fi

+# Don't start the container if Nextcloud is not compatible with the PHP version
+if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versioncheck.php; then
+    echo "It seems like your installed Nextcloud is not compatible with the by the container provided PHP version."
+    echo "This most likely happened because you tried to restore an old Nextcloud version from backup that is not compatible with the PHP version that comes with the container."
+    echo "Please try to restore a more recent backup which contains a Nextcloud version that is compatible with the PHP version that comes with the container."
+    echo "If you do not have a more recent backup, feel free to have a look at this documentation: https://github.com/nextcloud/all-in-one/blob/main/manual-upgrade.md"
+    exit 1
+fi
+
+# Do not start the container if the last update failed
+if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
+    echo "The last Nextcloud update failed."
+    echo "Please restore from backup and try again!"
+    echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
-if ! [ -f "/mnt/ncdata/skip.update" ]; then
+if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
    if version_greater "$image_version" "$installed_version"; then
        # Check if it skips a major version
        INSTALLED_MAJOR="${installed_version%%.*}"
@@ -73,6 +104,8 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
            cp /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
+            mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
+            cp /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
            mv /usr/src/nextcloud /usr/src/temp-nextcloud
            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
            rm -r /usr/src/tmp
@@ -109,8 +142,11 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            php /var/www/html/occ app:update --all

            # Fix removing the updatenotification for old instances
+            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
            if [ -d "/var/www/html/apps/updatenotification" ]; then
                php /var/www/html/occ app:disable updatenotification
+            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
+                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
            fi
        fi

@@ -159,10 +195,10 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            mkdir -p /var/www/html/data
            php /var/www/html/occ config:system:set loglevel --value=2
            php /var/www/html/occ config:system:set log_type --value=file
-            php /var/www/html/occ config:system:set logfile --value="/var/log/nextcloud/nextcloud.log"
+            php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
            php /var/www/html/occ config:system:set log_rotate_size --value="10485760"
            php /var/www/html/occ app:enable admin_audit
-            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/log/nextcloud/audit.log"
+            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
            php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"

            # Apply preview settings
@@ -202,6 +238,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then

        #upgrade
        else
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
            while [ -n "$(pgrep -f cron.php)" ]
            do
                echo "Waiting for Nextclouds cronjob to finish..."
@@ -211,9 +248,13 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            echo "Upgrading nextcloud from $installed_version to $image_version..."
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
+                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
                exit 1
            fi

+            rm "$NEXTCLOUD_DATA_DIR/update.failed"
+            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
+
            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
            echo "The following apps have been disabled:"
            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
@@ -231,23 +272,50 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
        fi
    fi

-    # Performing update of all apps if daily backups are enabled, running and successful
-    if [ "$DAILY_BACKUP_RUNNING" = 'yes' ]; then
-        php /var/www/html/occ app:update --all
+    # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
+    if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
+        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
+        if [ -n "$UPDATED_APPS" ]; then
+             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
+        fi
    fi
+else
+    SKIP_UPDATE=1
 fi

 # Check if appdata is present
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
-if [ -z "$(find "/mnt/ncdata/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
    exit 1
 fi

+# Configure tempdirectory
+if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
+    if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
+    fi
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
+fi
+
+# Perform fingerprint update if instance was restored
+if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
+    php /var/www/html/occ maintenance:data-fingerprint
+    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
+fi
+
 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
+php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
+php /var/www/html/occ app:enable support
+
+# Adjusting log files to be stored on a volume
+echo "Adjusting log files..."
+php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
+php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"

 # Apply network settings
 echo "Applying network settings..."
@@ -275,10 +343,11 @@ if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
    php /var/www/html/occ app:install notify_push
 elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; then
    php /var/www/html/occ app:enable notify_push
-else
+elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
 fi
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
+php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
@@ -287,7 +356,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install richdocuments
    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
        php /var/www/html/occ app:enable richdocuments
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update richdocuments
    fi
    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
@@ -295,7 +364,6 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
-        php /var/www/html/occ config:system:delete allow_local_remote_servers
        php /var/www/html/occ app:remove richdocuments
    fi
 fi
@@ -310,12 +378,15 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install onlyoffice
    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
        php /var/www/html/occ app:enable onlyoffice
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update onlyoffice
    fi
+    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove onlyoffice
    fi
 fi
@@ -326,15 +397,20 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
        php /var/www/html/occ app:enable spreed
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update spreed
    fi
-    STUN_SERVERS="[\"$NC_DOMAIN:3478\"]"
-    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:3478\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
-    SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
-    php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
+    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
+    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
+        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+    fi
+    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
+    fi
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
+    fi
 else
    if [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:remove spreed
@@ -351,7 +427,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install files_antivirus
    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
        php /var/www/html/occ app:enable files_antivirus
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update files_antivirus
    fi
    php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
@@ -366,5 +442,70 @@ else
    fi
 fi

+# Imaginary
+if version_greater "$installed_version" "24.0.0.0"; then
+    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    else
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+        php /var/www/html/occ config:system:delete preview_imaginary_url
+    fi
+fi
+
+# Fulltextsearch
+if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
+    while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do
+        echo "waiting for Fulltextsearch to become available..."
+        sleep 5
+    done
+    if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:install fulltextsearch
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable fulltextsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update fulltextsearch
+    fi    
+    if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:install fulltextsearch_elasticsearch
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable fulltextsearch_elasticsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update fulltextsearch_elasticsearch
+    fi    
+    if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:install files_fulltextsearch
+    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable files_fulltextsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update files_fulltextsearch
+    fi
+    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+
+    # Do the index
+    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
+        echo "Waiting 10s before activating FTS..."
+        sleep 10
+        echo "Activating fulltextsearch..."
+        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
+            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
+        else
+            echo "Fulltextsearch failed. Could not index."
+        fi
+    fi
+else
+    if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch
+    fi
+    if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch_elasticsearch
+    fi
+    if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:remove files_fulltextsearch
+    fi
+fi
+
 # Remove the update skip file always
-rm -f /mnt/ncdata/skip.update
+rm -f "$NEXTCLOUD_DATA_DIR"/skip.update
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,5 +1,9 @@
 #!/bin/bash

+if [[ "$EUID" = 0 ]]; then
+    sudo -u www-data -s -E
+fi
+
 SUBJECT="$1"
 MESSAGE="$2"

--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash

 # Only start container if database is accessible
-while ! nc -z "$POSTGRES_HOST" 5432; do
+while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
    echo "Waiting for database to start..."
    sleep 5
 done
@@ -11,13 +11,33 @@ POSTGRES_USER="oc_$POSTGRES_USER"
 export POSTGRES_USER

 # Fix false database connection on old instances
-if [ -f "/var/www/html/config/config.php" ] && sleep 2 && psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; then
-    sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+if [ -f "/var/www/html/config/config.php" ]; then
+    sleep 2
+    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
+        echo "Waiting for the database to start..."
+        sleep 5
+    done
+    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
+    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
 fi

+# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates."
+    update-ca-certificates
+fi
+
+# Check datadir permissions
+sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
+    chmod 750 -R "$NEXTCLOUD_DATA_DIR"
+fi
+sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+
 # Run original entrypoint
-if ! bash /entrypoint.sh; then
+if ! sudo -E -u www-data bash /entrypoint.sh; then
    exit 1
 fi

--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -21,6 +21,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
+user=www-data

 [program:notify-push]
 stdout_logfile=/dev/stdout
@@ -28,6 +29,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
+user=www-data

 [program:activate-collabora]
 stdout_logfile=/dev/stdout
@@ -35,3 +37,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/activate-collabora.sh
+user=www-data
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,2 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.0.1.37
+FROM onlyoffice/documentserver:7.2.1.34
+
+HEALTHCHECK CMD curl -skfI localhost || exit 1
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.2-alpine3.15
+FROM postgres:14.5-alpine

-RUN apk add --update --no-cache bash openssl shadow netcat-openbsd
+RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk

 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
@@ -31,3 +31,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER postgres
 ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -39,7 +39,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
    # If database export was unsuccessful, skip update 
    if [ -f "$DUMP_DIR/export.failed" ]; then
        echo "Database export failed the last time. Most likely was the export time not high enough."
-        echo "Plese report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

@@ -64,12 +64,21 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
        sleep 5
    done

-    # Set correct permissions
-    if grep -q "Owner: oc_admin" "$DUMP_FILE" && ! grep -q "Owner: oc_$POSTGRES_USER" "$DUMP_FILE"; then
-        OC_ADMIN_EXISTS=1
+    # Check if the line we grep for later on is there
+    GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
+    if ! grep -q "$GREP_STRING" "$DUMP_FILE"; then
+        echo "The needed oc_appconfig line is not there which is unexpected."
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
+        exit 1
+    fi
+
+    # Get the Owner
+    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    if [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+        DIFFERENT_DB_OWNER=1
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-            CREATE USER oc_admin WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
-            ALTER DATABASE "$POSTGRES_DB" OWNER TO oc_admin;
+            CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
+            ALTER DATABASE "$POSTGRES_DB" OWNER TO "$DB_OWNER";
 EOSQL
    fi

@@ -78,10 +87,10 @@ EOSQL
    psql "$POSTGRES_DB" -U "$POSTGRES_USER" < "$DUMP_FILE"

    # Correct permissions
-    if [ -n "$OC_ADMIN_EXISTS" ]; then
+    if [ -n "$DIFFERENT_DB_OWNER" ]; then
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
            ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
-            REASSIGN OWNED BY oc_admin TO "oc_$POSTGRES_USER";
+            REASSIGN OWNED BY "$DB_OWNER" TO "oc_$POSTGRES_USER";
 EOSQL
    fi

@@ -101,6 +110,13 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
    rm -rf "${DATADIR:?}/"*
 fi

+echo "Setting max connections..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MAX_CONNECTIONS=$((MEMORY/50+3))
+if [ -n "$MAX_CONNECTIONS" ]; then
+    sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
+fi
+
 # Catch docker stop attempts
 trap 'true' SIGINT SIGTERM

--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.6-alpine3.15
+FROM redis:6.2.7-alpine

 RUN apk add --update --no-cache openssl bash

@@ -11,3 +11,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER redis
 ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,4 @@
-FROM ubuntu:focal-20220404
-
-EXPOSE 3478
+FROM ubuntu:focal-20221019

 RUN set -ex; \
    \
@@ -11,6 +9,7 @@ RUN set -ex; \
        supervisor \
        curl \
        ca-certificates \
+        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -63,6 +62,11 @@ RUN mkdir -p /etc/nats; \
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd

+# Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
+ENV TALK_PORT=3478
+
 USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -11,19 +11,19 @@ elif [ -z "$JANUS_API_KEY" ]; then
    echo "You need to provide the JANUS_API_KEY."
    exit 1
 elif [ -z "$SIGNALING_SECRET" ]; then
-    echo "You need to provide the JANUS_API_KEY."
+    echo "You need to provide the SIGNALING_SECRET."
    exit 1
 fi

 # Turn
 cat << TURN_CONF > "/etc/turnserver.conf"
-listening-port=3478
+listening-port=$TALK_PORT
 fingerprint
 lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN
-total-quota=100
+total-quota=0
 bps-capacity=0
 stale-nonce
 no-multicast-peers
@@ -36,13 +36,15 @@ set -x
 sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
 sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
 sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
-sed -i "s|#stun_port.*|stun_port = 3478|g" /etc/janus/janus.jcfg
-sed -i "s|#turn_port.*|turn_port = 3478|g" /etc/janus/janus.jcfg
-sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g'/etc/janus/janus.jcfg
+sed -i "s|#stun_port.*|stun_port = $TALK_PORT|g" /etc/janus/janus.jcfg
+sed -i "s|#turn_port.*|turn_port = $TALK_PORT|g" /etc/janus/janus.jcfg
+sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
 sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
+sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
+sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
 set +x

 # Signling
@@ -80,7 +82,7 @@ url = ws://127.0.0.1:8188
 [turn]
 apikey = ${JANUS_API_KEY}
 secret = ${TURN_SECRET}
-servers = turn:$NC_DOMAIN:3478?transport=tcp,turn:$NC_DOMAIN:3478?transport=udp
+servers = turn:$NC_DOMAIN:$TALK_PORT?transport=tcp,turn:$NC_DOMAIN:$TALK_PORT?transport=udp
 SIGNALING_CONF

 exec "$@"
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,11 +27,11 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --daemon --log-stdout
+command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout

 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling -config /etc/signaling/server.conf
+command=signaling --config /etc/signaling/server.conf
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.4.0 as watchtower

-FROM alpine:3.15.4
+FROM alpine:3.16.2

 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
-	<version>0.1.0</version>
+	<version>0.2.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="22" max-version="23"/>
+		<nextcloud min-version="23" max-version="24"/>
 	</dependencies>

 	<settings>
--- a/develop.md
+++ b/develop.md
@@ -1,12 +1,13 @@
 ## Developer channel
 If you want to switch to the develop channel, you simply stop and delete the mastercontainer and create a new one with a changed tag to develop:
 ```shell
-sudo docker run -it \
+sudo docker run \
+--sig-proxy=false \
 --name nextcloud-aio-mastercontainer \
 --restart always \
-p 80:80 \
-p 8080:8080 \
-p 8443:8443 \
+--publish 80:80 \
+--publish 8080:8080 \
+--publish 8443:8443 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:develop
@@ -14,15 +15,22 @@ nextcloud/all-in-one:develop
 And you are done :)
 It will now also select the developer channel for all other containers automatically.

-## How to build new containers
+## How to publish new releases?
+Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.

+## How to build new containers
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.

-## How to promote builds from develop to beta
+## How to test things correctly?
+There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.

+## How to promote builds from develop to beta
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.

+## Where to find the VPS and other builds?
+This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/main/.build
+
 ## How to promote builds from beta to latest

 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,17 +2,43 @@ version: "3.8"

 volumes:
  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed

 services:
  nextcloud:
-    image: nextcloud/all-in-one:latest
-    restart: unless-stopped
-    container_name: nextcloud-aio-mastercontainer
+    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
+    restart: always
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
    ports:
-      - 80:80
+      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
-      - 8443:8443
+      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+    # environment: # Is needed when using any of the options below
+      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
+      # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+
+  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+  # caddy:
+  #   image: caddy:alpine
+  #   restart: always
+  #   container_name: caddy
+  #   volumes:
+  #     - ./Caddyfile:/etc/caddy/Caddyfile
+  #     - ./certs:/certs
+  #     - ./config:/config
+  #     - ./data:/data
+  #     - ./sites:/srv
+  #   network_mode: "host"
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -0,0 +1,14 @@
+# Docker rootless
+
+You can run AIO with docker rootless by following the steps below.
+
+0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/. The daemon.json file is most likely stored in `~/.config/docker/daemon.json`.
+1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
+1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
+
+**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
--- a/local-instance.md
+++ b/local-instance.md
@@ -0,0 +1,19 @@
+# Local instance
+It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
+
+## 1. The recommended way
+The recommended way is the following:
+1. Set up your domain correctly to point to your home network
+1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
+
+## 2. Use the ACME DNS-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+
+## 3. Use Cloudflare
+If you do not have any contol over the network, you may think about using Cloudflare Argo Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-argo-tunnel how to set this up.
+
+## 4. Buy a certificate and use that
+If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -0,0 +1,199 @@
+version: "3.8"
+
+services:
+  nextcloud-aio-apache:
+    container_name: nextcloud-aio-apache
+    depends_on:
+      - nextcloud-aio-onlyoffice
+      - nextcloud-aio-collabora
+      - nextcloud-aio-talk
+      - nextcloud-aio-nextcloud
+    image: nextcloud/aio-apache:latest-arm64
+    ports:
+      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_HOST=nextcloud-aio-talk
+      - APACHE_PORT=${APACHE_PORT}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:ro
+      - nextcloud_aio_apache:/mnt/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-database:
+    container_name: nextcloud-aio-database
+    image: nextcloud/aio-postgresql:latest-arm64
+    volumes:
+      - nextcloud_aio_database:/var/lib/postgresql/data:rw
+      - nextcloud_aio_database_dump:/mnt/data:rw
+    environment:
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
+    stop_grace_period: 1800s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-nextcloud:
+    container_name: nextcloud-aio-nextcloud
+    depends_on:
+      - nextcloud-aio-database
+      - nextcloud-aio-redis
+      - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-imaginary
+    image: nextcloud/aio-nextcloud:latest-arm64
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:rw
+      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
+      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+    environment:
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - AIO_TOKEN=${AIO_TOKEN}
+      - NC_DOMAIN=${NC_DOMAIN}
+      - ADMIN_USER=admin
+      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
+      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
+      - OVERWRITEHOST=${NC_DOMAIN}
+      - OVERWRITEPROTOCOL=https
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
+      - AIO_URL=${AIO_URL}
+      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
+      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
+      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_ENABLED=${TALK_ENABLED}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
+      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-redis:
+    container_name: nextcloud-aio-redis
+    image: nextcloud/aio-redis:latest-arm64
+    environment:
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-collabora:
+    container_name: nextcloud-aio-collabora
+    image: nextcloud/aio-collabora:latest-arm64
+    environment:
+      - aliasgroup1=https://${NC_DOMAIN}:443
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - dictionaries=${COLLABORA_DICTIONARIES}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-talk:
+    container_name: nextcloud-aio-talk
+    image: nextcloud/aio-talk:latest-arm64
+    ports:
+      - ${TALK_PORT}:${TALK_PORT}/tcp
+      - ${TALK_PORT}:${TALK_PORT}/udp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-onlyoffice:
+    container_name: nextcloud-aio-onlyoffice
+    image: nextcloud/aio-onlyoffice:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+      - JWT_ENABLED=true
+      - JWT_HEADER=AuthorizationJwt
+      - JWT_SECRET=${ONLYOFFICE_SECRET}
+    volumes:
+      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-imaginary:
+    container_name: nextcloud-aio-imaginary
+    image: nextcloud/aio-imaginary:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-fulltextsearch:
+    container_name: nextcloud-aio-fulltextsearch
+    image: nextcloud/aio-fulltextsearch:latest-arm64
+    environment:
+      - TZ=${TIMEZONE}
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+    volumes:
+      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
+volumes:
+  nextcloud_aio_apache:
+    name: nextcloud_aio_apache
+  nextcloud_aio_database:
+    name: nextcloud_aio_database
+  nextcloud_aio_database_dump:
+    name: nextcloud_aio_database_dump
+  nextcloud_aio_elasticsearch:
+    name: nextcloud_aio_elasticsearch
+  nextcloud_aio_nextcloud:
+    name: nextcloud_aio_nextcloud
+  nextcloud_aio_onlyoffice:
+    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_nextcloud_data:
+    name: nextcloud_aio_nextcloud_data
+
+networks:
+  nextcloud-aio:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -0,0 +1,216 @@
+version: "3.8"
+
+services:
+  nextcloud-aio-apache:
+    container_name: nextcloud-aio-apache
+    depends_on:
+      - nextcloud-aio-onlyoffice
+      - nextcloud-aio-collabora
+      - nextcloud-aio-talk
+      - nextcloud-aio-nextcloud
+    image: nextcloud/aio-apache:latest
+    ports:
+      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_HOST=nextcloud-aio-talk
+      - APACHE_PORT=${APACHE_PORT}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:ro
+      - nextcloud_aio_apache:/mnt/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-database:
+    container_name: nextcloud-aio-database
+    image: nextcloud/aio-postgresql:latest
+    volumes:
+      - nextcloud_aio_database:/var/lib/postgresql/data:rw
+      - nextcloud_aio_database_dump:/mnt/data:rw
+    environment:
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
+    stop_grace_period: 1800s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-nextcloud:
+    container_name: nextcloud-aio-nextcloud
+    depends_on:
+      - nextcloud-aio-database
+      - nextcloud-aio-redis
+      - nextcloud-aio-clamav
+      - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-imaginary
+    image: nextcloud/aio-nextcloud:latest
+    volumes:
+      - nextcloud_aio_nextcloud:/var/www/html:rw
+      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
+      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+    environment:
+      - POSTGRES_HOST=nextcloud-aio-database
+      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
+      - POSTGRES_DB=nextcloud_database
+      - POSTGRES_USER=nextcloud
+      - REDIS_HOST=nextcloud-aio-redis
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - AIO_TOKEN=${AIO_TOKEN}
+      - NC_DOMAIN=${NC_DOMAIN}
+      - ADMIN_USER=admin
+      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
+      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
+      - OVERWRITEHOST=${NC_DOMAIN}
+      - OVERWRITEPROTOCOL=https
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
+      - AIO_URL=${AIO_URL}
+      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
+      - CLAMAV_ENABLED=${CLAMAV_ENABLED}
+      - CLAMAV_HOST=nextcloud-aio-clamav
+      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
+      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
+      - COLLABORA_HOST=nextcloud-aio-collabora
+      - TALK_ENABLED=${TALK_ENABLED}
+      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
+      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-redis:
+    container_name: nextcloud-aio-redis
+    image: nextcloud/aio-redis:latest
+    environment:
+      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-collabora:
+    container_name: nextcloud-aio-collabora
+    image: nextcloud/aio-collabora:latest
+    environment:
+      - aliasgroup1=https://${NC_DOMAIN}:443
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - dictionaries=${COLLABORA_DICTIONARIES}
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-talk:
+    container_name: nextcloud-aio-talk
+    image: nextcloud/aio-talk:latest
+    ports:
+      - ${TALK_PORT}:${TALK_PORT}/tcp
+      - ${TALK_PORT}:${TALK_PORT}/udp
+    environment:
+      - NC_DOMAIN=${NC_DOMAIN}
+      - TURN_SECRET=${TURN_SECRET}
+      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-clamav:
+    container_name: nextcloud-aio-clamav
+    image: nextcloud/aio-clamav:latest
+    environment:
+      - TZ=${TIMEZONE}
+    volumes:
+      - nextcloud_aio_clamav:/var/lib/clamav:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-onlyoffice:
+    container_name: nextcloud-aio-onlyoffice
+    image: nextcloud/aio-onlyoffice:latest
+    environment:
+      - TZ=${TIMEZONE}
+      - JWT_ENABLED=true
+      - JWT_HEADER=AuthorizationJwt
+      - JWT_SECRET=${ONLYOFFICE_SECRET}
+    volumes:
+      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-imaginary:
+    container_name: nextcloud-aio-imaginary
+    image: nextcloud/aio-imaginary:latest
+    environment:
+      - TZ=${TIMEZONE}
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+ 
+  nextcloud-aio-fulltextsearch:
+    container_name: nextcloud-aio-fulltextsearch
+    image: nextcloud/aio-fulltextsearch:latest
+    environment:
+      - TZ=${TIMEZONE}
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+    volumes:
+      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
+    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
+volumes:
+  nextcloud_aio_apache:
+    name: nextcloud_aio_apache
+  nextcloud_aio_clamav:
+    name: nextcloud_aio_clamav
+  nextcloud_aio_database:
+    name: nextcloud_aio_database
+  nextcloud_aio_database_dump:
+    name: nextcloud_aio_database_dump
+  nextcloud_aio_elasticsearch:
+    name: nextcloud_aio_elasticsearch
+  nextcloud_aio_nextcloud:
+    name: nextcloud_aio_nextcloud
+  nextcloud_aio_onlyoffice:
+    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_nextcloud_data:
+    name: nextcloud_aio_nextcloud_data
+
+networks:
+  nextcloud-aio:
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -0,0 +1,41 @@
+# Manual installation
+
+You can run the containers that are build for AIO with docker-compose. This comes with a few downsides, that are discussed below.
+
+### Advantages
+- You can run it without a container having access to the docker socket
+- You can modify all values on your own
+
+### Disadvantages
+- You lose the AIO interface
+- You lose update notifications and automatic updates
+- You lose all AIO backup and restore features
+- You need to know what you are doing, especially when modifying the docker-compose file
+- Probably more
+
+## How to use this?
+First, install docker and docker-compose if not already done. Then simply run the following:
+```bash
+git clone https://github.com/nextcloud/all-in-one.git
+cd all-in-one/manual-install
+```
+Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+
+Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+
+Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+
+## How to update?
+Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
+1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. Back up all important files and folders
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
+1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
+1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
+1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+
+## FAQ
+### Backup and restore?
+If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 
+
+Obviously you also need to back up the conf file and the yaml file if you modified it.
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -0,0 +1,28 @@
+AIO_TOKEN=123456          # Has no function but needs to be set!
+AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
+COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
+DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
+NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
+NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
+NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
+ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
+TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
+TURN_SECRET=          # TODO! This needs to be a unique and good password!
+UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+
+jq -c . ./php/containers.json > /tmp/containers.json
+sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
+sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+OUTPUT="$(cat /tmp/containers.json)"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+
+snap install yq
+mkdir -p ./manual-install
+echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
+
+cd manual-install || exit
+sed -i "s|'||g" containers.yml
+sed -i 's|production:|services:|' containers.yml
+sed -i 's|- identifier:|  container_name:|' containers.yml
+sed -i 's|restartPolicy:|restart:|' containers.yml
+sed -i 's|environmentVariables:|environment:|' containers.yml
+sed -i '/displayName:/d' containers.yml
+sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/stop_grace_period:/s/$/s/' containers.yml
+sed -i 's|containerName:|image:|' containers.yml
+sed -i '/: \[\]/d' containers.yml
+sed -i 's|dependsOn:|depends_on:|' containers.yml
+sed -i 's|- name: |- |' containers.yml
+
+TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
+mapfile -t TCP <<< "$TCP"
+for port in "${TCP[@]}" 
+do
+    solve_port="${port%%/tcp}"
+    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+done
+
+UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
+mapfile -t UDP <<< "$UDP"
+for port in "${UDP[@]}"
+do
+    solve_port="${port%%/udp}"
+    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+done
+
+rm -f sample.conf
+VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
+mapfile -t VARIABLES <<< "$VARIABLES"
+for variable in "${VARIABLES[@]}"
+do
+    # shellcheck disable=SC2001
+    sole_variable="$(echo "$variable" | sed 's|%||g')"
+    echo "$sole_variable=" >> sample.conf
+    sed -i "s|$variable|\${$sole_variable}|g" containers.yml
+done
+
+sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
+sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora|' sample.conf
+sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
+sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
+sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
+sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
+sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
+sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
+sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
+sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
+sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
+sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
+sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
+sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
+
+cat sample.conf
+
+OUTPUT="$(cat containers.yml)"
+NAMES="$(grep -oP "container_name:.*" containers.yml | grep -oP 'nextcloud-aio.*')"
+mapfile -t NAMES <<< "$NAMES"
+for name in "${NAMES[@]}"
+do
+    OUTPUT="$(echo "$OUTPUT" | sed "/container_name.*$name/i\ \ $name:")"
+    if [ "$name" != "nextcloud-aio-apache" ]; then
+        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
+    fi
+done
+
+OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
+
+echo 'version: "3.8"' > containers.yml
+echo "" >> containers.yml
+
+echo "$OUTPUT" >> containers.yml
+
+VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
+mapfile -t VOLUMES <<< "$VOLUMES"
+echo "" >> containers.yml
+echo "volumes:" >> containers.yml
+for volume in "${VOLUMES[@]}" "nextcloud_aio_nextcloud_data"
+do
+    cat << VOLUMES >> containers.yml
+  $volume:
+    name: $volume
+VOLUMES
+done
+
+cat << NETWORK >> containers.yml
+
+networks:
+  nextcloud-aio:
+NETWORK
+
+cat containers.yml > latest.yml
+sed -i '/image:/s/$/:latest/' latest.yml
+
+cat containers.yml > latest-arm64.yml
+sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
+sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
+sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
+sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+
+rm containers.yml
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -0,0 +1,25 @@
+# Manual upgrade
+
+If you do not install any upgrade for around 6-12 months or longer, it can happen that your instance is so outdated that in the meantime the PHP version of the Nextcloud container got bumped to a version that is not compatible with your currently installed Nextcloud version which means that after doing an upgrade after this long time, Nextcloud will suddenly not work anymore. There is unfortunately no way to fix this from the maintainer side if you refrain from upgrading for so long.
+
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below:
+
+1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
+1. Do **not** click on `Stop containers` because you will need them running going forward, see below
+1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
+1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo cat /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+1. Run the following commands in order to reverse engineer the Nextcloud container:
+    ```bash
+        sudo docker pull assaflavie/runlike
+        echo '#/bin/bash' > /tmp/nextcloud-aio-nextcloud
+        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
+        sudo chown root:root /tmp/nextcloud-aio-nextcloud
+    ```
+1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest` on x64 or `nextcloud/aio-nextcloud:php8.0-latest-arm64` on arm64. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
+1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
+1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
+1. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+1. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+1. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+1. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Also you should think about enabling daily backups if doing regularl upgrades is too much effort for you.
--- a/migration.md
+++ b/migration.md
@@ -1,11 +1,12 @@
-## How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
+# How to migrate from an already existing Nextcloud installation to Nextcloud AIO?

-There are basically two ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:
+There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:

 1. Migrate only the files which is the easiest way
 1. Migrate the files and the database which is much more complicated
+1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user

-### Migrate only the files 
+## Migrate only the files 
 **Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well!

 The procedure for migrating only the files works like this:
@@ -14,16 +15,15 @@ The procedure for migrating only the files works like this:
 1. Recreate all users that were present on your former installation
 1. Take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
 1. Start the containers again and wait until all containers are running
-1. Run `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
+1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

-### Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!<br>
-Also, you will currently not be able to use local external storage in Nextcloud AIO since that is not supported, yet. See https://github.com/nextcloud/all-in-one/issues/76
+## Migrate the files and the database
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!

 The procedure for migrating the files and the database works like this:
-1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
+1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
 1. Take a backup of your former instance (especially from your datadirectory and database)
 1. If your former installation didn't use Postgresql already, you will now need to convert your old installation to use Postgresql as database temporarily (in order to be able to perform a pg_dump afterwards):
    1. Install Postgresql on your former installation: on a Debian based OS should the following command work:
@@ -36,13 +36,13 @@ The procedure for migrating the files and the database works like this:
        export PG_PASSWORD="my-temporary-password"
        export PG_DATABASE="nextcloud_db"
        sudo -u postgres psql <<END
-        CREATE USER $PG_USER WITH PASSWORD '$PGDB_PASS';
+        CREATE USER $PG_USER WITH PASSWORD '$PG_PASSWORD';
        CREATE DATABASE $PG_DATABASE WITH OWNER $PG_USER TEMPLATE template0 ENCODING 'UTF8';
        END
        ```
    1. Run the following command to start the conversion:
        ```
-        occ db:convert-type --all-apps --password "$PGDB_PASS" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
+        occ db:convert-type --all-apps --password "$PG_PASSWORD" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
        ```
        **Please note:** You might need to change the ip-address `127.0.0.1` based on your exact installation.<br>
        Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type
@@ -54,7 +54,7 @@ The procedure for migrating the files and the database works like this:
    ```
    **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
    And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain (use the same domain that you used on your former installation) and wait until all containers are running
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`.
 1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
 1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
    1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.
@@ -70,14 +70,16 @@ The procedure for migrating the files and the database works like this:
    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
    sudo cp database-dump.sql /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/
    sudo chmod 777 /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
-    sudo rm -r /var/lib/docker/volumes/nextcloud_aio_database/_data/*
+    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/initial-cleanup-done
    ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`. Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions on the datadirectory.
 1. Edit the Nextcloud AIO config.php file that is stored in `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
-1. Now run `sudo docker exec -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint`.
 1. As last step, install all apps again that were installed before on your old instance by using the webinterface.

 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.
+
+## Use the user_migration app
+A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -0,0 +1,19 @@
+# Multiple AIO instances
+It is possible to run multiple instances of AIO on one server.
+
+There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
+
+Below is described more in detail how the the second way works.
+
+## Run multiple AIO instances on the same server with docker rootless
+1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
+1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
+1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
+1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
+1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
+1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
+1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
+1. Please also do not forget to open each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
+
+Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
--- a/php/composer.json
+++ b/php/composer.json
@@ -20,6 +20,7 @@
    },
    "scripts": {
 		"psalm": "psalm --threads=1",
-		"psalm:update-baseline": "psalm --threads=1 --update-baseline"
+		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
+        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
 	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.4.2",
+            "version": "7.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4"
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4",
-                "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "guzzlehttp/promises": "^1.5",
-                "guzzlehttp/psr7": "^1.8.3 || ^2.1",
+                "guzzlehttp/psr7": "^1.9 || ^2.4",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
                "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -32,10 +32,10 @@
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                "ext-curl": "*",
                "php-http/client-integration-tests": "^3.0",
-                "phpunit/phpunit": "^8.5.5 || ^9.3.5",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
@@ -45,8 +45,12 @@
            },
            "type": "library",
            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                "branch-alias": {
-                    "dev-master": "7.4-dev"
+                    "dev-master": "7.5-dev"
                }
            },
            "autoload": {
@@ -112,7 +116,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.4.2"
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
            },
            "funding": [
                {
@@ -128,20 +132,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-03-20T14:16:28+00:00"
+            "time": "2022-08-28T15:39:27+00:00"
        },
        {
            "name": "guzzlehttp/promises",
-            "version": "1.5.1",
+            "version": "1.5.2",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da"
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
                "shasum": ""
            },
            "require": {
@@ -196,7 +200,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.5.1"
+                "source": "https://github.com/guzzle/promises/tree/1.5.2"
            },
            "funding": [
                {
@@ -212,20 +216,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-22T20:56:57+00:00"
+            "time": "2022-08-28T14:55:35+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.2.1",
+            "version": "2.4.3",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2"
+                "reference": "67c26b443f348a51926030c83481b85718457d3d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2",
-                "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
+                "reference": "67c26b443f348a51926030c83481b85718457d3d",
                "shasum": ""
            },
            "require": {
@@ -239,17 +243,21 @@
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.8 || ^9.3.10"
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
            },
            "type": "library",
            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                "branch-alias": {
-                    "dev-master": "2.2-dev"
+                    "dev-master": "2.4-dev"
                }
            },
            "autoload": {
@@ -311,7 +319,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.2.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
            },
            "funding": [
                {
@@ -327,7 +335,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-03-20T21:55:58+00:00"
+            "time": "2022-10-26T14:07:24+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -389,25 +397,26 @@
        },
        {
            "name": "laravel/serializable-closure",
-            "version": "v1.1.1",
+            "version": "v1.2.2",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "9e4b005daa20b0c161f3845040046dc9ddc1d74e"
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/9e4b005daa20b0c161f3845040046dc9ddc1d74e",
-                "reference": "9e4b005daa20b0c161f3845040046dc9ddc1d74e",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/47afb7fae28ed29057fdca37e16a84f90cc62fae",
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae",
                "shasum": ""
            },
            "require": {
                "php": "^7.3|^8.0"
            },
            "require-dev": {
-                "pestphp/pest": "^1.18",
-                "phpstan/phpstan": "^0.12.98",
-                "symfony/var-dumper": "^5.3"
+                "nesbot/carbon": "^2.61",
+                "pestphp/pest": "^1.21.3",
+                "phpstan/phpstan": "^1.8.2",
+                "symfony/var-dumper": "^5.4.11"
            },
            "type": "library",
            "extra": {
@@ -444,7 +453,7 @@
                "issues": "https://github.com/laravel/serializable-closure/issues",
                "source": "https://github.com/laravel/serializable-closure"
            },
-            "time": "2022-02-11T19:23:53+00:00"
+            "time": "2022-09-08T13:45:54+00:00"
        },
        {
            "name": "nikic/fast-route",
@@ -1366,7 +1375,7 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.0.1",
+            "version": "v3.0.2",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1413,7 +1422,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2"
            },
            "funding": [
                {
@@ -1433,16 +1442,16 @@
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab"
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
                "shasum": ""
            },
            "require": {
@@ -1457,7 +1466,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1495,7 +1504,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1511,20 +1520,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-20T20:35:02+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
                "shasum": ""
            },
            "require": {
@@ -1539,7 +1548,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1578,7 +1587,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1594,20 +1603,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-11-30T18:21:41+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f"
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
                "shasum": ""
            },
            "require": {
@@ -1616,7 +1625,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1657,7 +1666,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1673,20 +1682,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-09-13T13:58:11+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.3.10",
+            "version": "v3.4.3",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "8442df056c51b706793adf80a9fd363406dd3674"
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/8442df056c51b706793adf80a9fd363406dd3674",
-                "reference": "8442df056c51b706793adf80a9fd363406dd3674",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
                "shasum": ""
            },
            "require": {
@@ -1701,7 +1710,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "3.3-dev"
+                    "dev-master": "3.4-dev"
                }
            },
            "autoload": {
@@ -1737,7 +1746,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.3.10"
+                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
            },
            "funding": [
                {
@@ -1749,7 +1758,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-04-06T06:47:41+00:00"
+            "time": "2022-09-28T08:42:51+00:00"
        }
    ],
    "packages-dev": [],
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -0,0 +1,79 @@
+{
+	"type": "object",
+	"description": "AIO containers definition schema",
+	"additionalProperties": false,
+	"minProperties": 1,
+	"properties": {
+		"production": {
+			"type": "array",
+			"items": {
+				"type": "object",
+				"additionalProperties": false,
+				"minProperties": 11,
+				"properties": {
+					"containerName": {
+						"type": "string"
+					},
+					"dependsOn": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"displayName": {
+						"type": "string"
+					},
+					"environmentVariables": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"identifier": {
+						"type": "string"
+					},
+					"internalPorts": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"maxShutdownTime": {
+						"type": "integer"
+					},
+					"ports": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"restartPolicy": {
+						"type": "string"
+					},
+					"secrets": {
+						"type": "array"
+					},
+					"volumes": {
+						"type": "array",
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"location": {
+									"type": "string"
+								},
+								"name": {
+									"type": "string"
+								},
+								"writeable": {
+									"type": "boolean"
+								}
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,14 +1,13 @@
 {
  "production": [
    {
+      "identifier": "nextcloud-aio-apache",
      "dependsOn": [
        "nextcloud-aio-onlyoffice",
        "nextcloud-aio-collabora",
-        "nextcloud-aio-clamav",
        "nextcloud-aio-talk",
        "nextcloud-aio-nextcloud"
      ],
-      "identifier": "nextcloud-aio-apache",
      "displayName": "Apache",
      "containerName": "nextcloud/aio-apache",
      "ports": [
@@ -24,7 +23,10 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_HOST=nextcloud-aio-talk",
        "APACHE_PORT=%APACHE_PORT%",
-        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice"
+        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
+        "TZ=%TIMEZONE%",
+        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
+        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
      ],
      "volumes": [
        {
@@ -42,8 +44,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-database",
+      "dependsOn": [],
      "displayName": "Database",
      "containerName": "nextcloud/aio-postgresql",
      "ports": [],
@@ -68,17 +70,22 @@
      "environmentVariables": [
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
-        "POSTGRES_USER=nextcloud"
+        "POSTGRES_USER=nextcloud",
+        "TZ=%TIMEZONE%",
+        "PGTZ=%TIMEZONE%"
      ],
      "maxShutdownTime": 1800,
      "restartPolicy": "unless-stopped"
    },
    {
+      "identifier": "nextcloud-aio-nextcloud",
      "dependsOn": [
        "nextcloud-aio-database",
-        "nextcloud-aio-redis"
+        "nextcloud-aio-redis",
+        "nextcloud-aio-clamav",
+        "nextcloud-aio-fulltextsearch",
+        "nextcloud-aio-imaginary"
      ],
-      "identifier": "nextcloud-aio-nextcloud",
      "displayName": "Nextcloud",
      "containerName": "nextcloud/aio-nextcloud",
      "ports": [],
@@ -107,6 +114,11 @@
          "name": "%NEXTCLOUD_MOUNT%",
          "location": "%NEXTCLOUD_MOUNT%",
          "writeable": true
+        },
+        {
+          "name": "%TRUSTED_CACERTS_DIR%",
+          "location": "/usr/local/share/ca-certificates",
+          "writeable": false
        }
      ],
      "environmentVariables": [
@@ -125,6 +137,7 @@
        "OVERWRITEPROTOCOL=https",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
+        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
@@ -134,14 +147,23 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_ENABLED=%TALK_ENABLED%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "DAILY_BACKUP_RUNNING=%DAILY_BACKUP_RUNNING%"
+        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%",
+        "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
+        "IMAGINARY_HOST=nextcloud-aio-imaginary",
+        "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
+        "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
+        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
+        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%"
      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-redis",
+      "dependsOn": [],
      "displayName": "Redis",
      "containerName": "nextcloud/aio-redis",
      "ports": [],
@@ -149,18 +171,20 @@
        "6379"
      ],
      "environmentVariables": [
-        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [
-        "REDIS_PASSWORD"
+        "REDIS_PASSWORD",
+        "ONLYOFFICE_SECRET"
      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-collabora",
+      "dependsOn": [],
      "displayName": "Collabora",
      "containerName": "nextcloud/aio-collabora",
      "ports": [],
@@ -169,7 +193,9 @@
      ],
      "environmentVariables": [
        "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning"
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
+        "dictionaries=%COLLABORA_DICTIONARIES%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [],
@@ -177,22 +203,24 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-talk",
+      "dependsOn": [],
      "displayName": "Talk",
      "containerName": "nextcloud/aio-talk",
      "ports": [
-        "3478/tcp",
-        "3478/udp"
+        "%TALK_PORT%/tcp",
+        "%TALK_PORT%/udp"
      ],
      "internalPorts": [
-        "3478"
+        "%TALK_PORT%"
      ],
      "environmentVariables": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
-        "JANUS_API_KEY=%JANUS_API_KEY%"
+        "JANUS_API_KEY=%JANUS_API_KEY%",
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%"
      ],
      "volumes": [],
      "secrets": [
@@ -204,8 +232,8 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-borgbackup",
+      "dependsOn": [],
      "displayName": "Borgbackup",
      "containerName": "nextcloud/aio-borgbackup",
      "ports": [],
@@ -214,7 +242,9 @@
        "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
        "BORG_MODE=%BORGBACKUP_MODE%",
        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
-        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%"
+        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
+        "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
+        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%"
      ],
      "volumes": [
        {
@@ -265,8 +295,8 @@
      "restartPolicy": ""
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-watchtower",
+      "dependsOn": [],
      "displayName": "Watchtower",
      "containerName": "nextcloud/aio-watchtower",
      "ports": [],
@@ -276,7 +306,7 @@
      ],
      "volumes": [
        {
-          "name": "/var/run/docker.sock",
+          "name": "%DOCKER_SOCKET_PATH%",
          "location": "/var/run/docker.sock",
          "writeable": false
        }
@@ -306,15 +336,17 @@
      "restartPolicy": ""
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-clamav",
+      "dependsOn": [],
      "displayName": "ClamAV",
      "containerName": "nextcloud/aio-clamav",
      "ports": [],
      "internalPorts": [
        "3310"
      ],
-      "environmentVariables": [],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%"
+      ],
      "volumes": [
        {
          "name": "nextcloud_aio_clamav",
@@ -327,15 +359,20 @@
      "restartPolicy": "unless-stopped"
    },
    {
-      "dependsOn": [],
      "identifier": "nextcloud-aio-onlyoffice",
+      "dependsOn": [],
      "displayName": "OnlyOffice",
      "containerName": "nextcloud/aio-onlyoffice",
      "ports": [],
      "internalPorts": [
        "80"
      ],
-      "environmentVariables": [],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%",
+        "JWT_ENABLED=true",
+        "JWT_HEADER=AuthorizationJwt",
+        "JWT_SECRET=%ONLYOFFICE_SECRET%"
+      ],
      "volumes": [
        {
          "name": "nextcloud_aio_onlyoffice",
@@ -343,6 +380,50 @@
          "writeable": true
        }
      ],
+      "secrets": [
+        "ONLYOFFICE_SECRET"
+      ],
+      "maxShutdownTime": 10,
+      "restartPolicy": "unless-stopped"
+    },
+    {
+      "identifier": "nextcloud-aio-imaginary",
+      "dependsOn": [],
+      "displayName": "Imaginary",
+      "containerName": "nextcloud/aio-imaginary",
+      "ports": [],
+      "internalPorts": [
+        "9000"
+      ],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%"
+      ],
+      "volumes": [],
+      "secrets": [],
+      "maxShutdownTime": 10,
+      "restartPolicy": "unless-stopped"
+    },
+    {
+      "identifier": "nextcloud-aio-fulltextsearch",
+      "dependsOn": [],
+      "displayName": "Fulltextsearch",
+      "containerName": "nextcloud/aio-fulltextsearch",
+      "ports": [],
+      "internalPorts": [
+        "9200"
+      ],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%",
+        "discovery.type=single-node",
+        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
+      ],
+      "volumes": [
+        {
+          "name": "nextcloud_aio_elasticsearch",
+          "location": "/usr/share/elasticsearch/data",
+          "writeable": true
+        }
+      ],
      "secrets": [],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.22.0@fc2c6ab4d5fa5d644d8617089f012f3bb84b8703">
+<files psalm-version="4.29.0@7ec5ffbd5f68ae03782d7fd33fff0c45a69f95b3">
  <file src="public/index.php">
    <MissingClosureParamType occurrences="10">
      <code>$args</code>
@@ -60,9 +60,6 @@
    <InvalidScalarArgument occurrences="1">
      <code>$internalPort</code>
    </InvalidScalarArgument>
-    <PossiblyFalseOperand occurrences="1">
-      <code>strpos($fullDigest, "@")</code>
-    </PossiblyFalseOperand>
    <RedundantCondition occurrences="1">
      <code>$container-&gt;GetInternalPorts() !== null</code>
    </RedundantCondition>
--- a/php/public/disable-fulltextsearch.js
+++ b/php/public/disable-fulltextsearch.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Fulltextsearch
+    var fulltextsearch = document.getElementById("fulltextsearch");
+    fulltextsearch.disabled = true;
+}); 
--- a/php/public/disable-imaginary.js
+++ b/php/public/disable-imaginary.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Imaginary
+    var imaginary = document.getElementById("imaginary");
+    imaginary.disabled = true;
+});
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,5 +1,9 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    // OnlyOffice
-    var onlyoffice = document.getElementById("onlyoffice");
-    onlyoffice.disabled = true;
+document.addEventListener("DOMContentLoaded", function(event) {
+    // OnlyOffice
+    try {
+        var onlyoffice = document.getElementById("onlyoffice");
+        onlyoffice.disabled = true;
+    } catch (error) {
+        // console.error(error);
+    }
 });
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -12,7 +12,7 @@
    }
    lastError = toast
    body.prepend(toast)
-    setTimeout(toast.remove.bind(toast), 3000)
+    setTimeout(toast.remove.bind(toast), 10000)
  }

  function handleEvent(e) {
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -81,6 +81,7 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
        'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
        'backup_exit_code' => $dockerActionManger->GetBackupcontainerExitCode(),
+        'is_instance_restore_attempt' => $configurationManager->isInstanceRestoreAttempt(),
        'borg_backup_mode' => $configurationManager->GetBorgBackupMode(),
        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked(),
        'has_update_available' => $dockerActionManger->isAnyUpdateAvailable(),
@@ -95,6 +96,15 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
        'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
        'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
        'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
+        'timezone' => $configurationManager->GetTimezone(),
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
+        'talk_port' => $configurationManager->GetTalkPort(),
+        'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
+        'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
+        'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
+        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
+        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
+        'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
    ]);
 })->setName('profile');
 $app->get('/login', function ($request, $response, $args) use ($container) {
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -13,8 +13,12 @@ document.addEventListener("DOMContentLoaded", function(event) {
    clamav.addEventListener('change', makeOptionsFormSubmitVisible);

    // OnlyOffice
-    var onlyoffice = document.getElementById("onlyoffice");
-    onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+    try {
+        var onlyoffice = document.getElementById("onlyoffice");
+        onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+    } catch (error) {
+        // console.error(error);
+    }

    // Collabora
    var collabora = document.getElementById("collabora");
@@ -23,4 +27,12 @@ document.addEventListener("DOMContentLoaded", function(event) {
    // Talk
    var talk = document.getElementById("talk");
    talk.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Imaginary
+    var imaginary = document.getElementById("imaginary");
+    imaginary.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Fulltextsearch
+    var fulltextsearch = document.getElementById("fulltextsearch");
+    fulltextsearch.addEventListener('change', makeOptionsFormSubmitVisible);
 });
--- a/php/public/second-tab-warning.js
+++ b/php/public/second-tab-warning.js
@@ -0,0 +1,12 @@
+const channel = new BroadcastChannel('tab')
+
+channel.postMessage('second-tab')
+// note that listener is added after posting the message
+
+channel.addEventListener('message', (msg) => {
+    if (msg.data === 'second-tab') {
+        // message received from 2nd tab
+        document.getElementById('overlay').classList.add('loading')
+        alert('Cannot open multiple instances. You can use AIO here by reloading the page.')
+    }
+});
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -3,6 +3,8 @@
 namespace AIO\Auth;

 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;

 class AuthManager {
    private const SESSION_KEY = 'aio_authenticated';
@@ -21,6 +23,14 @@ class AuthManager {
    }

    public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
        $_SESSION[self::SESSION_KEY] = $isLoggedIn;
    }

--- a/php/src/Auth/PasswordGenerator.php
+++ b/php/src/Auth/PasswordGenerator.php
@@ -7792,7 +7792,7 @@ class PasswordGenerator
            if($password !== '') {
                $password = $password . ' ';
            }
-            $password = $password . $this->words[random_int(0, 2047)];
+            $password = $password . $this->words[random_int(0, 7775)];
        }

        return $password;
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -65,12 +65,24 @@ class ContainerDefinitionFetcher
                if (!$this->configurationManager->isTalkEnabled()) {
                    continue;
                }
+            } elseif ($entry['identifier'] === 'nextcloud-aio-imaginary') {
+                if (!$this->configurationManager->isImaginaryEnabled()) {
+                    continue;
+                }
+            } elseif ($entry['identifier'] === 'nextcloud-aio-fulltextsearch') {
+                if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                    continue;
+                }
            }

            $ports = new ContainerPorts();
            foreach ($entry['ports'] as $port) {
                if($port === '%APACHE_PORT%/tcp') {
                    $port = $this->configurationManager->GetApachePort() . '/tcp';
+                } elseif($port === '%TALK_PORT%/tcp') {
+                    $port = $this->configurationManager->GetTalkPort() . '/tcp';
+                } elseif($port === '%TALK_PORT%/udp') {
+                    $port = $this->configurationManager->GetTalkPort() . '/udp';
                }
                $ports->AddPort($port);
            }
@@ -79,6 +91,8 @@ class ContainerDefinitionFetcher
            foreach ($entry['internalPorts'] as $internalPort) {
                if($internalPort === '%APACHE_PORT%') {
                    $internalPort = $this->configurationManager->GetApachePort();
+                } elseif($internalPort === '%TALK_PORT%') {
+                    $internalPort = $this->configurationManager->GetTalkPort();
                }
                $internalPorts->AddInternalPort($internalPort);
            }
@@ -101,8 +115,18 @@ class ContainerDefinitionFetcher
                    if ($value['name'] === '') {
                        continue;
                    }
+                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
+                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
+                    if($value['name'] === '') {
+                        continue;
+                    }
+                } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') {
+                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
+                    if($value['name'] === '') {
+                        continue;
+                    }
                }
-                if($value['location'] === '%NEXTCLOUD_MOUNT%') {
+                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
                    $value['location'] = $this->configurationManager->GetNextcloudMount();
                    if($value['location'] === '') {
                        continue;
@@ -135,6 +159,14 @@ class ContainerDefinitionFetcher
                    if (!$this->configurationManager->isTalkEnabled()) {
                        continue;
                    }
+                } elseif ($value === 'nextcloud-aio-imaginary') {
+                    if (!$this->configurationManager->isImaginaryEnabled()) {
+                        continue;
+                    }
+                } elseif ($value === 'nextcloud-aio-fulltextsearch') {
+                    if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                        continue;
+                    }
                }
                $dependsOn[] = $value;
            }
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -44,14 +44,33 @@ class ConfigurationController
            }

            if (isset($request->getParsedBody()['daily_backup_time'])) {
+                if (isset($request->getParsedBody()['automatic_updates'])) {
+                    $enableAutomaticUpdates = true;
+                } else {
+                    $enableAutomaticUpdates = false;
+                }
                $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
-                $this->configurationManager->SetDailyBackupTime($dailyBackupTime);
+                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates);
            }

            if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
                $this->configurationManager->DeleteDailyBackupTime();
            }

+            if (isset($request->getParsedBody()['additional_backup_directories'])) {
+                $additionalBackupDirectories = $request->getParsedBody()['additional_backup_directories'] ?? '';
+                $this->configurationManager->SetAdditionalBackupDirectories($additionalBackupDirectories);
+            }
+
+            if (isset($request->getParsedBody()['delete_timezone'])) {
+                $this->configurationManager->DeleteTimezone();
+            }
+
+            if (isset($request->getParsedBody()['timezone'])) {
+                $timezone = $request->getParsedBody()['timezone'] ?? '';
+                $this->configurationManager->SetTimezone($timezone);
+            }
+
            if (isset($request->getParsedBody()['options-form'])) {
                if (isset($request->getParsedBody()['collabora']) && isset($request->getParsedBody()['onlyoffice'])) {
                    throw new InvalidSettingConfigurationException("Collabora and Onlyoffice are not allowed to be enabled at the same time!");
@@ -76,6 +95,25 @@ class ConfigurationController
                } else {
                    $this->configurationManager->SetTalkEnabledState(0);
                }
+                if (isset($request->getParsedBody()['imaginary'])) {
+                    $this->configurationManager->SetImaginaryEnabledState(1);
+                } else {
+                    $this->configurationManager->SetImaginaryEnabledState(0);
+                }
+                if (isset($request->getParsedBody()['fulltextsearch'])) {
+                    $this->configurationManager->SetFulltextsearchEnabledState(1);
+                } else {
+                    $this->configurationManager->SetFulltextsearchEnabledState(0);
+                }
+            }
+
+            if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
+                $this->configurationManager->DeleteCollaboraDictionaries();
+            }
+
+            if (isset($request->getParsedBody()['collabora_dictionaries'])) {
+                $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
+                $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
            }

            return $response->withStatus(201)->withHeader('Location', '/');
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,25 +26,23 @@ class DockerController
        $this->configurationManager = $configurationManager;
    }

-    private function PerformRecursiveContainerStart(string $id) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency);
+            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
        }

-        $pullcontainer = true;
        if ($id === 'nextcloud-aio-database') {
            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullcontainer = false;
+                $pullContainer = false;
+                error_log('Not pulling the latest database image because the container was not correctly shut down.');
            }
        }
        $this->dockerActionManager->DeleteContainer($container);
        $this->dockerActionManager->CreateVolumes($container);
-        if ($pullcontainer) {
+        if ($pullContainer) {
            $this->dockerActionManager->PullContainer($container);
-        } else {
-            error_log('Not pulling the latest database image because the container was not correctly shut down.');
        }
        $this->dockerActionManager->CreateContainer($container);
        $this->dockerActionManager->StartContainer($container);
@@ -87,20 +85,23 @@ class DockerController
    }

    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+        $this->checkBackup();
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function checkBackup() : void {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'check';
        $this->configurationManager->WriteConfig($config);

        $id = 'nextcloud-aio-borgbackup';
        $this->PerformRecursiveContainerStart($id);
-
-        return $response->withStatus(201)->withHeader('Location', '/');
    }

    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
        $this->configurationManager->WriteConfig($config);

        $id = self::TOP_CONTAINER;
@@ -115,6 +116,7 @@ class DockerController
    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'test';
+        $config['instance_restore_attempt'] = 0;
        $this->configurationManager->WriteConfig($config);

        $id = self::TOP_CONTAINER;
@@ -131,6 +133,10 @@ class DockerController
        $uri = $request->getUri();
        $host = $uri->getHost();
        $port = $uri->getPort();
+        if ($port === 8000) {
+            error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
+            $port = 443;
+        }

        $config = $this->configurationManager->GetConfig();
        // set AIO_URL
@@ -140,12 +146,12 @@ class DockerController
        $this->configurationManager->WriteConfig($config);

        // Start container
-        $this->startTopContainer();
+        $this->startTopContainer(true);

        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function startTopContainer() : void {
+    public function startTopContainer(bool $pullContainer) : void {
        $config = $this->configurationManager->GetConfig();
        // set AIO_TOKEN
        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -156,7 +162,7 @@ class DockerController

        $id = self::TOP_CONTAINER;

-        $this->PerformRecursiveContainerStart($id);
+        $this->PerformRecursiveContainerStart($id, $pullContainer);
    }

    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
@@ -190,6 +196,11 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

+    public function stopTopContainer() : void {
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveContainerStop($id);
+    }
+
    public function StartDomaincheckContainer() : void
    {
        # Don't start if domain is already set
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -23,7 +23,7 @@ class LoginController
        if (!$this->dockerActionManager->isLoginAllowed()) {
            return $response->withHeader('Location', '/')->withStatus(302);
        }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
        if($this->authManager->CheckCredentials($password)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
@@ -33,7 +33,7 @@ class LoginController
    }

    public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+        $token = $request->getQueryParams()['token'] ?? '';
        if($this->authManager->CheckToken($token)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
--- a/php/src/Cron/CheckBackup.php
+++ b/php/src/Cron/CheckBackup.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Stop container and start backup check
+$dockerController->checkBackup();
--- a/php/src/Cron/CreateBackup.php
+++ b/php/src/Cron/CreateBackup.php
@@ -15,6 +15,3 @@ $dockerController = $container->get(\AIO\Controller\DockerController::class);

 // Stop container and start backup
 $dockerController->startBackup();
-
-// Start apache
-$dockerController->startTopContainer();
--- a/php/src/Cron/StartAndUpdateContainers.php
+++ b/php/src/Cron/StartAndUpdateContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(true);
--- a/php/src/Cron/StartContainers.php
+++ b/php/src/Cron/StartContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(false);
--- a/php/src/Cron/StopContainers.php
+++ b/php/src/Cron/StopContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->stopTopContainer();
--- a/php/src/Cron/UpdateNotification.php
+++ b/php/src/Cron/UpdateNotification.php
@@ -22,9 +22,9 @@ $isMastercontainerUpdateAvailable = $dockerActionManger->IsMastercontainerUpdate
 $isAnyUpdateAvailable = $dockerActionManger->isAnyUpdateAvailable();

 if ($isMastercontainerUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your management interface to update it.');
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Mastercontainer update available!', 'Please open your AIO interface to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates the mastercontainer.');
 }

 if ($isAnyUpdateAvailable === true) {
-    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your management interface to update them.');
+    $dockerActionManger->sendNotification($nextcloudContainer, 'Container updates available!', 'Please open your AIO interface to update them. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which also automatically updates your containers and your Nextcloud apps.');
 }
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -139,6 +139,36 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

+    public function isImaginaryEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetImaginaryEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isImaginaryEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
+    public function isFulltextsearchEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetFulltextsearchEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isFulltextsearchEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
    public function isOnlyofficeEnabled() : bool {
        $config = $this->GetConfig();
        if (isset($config['isOnlyofficeEnabled']) && $config['isOnlyofficeEnabled'] === 1) {
@@ -190,7 +220,7 @@ class ConfigurationManager
    public function SetDomain(string $domain) : void {
        // Validate domain
        if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
-            throw new InvalidSettingConfigurationException("Domain is not in a valid format!");
+            throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
        }

        // Validate that it is not an IP-address
@@ -198,40 +228,71 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("Please enter a domain and not an IP-address!");
        }

-        $dnsRecordIP = gethostbyname($domain);
+        // Skip domain validation if opted in to do so
+        if (!$this->shouldDomainValidationBeSkipped()) {

-        // Validate IP
-        if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
-            throw new InvalidSettingConfigurationException("DNS config is not set or domain is not in a valid format!");
-        }
+            $dnsRecordIP = gethostbyname($domain);
+            if ($dnsRecordIP === $domain) {
+                $dnsRecordIP = '';
+            }

-        $connection = @fsockopen($domain, 443, $errno, $errstr, 0.1);
-        if ($connection) {
-            fclose($connection);
-        } else {
-            throw new InvalidSettingConfigurationException("The server is not reachable on Port 443.");
-        }
+            if (empty($dnsRecordIP)) {
+                $record = dns_get_record($domain, DNS_AAAA);
+                if (!empty($record)) {
+                    $dnsRecordIP = $record[0]['ipv6'];
+                }
+            }

-        // Get Instance ID
-        $instanceID = $this->GetSecret('INSTANCE_ID');
+            // Validate IP
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
+                throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
+            }

-        // set protocol
-        $port = $this->GetApachePort();
-        if ($port !== '443') {
-            $protocol = 'https://';
-        } else {
-            $protocol = 'http://';
-        }
+            // Get the apache port
+            $port = $this->GetApachePort();

-        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $protocol . $domain . ':443');
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        $response = (string)curl_exec($ch);
-        # Get rid of trailing \n
-        $response = str_replace("\n", "", $response);
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
+                if ($port === '443') {
+                    throw new InvalidSettingConfigurationException($errorMessage);
+                } else {
+                    error_log($errorMessage);
+                }
+            }

-        if($response !== $instanceID) {
-            throw new InvalidSettingConfigurationException("Domain does not point to this server or reverse proxy not configured correctly.");
+            // Check if port 443 is open
+            $connection = @fsockopen($domain, 443, $errno, $errstr, 10);
+            if ($connection) {
+                fclose($connection);
+            } else {
+                throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
+            }
+
+            // Get Instance ID
+            $instanceID = $this->GetSecret('INSTANCE_ID');
+
+            // set protocol
+            if ($port !== '443') {
+                $protocol = 'https://';
+            } else {
+                $protocol = 'http://';
+            }
+
+            // Check if response is correct
+            $ch = curl_init();
+            $testUrl = $protocol . $domain . ':443';
+            curl_setopt($ch, CURLOPT_URL, $testUrl);
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            $response = (string)curl_exec($ch);
+            # Get rid of trailing \n
+            $response = str_replace("\n", "", $response);
+
+            if ($response !== $instanceID) {
+                error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
+                error_log('Expected was: ' . $instanceID);
+                error_log('The error message was: ' . curl_error($ch));
+                throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+            }
        }

        // Write domain
@@ -282,26 +343,15 @@ class ConfigurationManager
     * @throws InvalidSettingConfigurationException
     */
    public function SetBorgBackupHostLocation(string $location) : void {
-        $allowedPrefixes = [
-            '/mnt/',
-            '/media/',
-            '/host_mnt/',
-        ];
-
        $isValidPath = false;
-        foreach($allowedPrefixes as $allowedPrefix) {
-            if(str_starts_with($location, $allowedPrefix) && !str_ends_with($location, '/')) {
-                $isValidPath = true;
-                break;
-            }
-            if ($location === '/var/backups') {
-                $isValidPath = true;
-                break;
-            }
+        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
+            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
        }

-        if(!$isValidPath) {
-            throw new InvalidSettingConfigurationException("The path must start with '/mnt/', '/media/' or '/host_mnt/' or be equal to '/var/backups'.");
+        if (!$isValidPath) {
+            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
        }


@@ -321,10 +371,12 @@ class ConfigurationManager
        $isValidPath = false;
        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
        }

-        if(!$isValidPath) {
-            throw new InvalidSettingConfigurationException("The path may start with '/mnt/', '/media/' or '/host_mnt/' or may be equal to '/var/backups'.");
+        if (!$isValidPath) {
+            throw new InvalidSettingConfigurationException("The path must start with '/', and must not end with '/'!");
        }

        if ($password === '') {
@@ -334,6 +386,7 @@ class ConfigurationManager
        $config = $this->GetConfig();
        $config['borg_backup_host_location'] = $location;
        $config['borg_restore_password'] = $password;
+        $config['instance_restore_attempt'] = 1;
        $this->WriteConfig($config);
    }

@@ -372,6 +425,13 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetTalkPort() : string {
+        $envVariableName = 'TALK_PORT';
+        $configName = 'talk_port';
+        $defaultValue = '3478';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
@@ -379,7 +439,11 @@ class ConfigurationManager
        if(!is_dir(DataConst::GetDataDirectory())) {
            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
        }
-        file_put_contents(DataConst::GetConfigFile(), json_encode($config));
+        $df = disk_free_space(DataConst::GetDataDirectory());
+        if ($df !== false && (int)$df < 10240) {
+            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
+        }
+        file_put_contents(DataConst::GetConfigFile(), json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT));
    }

    private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
@@ -422,6 +486,18 @@ class ConfigurationManager
        return $config['borg_restore_password'];
    }

+    public function isInstanceRestoreAttempt() : bool {
+        $config = $this->GetConfig();
+        if(!isset($config['instance_restore_attempt'])) {
+            $config['instance_restore_attempt'] = '';
+        }
+
+        if ($config['instance_restore_attempt'] === 1) {
+            return true;
+        }
+        return false;
+    }
+
    public function GetBorgBackupMode() : string {
        $config = $this->GetConfig();
        if(!isset($config['backup-mode'])) {
@@ -445,10 +521,58 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetNextcloudUploadLimit() : string {
+        $envVariableName = 'NEXTCLOUD_UPLOAD_LIMIT';
+        $configName = 'nextcloud_upload_limit';
+        $defaultValue = '10G';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetApacheMaxSize() : int {
+        $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
+        return $uploadLimit * 1024 * 1024 * 1024;
+    }
+
+    public function GetNextcloudMaxTime() : string {
+        $envVariableName = 'NEXTCLOUD_MAX_TIME';
+        $configName = 'nextcloud_max_time';
+        $defaultValue = '3600';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetDockerSocketPath() : string {
+        $envVariableName = 'DOCKER_SOCKET_PATH';
+        $configName = 'docker_socket_path';
+        $defaultValue = '/var/run/docker.sock';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetTrustedCacertsDir() : string {
+        $envVariableName = 'TRUSTED_CACERTS_DIR';
+        $configName = 'trusted_cacerts_dir';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetCollaboraSeccompPolicy() : string {
+        $defaultString = '--o:security.seccomp=';
+        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+            return $defaultString . 'true';
+        }
+        return $defaultString . 'false';
+    }
+
+    private function GetCollaboraSeccompDisabledState() : string {
+        $envVariableName = 'COLLABORA_SECCOMP_DISABLED';
+        $configName = 'collabora_seccomp_disabled';
+        $defaultValue = 'false';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
-    public function SetDailyBackupTime(string $time) : void {
+    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates) : void {
        if ($time === "") {
            throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
        }
@@ -457,6 +581,9 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
        }
        
+        if ($enableAutomaticUpdates === false) {
+            $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
+        }
        file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
    }

@@ -464,7 +591,22 @@ class ConfigurationManager
        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
            return '';
        }
-        return file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        return $dailyBackupFileArray[0];
+    }
+
+    public function areAutomaticUpdatesEnabled() : bool {
+        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
+            return false;
+        }
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        if (isset($dailyBackupFileArray[1]) && $dailyBackupFileArray[1] === 'automaticUpdatesAreNotEnabled') {
+            return false;
+        } else {
+            return true;
+        }
    }

    public function DeleteDailyBackupTime() : void {
@@ -473,10 +615,142 @@ class ConfigurationManager
        }
    }

+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetAdditionalBackupDirectories(string $additionalBackupDirectories) : void {
+        $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
+        $validDirectories = '';
+        foreach($additionalBackupDirectoriesArray as $entry) {
+            // Trim all unwanted chars on both sites
+            $entry = trim($entry);
+            if ($entry !== "") {
+                if (!preg_match("#^/[0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[0-1a-zA-Z_-]+$#", $entry)) {
+                    throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
+                }
+                $validDirectories .= rtrim($entry, '/') . PHP_EOL;
+            }
+        }
+
+        if ($validDirectories === '') {
+            unlink(DataConst::GetAdditionalBackupDirectoriesFile());
+        } else {
+            file_put_contents(DataConst::GetAdditionalBackupDirectoriesFile(), $validDirectories);
+        }
+    }
+
+    public function GetAdditionalBackupDirectoriesString() : string {
+        if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
+            return '';
+        }
+        $additionalBackupDirectories = file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
+        return $additionalBackupDirectories;
+    }
+
+    public function GetAdditionalBackupDirectoriesArray() : array {
+        $additionalBackupDirectories = $this->GetAdditionalBackupDirectoriesString();
+        $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
+        $additionalBackupDirectoriesArray = array_unique($additionalBackupDirectoriesArray, SORT_REGULAR);
+        return $additionalBackupDirectoriesArray;
+    }
+
    public function isDailyBackupRunning() : bool {
        if (file_exists(DataConst::GetDailyBackupBlockFile())) {
            return true;
        }
        return false;
    }
+
+    public function GetTimezone() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['timezone'])) {
+            $config['timezone'] = '';
+        }
+
+        return $config['timezone'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetTimezone(string $timezone) : void {
+        if ($timezone === "") {
+            throw new InvalidSettingConfigurationException("The timezone must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z0-9_\-\/\+]+$#", $timezone)) {
+            throw new InvalidSettingConfigurationException("The entered timezone does not seem to be a valid timezone!");
+        }
+
+        $config = $this->GetConfig();
+        $config['timezone'] = $timezone;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteTimezone() : void {
+        $config = $this->GetConfig();
+        $config['timezone'] = '';
+        $this->WriteConfig($config);
+    }
+
+    public function shouldDomainValidationBeSkipped() : bool {
+        if (getenv('SKIP_DOMAIN_VALIDATION') !== false) {
+            return true;
+        }
+        return false;
+    }
+
+    public function GetCollaboraDictionaries() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['collabora_dictionaries'])) {
+            $config['collabora_dictionaries'] = '';
+        }
+
+        return $config['collabora_dictionaries'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetCollaboraDictionaries(string $CollaboraDictionaries) : void {
+        if ($CollaboraDictionaries === "") {
+            throw new InvalidSettingConfigurationException("The dictionaries must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z_ ]+$#", $CollaboraDictionaries)) {
+            throw new InvalidSettingConfigurationException("The entered dictionaries do not seem to be a valid!");
+        }
+
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = $CollaboraDictionaries;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteCollaboraDictionaries() : void {
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = '';
+        $this->WriteConfig($config);
+    }
+
+    public function GetApacheIPBinding() : string {
+        $envVariableName = 'APACHE_IP_BINDING';
+        $configName = 'apache_ip_binding';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    private function GetDisableBackupSection() : string {
+        $envVariableName = 'DISABLE_BACKUP_SECTION';
+        $configName = 'disable_backup_section';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isBackupSectionEnabled() : bool {
+        if ($this->GetDisableBackupSection() === 'true') {
+            return false;
+        } else {
+            return true;
+        }
+    }
 }
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -31,6 +31,10 @@ class DataConst {
        return self::GetDataDirectory() . '/daily_backup_time';
    }

+    public static function GetAdditionalBackupDirectoriesFile() : string {
+        return self::GetDataDirectory() . '/additional_backup_directories';
+    }
+
    public static function GetDailyBackupBlockFile() : string {
        return self::GetDataDirectory() . '/daily_backup_running';
    }
@@ -42,4 +46,8 @@ class DataConst {
    public static function GetBackupArchivesList() : string {
        return self::GetDataDirectory() . '/backup_archives.list';
    }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -97,14 +97,21 @@ class DockerActionManager
    {
        $tag = $this->GetCurrentChannel();

-        $runningDigest = $this->GetRepoDigestOfContainer($container->GetIdentifier());
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
-
-        if ($runningDigest === $remoteDigest || $remoteDigest === null || $runningDigest === null) {
-            return new VersionEqualState();
-        } else {
+        $runningDigests = $this->GetRepoDigestsOfContainer($container->GetIdentifier());
+        if ($runningDigests === null) {
            return new VersionDifferentState();
        }
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($container->GetContainerName(), $tag);
+        if ($remoteDigest === null) {
+            return new VersionEqualstate();
+        }
+
+        foreach($runningDigests as $runningDigest) {
+            if ($runningDigest === $remoteDigest) {
+                return new VersionEqualState();
+            }
+        }
+        return new VersionDifferentState();
    }

    public function GetContainerStartingState(Container $container) : IContainerState
@@ -155,11 +162,11 @@ class DockerActionManager
        $response = "";
        $separator = "\r\n";
        $line = strtok($responseBody, $separator);
-        $response = substr($line, 8) . "\n";
+        $response = substr($line, 8) . $separator;

        while ($line !== false) {
            $line = strtok($separator);
-            $response .= substr($line, 8) . "\n";
+            $response .= substr($line, 8) . $separator;
        }

        return $response;
@@ -178,6 +185,10 @@ class DockerActionManager
                '/',
            ];

+            if ($volume->name === 'nextcloud_aio_nextcloud_datadir' || $volume->name === 'nextcloud_aio_backupdir') {
+                return;
+            }
+
            $firstChar = substr($volume->name, 0, 1);
            if(!in_array($firstChar, $forbiddenChars)) {
                $this->guzzleClient->request(
@@ -239,6 +250,8 @@ class DockerActionManager
                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
                } elseif ($out[1] === 'APACHE_PORT') {
                    $replacements[1] = $this->configurationManager->GetApachePort();
+                } elseif ($out[1] === 'TALK_PORT') {
+                    $replacements[1] = $this->configurationManager->GetTalkPort();
                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
@@ -267,12 +280,54 @@ class DockerActionManager
                    } else {
                        $replacements[1] = '';
                    }
-                } elseif ($out[1] === 'DAILY_BACKUP_RUNNING') {
-                    if ($this->configurationManager->isDailyBackupRunning()) {
+                } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') {
+                    if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
                        $replacements[1] = 'yes';
                    } else {
                        $replacements[1] = '';
                    }
+                } elseif ($out[1] === 'TIMEZONE') {
+                    if ($this->configurationManager->GetTimezone() === '') {
+                        $replacements[1] = 'UTC';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetTimezone();
+                    }
+                } elseif ($out[1] === 'COLLABORA_DICTIONARIES') {
+                    if ($this->configurationManager->GetCollaboraDictionaries() === '') {
+                        $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetCollaboraDictionaries();
+                    }
+                } elseif ($out[1] === 'IMAGINARY_ENABLED') {
+                    if ($this->configurationManager->isImaginaryEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'FULLTEXTSEARCH_ENABLED') {
+                    if ($this->configurationManager->isFulltextsearchEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
+                } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') {
+                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
+                } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
+                    if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
+                    $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
+                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
+                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
+                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                } else {
                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                }
@@ -289,13 +344,22 @@ class DockerActionManager

        if(count($exposedPorts) > 0) {
            $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach($container->GetPorts()->GetPorts() as $port) {
+            foreach ($container->GetPorts()->GetPorts() as $port) {
                $portNumber = explode("/", $port);
-                $requestBody['HostConfig']['PortBindings'][$port] = [
-                    [
-                    'HostPort' => $portNumber[0],
-                    ]
-                ];
+                if ($this->configurationManager->GetApachePort() === $portNumber[0] && $this->configurationManager->GetApacheIPBinding() !== '') {
+                    $requestBody['HostConfig']['PortBindings'][$port] = [
+                        [
+                        'HostPort' => $portNumber[0],
+                        'HostIp' => $this->configurationManager->GetApacheIPBinding(),
+                        ]
+                    ];
+                } else {
+                    $requestBody['HostConfig']['PortBindings'][$port] = [
+                        [
+                        'HostPort' => $portNumber[0],
+                        ]
+                    ];
+                }
            }
        }

@@ -304,6 +368,21 @@ class DockerActionManager
            $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
            $requestBody['HostConfig']['Devices'] = [["PathOnHost" => "/dev/fuse", "PathInContainer" => "/dev/fuse", "CgroupPermissions" => "rwm"]];
            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
+            
+            // Additional backup directories
+            $mounts = [];
+            foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
+                if ($additionalBackupDirectories !== '') {
+                    if (!str_starts_with($additionalBackupDirectories, '/')) {
+                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => true];
+                    } else {
+                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => true, "BindOptions" => ["NonRecursive" => true]];
+                    }
+                }
+            }
+            if(count($mounts) > 0) {
+                $requestBody['HostConfig']['Mounts'] = $mounts;
+            }
        }

        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
@@ -358,7 +437,7 @@ class DockerActionManager
        }
    }

-    private function GetRepoDigestOfContainer(string $containerName) : ?string {
+    private function GetRepoDigestsOfContainer(string $containerName) : ?array {
        try {
            $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true);
@@ -367,10 +446,30 @@ class DockerActionManager
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);

-            if(isset($imageOutput['RepoDigests']) && count($imageOutput['RepoDigests']) === 1) {
-                $fullDigest = $imageOutput['RepoDigests'][0];
+            if (!isset($imageOutput['RepoDigests'])) {
+                error_log('RepoDigests is not set of container ' . $containerName);
+                return null;
+            } 

-                return substr($fullDigest, strpos($fullDigest, "@") + 1);
+            if (!is_array($imageOutput['RepoDigests'])) {
+                error_log('RepoDigests of ' . $containerName . ' is not an array which is not allowed!');
+                return null;
+            }
+
+            $repoDigestArray = [];
+            $oneDigestGiven = false;
+            foreach($imageOutput['RepoDigests'] as $repoDigest) {
+                $digestPosition = strpos($repoDigest, '@');
+                if ($digestPosition === false) {
+                    error_log('Somehow the RepoDigest of ' . $containerName . ' does not contain a @.');
+                    return null;
+                }
+                $repoDigestArray[] = substr($repoDigest, $digestPosition + 1);
+                $oneDigestGiven = true;
+            }
+
+            if ($oneDigestGiven) {
+                return $repoDigestArray;
            }

            return null;
@@ -394,6 +493,13 @@ class DockerActionManager
            $tagArray = explode(':', $output['Config']['Image']);
            $tag = $tagArray[1];
            apcu_add($cacheKey, $tag);
+            /**
+             * @psalm-suppress TypeDoesNotContainNull
+             */
+            if ($tag === null) {
+                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
+                $tag = 'latest';
+            }
            return $tag;
        } catch (\Exception $e) {
            error_log('Could not get current channel ' . $e->getMessage());
@@ -409,14 +515,21 @@ class DockerActionManager

        $tag = $this->GetCurrentChannel();

-        $runningDigest = $this->GetRepoDigestOfContainer($containerName);
-        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
-
-        if ($remoteDigest === $runningDigest || $remoteDigest === null) {
-            return false;
-        } else {
+        $runningDigests = $this->GetRepoDigestsOfContainer($containerName);
+        if ($runningDigests === null) {
            return true;
        }
+        $remoteDigest = $this->dockerHubManager->GetLatestDigestOfTag($imageName, $tag);
+        if ($remoteDigest === null) {
+            return false;
+        }
+
+        foreach ($runningDigests as $runningDigest) {
+            if ($remoteDigest === $runningDigest) {
+                return false;
+            }
+        }
+        return true;
    }

    public function sendNotification(Container $container, string $subject, string $message) : void
@@ -496,9 +609,13 @@ class DockerActionManager
                $url,
                [
                    'json' => [
-                        'name' => 'nextcloud-aio',
-                        'checkDuplicate' => true,
-                        'internal' => true,
+                        'Name' => 'nextcloud-aio',
+                        'CheckDuplicate' => true,
+                        'Driver' => 'bridge',
+                        'Internal' => false,
+                        'Options' => [
+                            'com.docker.network.bridge.enable_icc' => 'true'
+                        ]
                    ]
                ]
            );
--- a/php/src/Middleware/AuthMiddleware.php
+++ b/php/src/Middleware/AuthMiddleware.php
@@ -28,10 +28,10 @@ class AuthMiddleware

        if(!in_array($request->getUri()->getPath(), $publicRoutes)) {
            if(!$this->authManager->IsAuthenticated()) {
-                $response = new Response();
-                return $response
-                    ->withHeader('Location', '/')
-                    ->withStatus(302);
+                $status = 302;
+                $headers = ['Location' => '/'];
+                $response = new Response($status, $headers);
+                return $response;
            }
        }

--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,10 @@
    </header>

    <div class="content">
-        <h1>Nextcloud AIO v1.0.0</h1>
+        <h1>Nextcloud AIO v2.1.0</h1>
+
+        {# Add 2nd tab warning #}
+        <script type="text/javascript" src="second-tab-warning.js"></script>

        {% set isAnyRunning = false %}
        {% set isAnyRestarting = false %}
@@ -51,13 +54,15 @@

        {% if is_daily_backup_running == true %}
            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
-            It will update all containers and all apps if the backup is successful.<br /><br />
-            {% if is_mastercontainer_update_available == true %}
-                Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            {% if automatic_updates == true %}
+                It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
+                {% if is_mastercontainer_update_available == true %}
+                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+                {% endif %}
            {% endif %}
            {% if has_update_available == false %}
                The whole process should not take more than a few minutes.<br /><br />
-            {% else %}
+            {% elseif automatic_updates == true %}
                The whole process can take a while because your containers get updated.<br /><br />
            {% endif %}
            <a href="" class="button reload">Reload ↻</a><br/>
@@ -68,7 +73,7 @@
            {% if is_backup_container_running == false and domain == "" %}
                {% if is_mastercontainer_update_available == true %}
                    <h2>Mastercontainer update</h2>
-                    ⚠ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
+                    ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
                    <form method="POST" action="/api/docker/watchtower" class="xhr">
                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -79,85 +84,97 @@
                        Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                        <h2>New AIO instance</h2>
                        Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
+                        {% if skip_domain_validation == true %}
+                            <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
+                        {% endif %}
                        <form method="POST" action="/api/configuration" class="xhr">
                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                            <input class="button" type="submit" value="Submit" />
                        </form>
-                        Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
-                        If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
+                        {% if skip_domain_validation == false %}
+                            Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
+                            If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
+                            <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br><br>
+                        {% endif %}

-                        <h2>Restore AIO instance from backup</h2>
-                        You can alternatively restore an AIO instance from backup.<br><br>
+                        <h2>Restore former AIO instance from backup</h2>
+                        You can alternatively restore a former AIO instance from backup.<br><br>
                    {% endif %}

-                    {% if borg_backup_host_location != '' and borg_restore_password != '' %}
-                        {% if borg_backup_mode in ['test', 'check'] %}
-                            {% if backup_exit_code > 0 %}
-                                <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                                {% if borg_backup_mode == 'test' %}
-                                    Please adjust the path and/or password in order to make it work! After changing and submitting the values, click on 'Test path and password' button at the bottom of this page to verify and test the new settings!<br><br>
-                                {% elseif borg_backup_mode == 'check' %}
-                                    The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html?highlight=repair#:~:text=repairing%20a%20damaged%20repository"><b>this documentation</b></a>
-                                {% endif %}
-                            {% elseif backup_exit_code == 0 %}
-                                <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                                {% if borg_backup_mode == 'test' %}
-                                    Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
-                                    <form method="POST" action="/api/docker/backup-check" class="xhr">
+                    {% if is_instance_restore_attempt == false %}
+                        {% if borg_backup_host_location != '' and borg_restore_password != '' %}
+                            {% if borg_backup_mode in ['test', 'check'] %}
+                                {% if backup_exit_code > 0 %}
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == 'test' %}
+                                        Please adjust the path and/or the password in order to make it work!<br><br>
+                                    {% elseif borg_backup_mode == 'check' %}
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html?highlight=repair#:~:text=repairing%20a%20damaged%20repository"><b>this documentation</b></a>
+                                    {% endif %}
+                                {% elseif backup_exit_code == 0 %}
+                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == 'test' %}
+                                        Feel free to check the integrity of the backup archive below before starting the restore process in order to make double-sure that the restore will work. This can take a long time though depending on the size of the backup archive and is thus not required.<br><br>
+                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Check backup integrity"/><br/>
+                                        </form>
+                                    {% endif %}
+                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!<br><br>
+                                    <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input class="button" type="submit" value="Check backup integrity"/><br/>
+                                        <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
+                                            {% for restore_time in backup_times %}
+                                                <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
+                                            {% endfor %}
+                                        </select>
+                                        <input class="button" type="submit" value="Restore selected backup"/>
                                    </form>
                                {% endif %}
-                                Choose the backup that you want to restore and click on the button below to restore the selected backup. This will restore the whole AIO instance from backup. Please not that the current AIO password will be kept and the AIO password not restored from backup!<br><br>
-                                <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
-                                        {% for restore_time in backup_times %}
-                                            <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
-                                        {% endfor %}
-                                    </select>
-                                    <input class="button" type="submit" value="Restore selected backup"/>
-                                </form>
-                            {% endif %}
-                        {% elseif borg_backup_mode == 'restore' %}
-                            {% if backup_exit_code > 0 %}
-                                <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                                Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
+                            {% elseif borg_backup_mode == 'restore' %}
+                                {% if backup_exit_code > 0 %}
+                                    <span class="status error"></span> Last restore failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    Somehow the restore failed which is unexpected! Please adjust the path and password, test it and try to restore again!
+                                {% endif %}
                            {% endif %}
                        {% endif %}
-                    {% endif %}

-                    {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
-                        Please enter the location of the backup archive on your host and the password of the backup archive below:<br><br>
-                        <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
-                            <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="enter the borg password"/>
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Submit" />
-                        </form>
-                        The folder path that you enter may start with <b>/mnt/</b>, <b>/media/</b> or <b>/host_mnt/</b> or may be equal to <b>/var/backups</b>.<br><br>So e.g. <b>/mnt/backup</b> on Linux and macOS or <b>/host_mnt/c/backup/directory</b> on Windows. (This Windows example would be equivalent to 'C:\backup\directory' on the Windows host. So you need to translate the path that you want to use into the correct format.)<br><br>
-                        ⚠ Note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
-                    {% endif %}
-                    {% if borg_backup_host_location != '' and borg_restore_password != '' %}
-                        {% if borg_backup_mode not in ['test', 'check'] or backup_exit_code != 0 %}
-                            <b>Everything set!</b> Click on the button below to test the path and password:<br/><br/>
-                            <form method="POST" action="/api/docker/backup-test" class="xhr">
+                        {% if borg_backup_host_location == '' or borg_restore_password == '' or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
+                            Please enter the location of the backup archive on your host and the password of the backup archive below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/>
+                                <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="enter the borg password"/>
                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Test path and password"/><br/>
+                                <input class="button" type="submit" value="Submit" />
                            </form>
+                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+                            An example for Linux is <b>/mnt/backup</b>.<br>
+                            For macOS it may be <b>/var/backup</b>.<br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
+                            ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                        {% endif %}
+                    {% else %}
+                        <b>Everything set!</b> Click on the button below to test the path and password:<br/><br/>
+                        <form method="POST" action="/api/docker/backup-test" class="xhr">
+                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                            <input class="button" type="submit" value="Test path and password"/><br/>
+                        </form>
                    {% endif %}
                {% endif %}
            {% endif %}

            {% if domain != "" and was_start_button_clicked == true %}
+                {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
                    You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
+                {% else %}
+                    No channel was found. This means that AIO is not able to update itself and its component and will also not be able to report about updates. Updates need to be done externally.
+                {% endif %}
            {% endif %}

            {% if is_backup_container_running == true %}
@@ -168,11 +185,18 @@
            {% if domain != "" %}
                {% if isAnyRunning == true %}
                    {% if isApacheStarting != true %}
-                        <details>
-                        <summary>Click here to reveal the initial Nextcloud credentials</summary><br />
-                            Initial Nextcloud username: <b>admin</b><br />
-                            Initial Nextcloud password: <b>{{ nextcloud_password }}</b>
-                        </details><br /><br />
+                        {% if borg_backup_host_location != '' %}
+                            <details>
+                            <summary>Click here to reveal the initial Nextcloud credentials</summary><br />
+                        {% endif %}
+                                Initial Nextcloud username: <b>admin</b><br />
+                                Initial Nextcloud password: 
+                        {% if borg_backup_host_location != '' %}
+                            {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
+                            <b>{{ nextcloud_password }}</b></details><br /><br />
+                        {% else %}
+                            <b>{{ nextcloud_password }}</b><br><br>
+                        {% endif %}
                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/>
                    {% else %}
                        {% if isAnyRestarting == false %}
@@ -214,7 +238,7 @@

                    {% if has_update_available == true %}
                        {% if is_mastercontainer_update_available == false %}
-                            ⚠ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
+                            ⚠️ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
                        {% endif %}
                    {% else %}
                        {% if is_mastercontainer_update_available == false %}
@@ -226,7 +250,7 @@
                {% if isAnyRunning == true %}
                    {% if isApacheStarting != true %}
                        {% if is_mastercontainer_update_available == true %}
-                            ⚠ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
+                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
                            {% if current_channel starts with 'latest' %}
                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><b>here</b></a><br><br>
                            {% elseif current_channel starts with 'beta' %}
@@ -251,7 +275,7 @@
                            Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
                        {% endif %}
                        {% if is_mastercontainer_update_available == true %}
-                            ⚠ A mastercontainer update is available. Please click on the button below to update it.<br><br>
+                            ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>
                            <form method="POST" action="/api/docker/watchtower" class="xhr">
                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -277,101 +301,140 @@

                {% if was_start_button_clicked == true %}

-                    {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
+                    {% if is_backup_section_enabled == false %}
                        <h2>Backup and restore</h2>
-                        Please type in the directory where backups will get created on the host system:<br><br>
-                        <form method="POST" action="/api/configuration" class="xhr">
-                            <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
-                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                            <input class="button" type="submit" value="Submit" />
-                        </form>
-                        The folder path that you enter must start with <b>/mnt/</b>, <b>/media/</b> or <b>/host_mnt/</b> or be equal to <b>/var/backups</b>.<br><br>So e.g. <b>/mnt/backup</b> on Linux and macOS or <b>/host_mnt/c/backup/directory</b> on Windows. (This Windows example would be equivalent to 'C:\backup\directory' on the Windows host. So you need to translate the path that you want to use into the correct format.)
+                        The backup section is disabled via environmental variable.<br><br>
+                    {% else %}
+                        {% if is_backup_container_running == false and borg_backup_host_location == "" and isApacheStarting != true %}
+                            <h2>Backup and restore</h2>
+                            Please type in the directory where backups will get created on the host system:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+                            An example for Linux is <b>/mnt/backup</b>.<br>
+                            For macOS it may be <b>/var/backup</b>.<br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-aio-on-windows"><b>click here</b></a><br><br>
+                        {% endif %}
                    {% endif %}

-                    {% if borg_backup_host_location != "" %}
-                        {% if is_backup_container_running == false %}
-                            <h2>Backup and restore</h2>
-                            {% if backup_exit_code > 0 %}
-                                <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                            {% elseif backup_exit_code == 0 %}
-                                {% if borg_backup_mode == "backup" %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                                {% else %}
-                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
-                                {% endif %}
-                            {% endif %}
-                        {% endif %}
+                    {% if is_backup_section_enabled == true %}

-                        {% if is_backup_container_running == false and isApacheStarting == false %}
-                            {% if has_backup_run_once == true %}
-                                <details>
-                                <summary>Click here to reveal all backup options</summary><br />
-                            {% endif %}
-                            <h3>Backup information</h3>
-                            This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
-                            Please save it at a safe place since you won't be able to restore from backup if you loose this password! <br /><br/>
-                            Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                            The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
-                            Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
-                            Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
-
-                            {% if isApacheStarting != true %}
-                                <h3>Backup creation</h3>
-                                Clicking on the button below will create a backup.<br><br/>
-                                <form method="POST" action="/api/docker/backup" class="xhr">
-                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                    <input class="button" type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
-                                </form>
-
-                                {% if has_backup_run_once == true %}
-                                    <h3>Backup check</h3>
-                                    Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it should't be needed in most situtations.<br><br/>
-                                    <form method="POST" action="/api/docker/backup-check" class="xhr">
-                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <input class="button" type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" /><br/>
-                                    </form>
-
-                                    <h3>Backup restore</h3>
-                                    Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations.<br><br>
-                                    <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
-                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                        <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
-                                            {% for restore_time in backup_times %}
-                                                <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
-                                            {% endfor %}
-                                        </select>
-                                        <input class="button" type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
-                                    </form>
-
-                                    <h3>Daily backup creation</h3>
-                                    {% if daily_backup_time == "" %}
-                                        By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC.<br><br/>
+                        {% if borg_backup_host_location != "" %}
+                            {% if is_backup_container_running == false %}
+                                <h2>Backup and restore</h2>
+                                {% if backup_exit_code > 0 %}
+                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if has_backup_run_once == false %}
+                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
                                        <form method="POST" action="/api/configuration" class="xhr">
-                                            <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                            <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup"/>
                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                            <input class="button" type="submit" value="Submit" />
                                        </form>
-                                        This option will also automatically update your containers and apps and will send a notification about the result of the backup.<br><br/>
+                                    {% endif %}
+                                {% elseif backup_exit_code == 0 %}
+                                    {% if borg_backup_mode == "backup" %}
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                    {% else %}
-                                        Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup and automatic updates of your containers and apps. You can disable this option again by clicking on the button below.<br><br/>
-                                        <form method="POST" action="/api/configuration" class="xhr">
-                                            <input type="hidden" name="delete_daily_backup_time" value="yes"/>
-                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Disable daily backups" />
-                                        </form>
+                                        <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                    {% endif %}
                                {% endif %}
                            {% endif %}
-                            {% if has_backup_run_once == false %}
-                                <br /><br />
-                            {% else %}
-                                </details><br /><br />
+
+                            {% if is_backup_container_running == false and isApacheStarting == false %}
+                                {% if has_backup_run_once == true %}
+                                    <details>
+                                    <summary>Click here to reveal all backup options (it also includes an option for automatic updates)</summary><br />
+                                {% endif %}
+                                <h3>Backup information</h3>
+                                This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
+                                Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
+                                Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
+                                The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
+                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
+
+                                {% if isApacheStarting != true %}
+                                    <h3>Backup creation</h3>
+                                    Clicking on the button below will create a backup.<br><br/>
+                                    <form method="POST" action="/api/docker/backup" class="xhr">
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input class="button" type="submit" value="Create backup" onclick="return confirm('Create backup? Are you sure that you want to create a backup? This will stop all running containers and create the backup.')" />
+                                    </form>
+
+                                    {% if has_backup_run_once == true %}
+                                        <h3>Backup check</h3>
+                                        Click on the button below to perform a backup integrity check. This is an option that verifies that your backup is intact but it should't be needed in most situtations.<br><br/>
+                                        <form method="POST" action="/api/docker/backup-check" class="xhr">
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Check backup integrity" onclick="return confirm('Check backup integrity? Are you sure that you want to check the backup? This can take a long time depending on the size of your backup.')" /><br/>
+                                        </form>
+
+                                        <h3>Backup restore</h3>
+                                        Choose the backup that you want to restore and click on the button below to restore the selected backup. This will overwrite all your files with the state of the backup so you should consider creating a backup first. It also makes sense to run an integrity check before restoring your files but is not mandatory since it shouldn't be needed in most situations. Please note that this will not restore additionally chosen backup directories!<br><br>
+                                        <form method="POST" action="/api/docker/restore" class="xhr" id="restore_selection">
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <select id="selected_restore_time" name="selected_restore_time" form="restore_selection">
+                                                {% for restore_time in backup_times %}
+                                                    <option value="{{ restore_time }}">{{ restore_time }} UTC</option>
+                                                {% endfor %}
+                                            </select>
+                                            <input class="button" type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
+                                        </form>
+
+                                        <h3>Daily backup and automatic updates</h3>
+                                        {% if daily_backup_time == "" %}
+                                            By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC.<br><br/>
+                                            <form method="POST" action="/api/configuration" class="xhr">
+                                                <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Submit" /><br>
+                                                <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
+                                            </form>
+                                        {% else %}
+                                            Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup.
+                                            {% if automatic_updates == true %}
+                                                Also your containers, the mastercontainer and on saturdays your Nextcloud apps will be automatically updated. 
+                                            {% endif %}
+                                            You can disable this option again by clicking on the button below.<br><br/>
+                                            <form method="POST" action="/api/configuration" class="xhr">
+                                                <input type="hidden" name="delete_daily_backup_time" value="yes"/>
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Disable daily backups" />
+                                            </form>
+                                        {% endif %}
+
+                                        <h3>Back up additional directories and docker volumes of your host</h3>
+                                        Below, you can enter directories and docker volumes of your host that will backed up additionally into the same borg backup archive.<br><br>
+                                        <form method="POST" action="/api/configuration" class="xhr">
+                                            <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
+                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                            <input class="button" type="submit" value="Submit" /><br>
+                                        </form>
+                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
+                                        Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
+                                        Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
+                                        {% if additional_backup_directories != "" %}
+                                            This option is currently set. You can disable it again by clearing the field and submitting your changes.<br><br>
+                                        {% endif %}
+                                    {% endif %}
+                                {% endif %}
+                                {% if has_backup_run_once == false %}
+                                    <br /><br />
+                                {% else %}
+                                    </details><br /><br />
+                                {% endif %}
                            {% endif %}
                        {% endif %}
                    {% endif %}
@@ -387,14 +450,16 @@
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                <input class="button" type="submit" value="Submit" />
                            </form>
-                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.
+                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br><br>
                        {% endif %}
                    {% endif %}
                {% endif %}
                {% if is_backup_container_running == false %}
                    <h2>Optional addons</h2>
-                    In this section you can find optional addons.<br>
-                    You can enable or disable them when your containers are stopped.<br><br>
+                    In this section you can enable or disable optional addons.<br><br>
+                    {% if isAnyRunning == true %}
+                        <b>Please note:</b> You can enable or disable them when your containers are stopped.<br><br>
+                    {% endif %}
                    <form id="options-form" method="POST" action="/api/configuration" class="xhr">
                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -405,29 +470,93 @@
                            <input type="checkbox" id="clamav" name="clamav"><label for="clamav">ClamAV (only supported on x64, needs ~1GB additional RAM)</label><br>
                        {% endif %}
                        {% if is_collabora_enabled == true %}
-                            <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora</label><br>
+                            <input type="checkbox" id="collabora" name="collabora" checked="checked"><label for="collabora">Collabora (Nextcloud Office)</label><br>
                        {% else %}
-                            <input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora</label><br>
+                            <input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label><br>
+                        {% endif %}
+                        {% if is_fulltextsearch_enabled == true %}
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch" checked="checked"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
+                        {% else %}
+                            <input type="checkbox" id="fulltextsearch" name="fulltextsearch"><label for="fulltextsearch">Fulltextsearch (needs ~1GB additional RAM)</label><br>
+                        {% endif %}
+                        {% if is_imaginary_enabled == true %}
+                            <input type="checkbox" id="imaginary" name="imaginary" checked="checked"><label for="imaginary">Imaginary</label><br>
+                        {% else %}
+                            <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary</label><br>
                        {% endif %}
                        {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
                        {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
                        {% endif %}
                        {% if is_onlyoffice_enabled == true %}
-                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
+                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
                        {% else %}
-                            <input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
+                            {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                        {% endif %}
                        <input id="options-form-submit" class="button" type="submit" value="Save changes" />
                    </form>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
                    {% if isAnyRunning == true or is_x64_platform == false %}
                        <script type="text/javascript" src="disable-clamav.js"></script>
-                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
                    {% endif %}
                    {% if isAnyRunning == true %}
                        <script type="text/javascript" src="disable-talk.js"></script>
                        <script type="text/javascript" src="disable-collabora.js"></script>
+                        <script type="text/javascript" src="disable-onlyoffice.js"></script>
+                        <script type="text/javascript" src="disable-imaginary.js"></script>
+                        <script type="text/javascript" src="disable-fulltextsearch.js"></script>
+                    {% endif %}
+
+                    {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
+                        <h3>Collabora dictionaries</h3>
+
+                        {% if collabora_dictionaries == "" %}
+                            In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            You need to make sure that the dictionaries that you enter are valid. An example is <b>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</b>.<br><br>
+                        {% else %}
+                            The dictionaries for Collabora are currently set to <b>{{ collabora_dictionaries }}</b>. You can reset them again by clicking on the button below.<br><br/>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Reset collabora dictionaries" />
+                            </form>
+                        {% endif %}
+                    {% endif %}
+
+                    <h2>Timezone change</h2>
+                    {% if isAnyRunning == true %}
+                        {% if timezone != "" %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>.<br><br>
+                        {% endif %}
+                        <b>Please note:</b> You can change the timezone when your containers are stopped.<br><br>
+                    {% else %}
+                        {% if timezone == "" %}
+                            In order to get the correct time values for certain Nextcloud features, it makes sense to set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
+                            You can configure the timezone for Nextcloud below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="timezone" placeholder="Europe/Berlin" />
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
+                            </form>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
+                        {% else %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="hidden" name="delete_timezone" value="yes"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Reset the timezone" />
+                            </form>
+                        {% endif %}
                    {% endif %}
                {% endif %}
            {% endif %}
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -1,23 +1,23 @@
-{% extends "layout.twig" %}
-
-{% block body %}
-    <div class="login-wrapper">
-        <div class="login">
-            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Nextcloud AIO Login</h1>
-            {% if is_login_allowed == true %}
-                <p>Log in using your Nextcloud AIO password.</p>
-                <form method="POST" action="/api/auth/login">
-                    <input type="text" name="password" placeholder="Password" />
-                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                    <input type="submit" class="button" value="Login" />
-                </form>
-            {% else %}
-                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
-                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
-            {% endif %}
-        </div>
-    </div>
-{% endblock %}
-
+{% extends "layout.twig" %}
+
+{% block body %}
+    <div class="login-wrapper">
+        <div class="login">
+            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
+            <h1>Nextcloud AIO Login</h1>
+            {% if is_login_allowed == true %}
+                <p>Log in using your Nextcloud AIO password:</p>
+                <form method="POST" action="/api/auth/login">
+                    <input type="text" autocomplete="off" name="password" placeholder="Password" />
+                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                    <input type="submit" class="button" value="Log in" />
+                </form>
+            {% else %}
+                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
+                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
+            {% endif %}
+        </div>
+    </div>
+{% endblock %}
+
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -4,8 +4,9 @@
    <div class="login-wrapper">
        <div class="login">
            <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
-            <h1>Your password for Nextcloud AIO</h1>
-            <p>Please note down the password to access the AIO interface and don't loose it!</p>
+            <h1>Nextcloud AIO setup</h1>
+            <p>Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
+            <p>Please note down the password to access the AIO interface and don't lose it!</p>
            <strong>Password</strong><br/> <span class="monospace">{{ password }}</span><br>
            <a href="/" class="button" target="_blank" rel="noopener">Open Nextcloud AIO login ↗</a>
        </div>
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`* @szaimen @LukasReschke @azul @juliushaertl`