Merge pull request #909 from nextcloud/enh/722/run-externally

add documentation for running from an external script
Merge pull request #887 from nextcloud/enh/884/apache-listen-localhost
2026-05-21 10:50:10 +00:00 · 2022-07-17 20:30:48 +02:00 · 2022-07-17 20:29:39 +02:00 · 2022-07-17 20:19:11 +02:00 · 2022-07-17 19:46:36 +02:00 · 2022-07-17 19:45:58 +02:00
61 changed files with 1137 additions and 302 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -92,6 +92,9 @@ updates:
  schedule:
    interval: "daily"
    time: "12:00"
+  ignore:
+    - dependency-name: "redis"
+      update-types: ["version-update:semver-major"]
  open-pull-requests-limit: 10
  labels:
  - 3. to review
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -3,6 +3,8 @@ name: Json Validator
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  psalm:
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -0,0 +1,48 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+      - stable*
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.0"]
+
+    name: php-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: Lint
+        run: cd php && composer run lint
+
+  summary:
+    runs-on: ubuntu-latest
+    needs: php-lint
+
+    if: always()
+
+    name: php-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -3,16 +3,26 @@ name: Psalm Analysis
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  psalm:
    name: Psalm
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Psalm
-        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+      - uses: actions/checkout@v3
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
        with:
-          composer_ignore_platform_reqs: false
-          relative_dir: php
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -3,6 +3,8 @@ name: Shellcheck
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  shellcheck:
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -3,6 +3,8 @@ name: 'Spellcheck'
 on:
  pull_request:
  push:
+    branches:
+      - main

 jobs:
  spellcheck:
--- a/2
+++ b/2
@@ -1 +1 @@
-*       @szaimen @LukasReschke @azul @juliushaertl
+*       @szaimen @juliushaertl
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -11,24 +11,34 @@
    # Notify Push
    route /push/* {
        uri strip_prefix /push
-        reverse_proxy {$NEXTCLOUD_HOST}:7867
+        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
+            # trusted_proxies placeholder
+        }
    }

    # Talk
    route /standalone-signaling/* {
        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081
+        reverse_proxy {$TALK_HOST}:8081 {
+            # trusted_proxies placeholder
+        }
    }

    # Collabora
    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }
    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }
    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }

    # Onlyoffice
@@ -37,6 +47,7 @@
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.host}/onlyoffice
            header_up X-Forwarded-Proto https
+            # trusted_proxies placeholder
        }
    }

@@ -45,7 +56,10 @@
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000
+        reverse_proxy localhost:8000 {
+            # See https://github.com/nextcloud/all-in-one/issues/828
+            # trusted_proxies placeholder
+        }
    }

    # TLS options
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,9 +1,7 @@
 # Caddy is a requirement
-FROM caddy:2.5.1-alpine as caddy
+FROM caddy:2.5.2-alpine as caddy

-FROM debian:bullseye-20220509-slim
-
-EXPOSE 80
+FROM debian:bullseye-20220711-slim

 RUN mkdir -p /mnt/data; \
    chown www-data:www-data /mnt/data;
@@ -65,8 +63,7 @@ COPY start.sh /usr/bin/
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
    chmod +r /supervisord.conf; \
-    chmod a+w /Caddyfile; \
-    chmod 777 /; \
+    chown www-data:www-data /Caddyfile; \
    chmod +r -R /etc/apache2

 # Give root a random password
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -21,15 +21,30 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

+# Change variables in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
    export PROTOCOL="http"
    export NC_DOMAIN=""
-    sed -i 's|auto_https.*|auto_https off|' /Caddyfile
 else
    export PROTOCOL="https"
-    sed -i 's|auto_https.*|auto_https disable_redirects|' /Caddyfile
 fi

+# Change the auto_https in case of reverse proxies
+if [ "$APACHE_PORT" != '443' ]; then
+    CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
+else
+    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
+fi
+echo "$CADDYFILE" > /Caddyfile
+
+# Change the trusted_proxies in case of reverse proxies
+if [ "$APACHE_PORT" != '443' ]; then
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies private_ranges|' /Caddyfile)"
+else
+    CADDYFILE="$(sed 's|trusted_proxies private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
+fi
+echo "$CADDYFILE" > /Caddyfile
+
 # Add caddy path
 mkdir -p /mnt/data/caddy/

--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20220509-slim
+FROM debian:bullseye-20220711-slim

 RUN set -ex; \
    \
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -37,13 +37,11 @@ if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKU
    exit 1
 fi

-# Break the borg lock if it exists
-if [ -f "$BORG_BACKUP_DIRECTORY/lock.roster" ]; then
-    echo "Breaking the borg lock..."
-    if ! borg break-lock "$BORG_BACKUP_DIRECTORY"; then
-        echo "Could not break the borg lock!"
-        exit 1
-    fi
+# Do not continue if this file exists (needed for simple external blocking)
+if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
+    echo "Not continuing because aio-lockfile exists - it seems like a script is externally running which is locking the backup archive."
+    echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
+    exit 1
 fi

 # Create lockfile
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,6 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
 FROM clamav/clamav:0.104.2-3

+RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,2 +1,15 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:21.11.4.2.1
+FROM collabora/code:22.05.4.1.1
+
+USER root
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    export DEBIAN_FRONTEND=noninteractive; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+USER 104
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -5,7 +5,8 @@ RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
 COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
 RUN chmod +r -R /etc/lighttpd && \
-    chown www-data:www-data -R /var/www
+    chown www-data:www-data -R /var/www && \
+    chown www-data:www-data /etc/lighttpd/lighttpd.conf

 COPY start.sh /
 RUN chmod +x /start.sh
--- a/Containers/domaincheck/lighttpd.conf
+++ b/Containers/domaincheck/lighttpd.conf
@@ -13,4 +13,8 @@ mimetype.assign = (
 )

 static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
-index-file.names = ( "index.html" )
+index-file.names = ( "index.html" )
+
+$SERVER["socket"] == "ipv6-placeholder" {
+	server.document-root = "/var/www/domaincheck/" 
+}
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,6 +11,9 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
+echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf

--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -1,4 +1,6 @@
 {
+    # auto_https will create redirects for https://{host}:8443 instead of https://{host}
+    # https redirects are added manually in the http://:80 block
    auto_https disable_redirects

    storage file_system {
@@ -6,6 +8,10 @@
    }
 }

+http://:80 {
+  redir https://{host}{uri}
+}
+
 https://:8443 {

    reverse_proxy localhost:8000
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,11 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:20.10.16-dind-alpine3.15 as dind
+FROM docker:20.10.17-dind-alpine3.16 as dind

 # Caddy is a requirement
-FROM caddy:2.5.1-alpine as caddy
+FROM caddy:2.5.2-alpine as caddy

 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.19-apache-bullseye
+FROM php:8.0.21-apache-bullseye

 EXPOSE 80
 EXPOSE 8080
@@ -88,11 +88,13 @@ COPY start.sh /usr/bin/
 COPY backup-time-file-watcher.sh /
 COPY session-deduplicator.sh /
 COPY cron.sh /
+COPY daily-backup.sh /
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
    chmod +x /cron.sh; \
    chmod +x /session-deduplicator.sh; \
    chmod +x /backup-time-file-watcher.sh; \
+    chmod +x /daily-backup.sh; \
    chmod a+r /Caddyfile

 USER root
--- a/Containers/mastercontainer/backup-time-file-watcher.sh
+++ b/Containers/mastercontainer/backup-time-file-watcher.sh
@@ -10,12 +10,12 @@ file_present() {
        if [ "$FILE_PRESENT" = 0 ]; then
            restart_process
        else
-            if [ -n "$BACKUP_TIME" ] && [ "$(cat "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
+            if [ -n "$BACKUP_TIME" ] && [ "$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
                restart_process
            fi
        fi
        FILE_PRESENT=1
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
    else
        if [ "$FILE_PRESENT" = 1 ]; then
            restart_process
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -3,83 +3,36 @@
 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
        set -x
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
-        DAILY_BACKUP=1
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
+        export BACKUP_TIME
+        export DAILY_BACKUP=1
+        if [ "$(sed -n '2p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'automaticUpdatesAreNotEnabled' ]; then
+            export AUTOMATIC_UPDATES=1
+        else
+            export AUTOMATIC_UPDATES=0
+            export START_CONTAINERS=1
+        fi
        set +x
    else
-        BACKUP_TIME="04:00"
-        DAILY_BACKUP=0
+        export BACKUP_TIME="04:00"
+        export DAILY_BACKUP=0
    fi

    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        LOCK_FILE_PRESENT=1
+        export LOCK_FILE_PRESENT=1
    else
-        LOCK_FILE_PRESENT=0
+        export LOCK_FILE_PRESENT=0
    fi

    # Allow to continue directly if e.g. the mastercontainer was updated. Otherwise wait for the next execution
    if [ "$LOCK_FILE_PRESENT" = 0 ]; then
        while [ "$(date +%H:%M)" != "$BACKUP_TIME" ]; do 
-            sleep 1
+            sleep 30
        done
    fi

    if [ "$DAILY_BACKUP" = 1 ]; then
-        echo "Daily backup has started"
-
-        # Delete all active sessions and create a lock file
-        # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
-        if [ "$LOCK_FILE_PRESENT" = 0 ]; then
-            rm -f "/mnt/docker-aio-config/session/"*
-        fi
-        sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-        APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
-            echo "Waiting for apache to become available"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-            echo "Waiting for watchtower to stop"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
-            echo "Waiting for borgbackup to stop"
-            sleep 30
-        done
-
-        # Update the mastercontainer
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
-
-        # Wait for watchtower to stop
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
-            echo "Something seems to be wrong: Watchtower should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-                echo "Waiting for watchtower to stop"
-                sleep 30
-            done
-        fi
-
-        # Execute the backup itself and some related tasks
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/DailyBackup.php
-
-        # Delete the lock file
-        rm -f "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Wait for the nextcloud container to start and send if the backup was successful
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
-            echo "Something seems to be wrong: Nextcloud should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
-                echo "Waiting for the Nextcloud container to start"
-                sleep 30
-            done
-        fi
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
-
-        echo "Daily backup has finished"
+        bash /daily-backup.sh
    fi

    # Make sure to delete the lock file always
@@ -93,4 +46,7 @@ while true; do

    # Remove dangling images
    sudo -u www-data docker image prune -f
+
+    # Wait 60s so that the whole loop will not be executed again
+    sleep 60
 done
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+
+echo "Daily backup has started"
+
+# Delete all active sessions and create a lock file
+# But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
+if [ "$LOCK_FILE_PRESENT" = 0 ]; then
+    rm -f "/mnt/docker-aio-config/session/"*
+fi
+sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+
+# Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    echo "Waiting for apache to become available"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+    echo "Waiting for watchtower to stop"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
+    echo "Waiting for borgbackup to stop"
+    sleep 30
+done
+
+# Update the mastercontainer
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+fi
+
+# Wait for watchtower to stop
+if [ "$AUTOMATIC_UPDATES" = 1 ] && ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
+    echo "Something seems to be wrong: Watchtower should be started at this step."
+else
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+fi
+
+# Stop containers if required
+if [ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]; then
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
+fi
+
+# Execute the backup itself and some related tasks (also stops the containers)
+if [ "$DAILY_BACKUP" = 1 ]; then
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+fi
+
+# Start and/or update containers
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
+else
+    if [ "$START_CONTAINERS" = 1 ]; then
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
+    fi
+fi
+
+# Delete the lock file
+rm -f "/mnt/docker-aio-config/data/daily_backup_running"
+
+if [ "$DAILY_BACKUP" = 1 ]; then
+    # Wait for the nextcloud container to start and send if the backup was successful
+    if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
+        echo "Something seems to be wrong: Nextcloud should be started at this step."
+    else
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
+            echo "Waiting for the Nextcloud container to start"
+            sleep 30
+        done
+    fi
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+fi
+
+echo "Daily backup has finished"
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -78,7 +78,9 @@ fi

 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
-    if ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
+    if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
+        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+    elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_DATADIR'."
@@ -112,6 +114,37 @@ It is set to '$APACHE_PORT'."
        exit 1
    fi
 fi
+if [ -n "$APACHE_IP_BINDING" ]; then
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+It is set to '$APACHE_IP_BINDING'."
+        exit 1
+    fi
+fi
+if [ -n "$TALK_PORT" ]; then
+    if ! check_if_number "$TALK_PORT"; then
+        echo "You provided an Talk port but did not only use numbers.
+It is set to '$TALK_PORT'."
+        exit 1
+    elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
+        echo "The provided Talk port is invalid. It must be between 1 and 65535"
+        exit 1
+    fi
+fi
+if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
+    if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
+        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        exit 1
+    fi
+fi
+if [ -n "$DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
+The string must start with '/' and must not end with '/'.
+It is set to '$DOCKER_SOCKET_PATH'."
+        exit 1
+    fi
+fi

 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
@@ -174,4 +207,7 @@ E.g. https://internal.ip.of.this.server:8080
 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"

+# Set the timezone to UTC
+export TZ=UTC
+
 exec "$@"
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.19-fpm-alpine3.15
+FROM php:8.0.21-fpm-alpine3.15

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -85,7 +85,7 @@ RUN set -ex; \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
-        echo 'opcache.interned_strings_buffer=16'; \
+        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
@@ -105,7 +105,7 @@ RUN { \
 VOLUME /var/www/html


-ENV NEXTCLOUD_VERSION 23.0.5
+ENV NEXTCLOUD_VERSION 23.0.6

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -198,6 +198,7 @@ RUN set -ex; \
        gnupg \
        git \
        postgresql-client \
+        tzdata \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -221,8 +222,6 @@ RUN set -ex; \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
    chown www-data:root -R /var/log/supervisord/ && \
    chown www-data:root -R /var/run/supervisord/ && \
-    mkdir -p /var/log/nextcloud/ && \
-    chown -R www-data:root /var/log/nextcloud/ && \
    rm -r /usr/src/nextcloud/apps/updatenotification

 COPY start.sh /
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -170,10 +170,10 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            mkdir -p /var/www/html/data
            php /var/www/html/occ config:system:set loglevel --value=2
            php /var/www/html/occ config:system:set log_type --value=file
-            php /var/www/html/occ config:system:set logfile --value="/var/log/nextcloud/nextcloud.log"
+            php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
            php /var/www/html/occ config:system:set log_rotate_size --value="10485760"
            php /var/www/html/occ app:enable admin_audit
-            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/log/nextcloud/audit.log"
+            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
            php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"

            # Apply preview settings
@@ -245,8 +245,8 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
        fi
    fi

-    # Performing update of all apps if daily backups are enabled, running and successful
-    if [ "$DAILY_BACKUP_RUNNING" = 'yes' ]; then
+    # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
+    if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
        if [ -n "$UPDATED_APPS" ]; then
             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
@@ -272,6 +272,11 @@ echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int

+# Adjusting log files to be stored on a volume
+echo "Adjusting log files..."
+php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
+php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
+
 # Apply network settings
 echo "Applying network settings..."
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
@@ -302,6 +307,7 @@ else
    php /var/www/html/occ app:update notify_push
 fi
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
+php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
@@ -318,7 +324,6 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
-        php /var/www/html/occ config:system:delete allow_local_remote_servers
        php /var/www/html/occ app:remove richdocuments
    fi
 fi
@@ -336,7 +341,10 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
    else
        php /var/www/html/occ app:update onlyoffice
    fi
+    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
    if [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
        php /var/www/html/occ app:remove onlyoffice
@@ -352,8 +360,8 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    else
        php /var/www/html/occ app:update spreed
    fi
-    STUN_SERVERS="[\"$NC_DOMAIN:3478\"]"
-    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:3478\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
+    STUN_SERVERS="[\"$NC_DOMAIN:$TALK_PORT\"]"
+    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:$TALK_PORT\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
    SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
    php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
    php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,2 +1,2 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.1.0.215
+FROM onlyoffice/documentserver:7.1.1.23
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.3-alpine3.15
+FROM postgres:14.4-alpine

 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd

--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.6-alpine3.15
+FROM redis:6.2.7-alpine

 RUN apk add --update --no-cache openssl bash

--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,4 @@
-FROM ubuntu:focal-20220426
-
-EXPOSE 3478
+FROM ubuntu:focal-20220531

 RUN set -ex; \
    \
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -17,7 +17,7 @@ fi

 # Turn
 cat << TURN_CONF > "/etc/turnserver.conf"
-listening-port=3478
+listening-port=$TALK_PORT
 fingerprint
 lt-cred-mech
 use-auth-secret
@@ -36,8 +36,8 @@ set -x
 sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
 sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
 sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
-sed -i "s|#stun_port.*|stun_port = 3478|g" /etc/janus/janus.jcfg
-sed -i "s|#turn_port.*|turn_port = 3478|g" /etc/janus/janus.jcfg
+sed -i "s|#stun_port.*|stun_port = $TALK_PORT|g" /etc/janus/janus.jcfg
+sed -i "s|#turn_port.*|turn_port = $TALK_PORT|g" /etc/janus/janus.jcfg
 sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g'/etc/janus/janus.jcfg
 sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
@@ -80,7 +80,7 @@ url = ws://127.0.0.1:8188
 [turn]
 apikey = ${JANUS_API_KEY}
 secret = ${TURN_SECRET}
-servers = turn:$NC_DOMAIN:3478?transport=tcp,turn:$NC_DOMAIN:3478?transport=udp
+servers = turn:$NC_DOMAIN:$TALK_PORT?transport=tcp,turn:$NC_DOMAIN:$TALK_PORT?transport=udp
 SIGNALING_CONF

 exec "$@"
--- a/develop.md
+++ b/develop.md
@@ -31,5 +31,5 @@ Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sy
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.

-## Where to find the VPS builds?
+## Where to find the VPS and other builds?
 This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/main/.build
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,24 +2,27 @@ version: "3.8"

 volumes:
  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed

 services:
  nextcloud:
    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
    restart: always
-    container_name: nextcloud-aio-mastercontainer
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
-      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
    ports:
      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
    # environment: # Is needed when using any of the options below
      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.

  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -0,0 +1,13 @@
+# Docker rootless
+
+You can run AIO with docker rootless by following the steps below.
+
+0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/. The daemon.json file is most likely stored in `~/.config/docker/daemon.json`.
+1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
+
+**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. For changing Nextcloud's datadir, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). This logically also applies to the NEXTCLOUD_MOUNT option.
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -16,6 +16,7 @@ services:
      - COLLABORA_HOST=nextcloud-aio-collabora
      - TALK_HOST=nextcloud-aio-talk
      - APACHE_PORT=${APACHE_PORT}
+      - TZ=${TIMEZONE}
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:ro
      - nextcloud_aio_apache:/mnt/data:rw
@@ -34,6 +35,8 @@ services:
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
      - POSTGRES_DB=nextcloud_database
      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
    stop_grace_period: 1800s
    restart: unless-stopped
    networks:
@@ -71,6 +74,8 @@ services:
      - COLLABORA_HOST=nextcloud-aio-collabora
      - TALK_ENABLED=${TALK_ENABLED}
      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -81,6 +86,7 @@ services:
    image: nextcloud/aio-redis:latest-arm64
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -92,6 +98,8 @@ services:
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
+      - dictionaries=${COLLABORA_DICTIONARIES}
+      - TZ=${TIMEZONE}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -101,13 +109,15 @@ services:
    container_name: nextcloud-aio-talk
    image: nextcloud/aio-talk:latest-arm64
    ports:
-      - 3478:3478/tcp
-      - 3478:3478/udp
+      - ${TALK_PORT}:${TALK_PORT}/tcp
+      - ${TALK_PORT}:${TALK_PORT}/udp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -19,6 +19,7 @@ services:
      - TALK_HOST=nextcloud-aio-talk
      - APACHE_PORT=${APACHE_PORT}
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
+      - TZ=${TIMEZONE}
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:ro
      - nextcloud_aio_apache:/mnt/data:rw
@@ -37,6 +38,8 @@ services:
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
      - POSTGRES_DB=nextcloud_database
      - POSTGRES_USER=nextcloud
+      - TZ=${TIMEZONE}
+      - PGTZ=${TIMEZONE}
    stop_grace_period: 1800s
    restart: unless-stopped
    networks:
@@ -68,6 +71,7 @@ services:
      - OVERWRITEPROTOCOL=https
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
      - AIO_URL=${AIO_URL}
      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
      - CLAMAV_ENABLED=${CLAMAV_ENABLED}
@@ -78,6 +82,8 @@ services:
      - TALK_ENABLED=${TALK_ENABLED}
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -88,6 +94,7 @@ services:
    image: nextcloud/aio-redis:latest
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
+      - TZ=${TIMEZONE}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -99,6 +106,8 @@ services:
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443
      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
+      - dictionaries=${COLLABORA_DICTIONARIES}
+      - TZ=${TIMEZONE}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -108,13 +117,15 @@ services:
    container_name: nextcloud-aio-talk
    image: nextcloud/aio-talk:latest
    ports:
-      - 3478:3478/tcp
-      - 3478:3478/udp
+      - ${TALK_PORT}:${TALK_PORT}/tcp
+      - ${TALK_PORT}:${TALK_PORT}/udp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
      - JANUS_API_KEY=${JANUS_API_KEY}
+      - TZ=${TIMEZONE}
+      - TALK_PORT=${TALK_PORT}
    stop_grace_period: 10s
    restart: unless-stopped
    networks:
@@ -123,6 +134,8 @@ services:
  nextcloud-aio-clamav:
    container_name: nextcloud-aio-clamav
    image: nextcloud/aio-clamav:latest
+    environment:
+      - TZ=${TIMEZONE}
    volumes:
      - nextcloud_aio_clamav:/var/lib/clamav:rw
    stop_grace_period: 10s
@@ -133,6 +146,11 @@ services:
  nextcloud-aio-onlyoffice:
    container_name: nextcloud-aio-onlyoffice
    image: nextcloud/aio-onlyoffice:latest
+    environment:
+      - TZ=${TIMEZONE}
+      - JWT_ENABLED=true
+      - JWT_HEADER=AuthorizationJwt
+      - JWT_SECRET=${ONLYOFFICE_SECRET}
    volumes:
      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
    stop_grace_period: 10s
--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -36,6 +36,6 @@ Since the AIO containers may change in the future, it is highly recommended to s

 ## FAQ
 ### Backup and restore?
-If you leave `NEXTLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 
+If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 

 Obviously you also need to back up the conf file and the yaml file if you modified it.
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -2,6 +2,7 @@ AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
@@ -11,7 +12,10 @@ NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
+TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -59,14 +59,17 @@ done
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
-sed -i 's|DAILY_BACKUP_RUNNING=|DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
+sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf

 cat sample.conf
@@ -118,5 +121,6 @@ sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
 sed -i '/  nextcloud-aio-onlyoffice:/,/^$/d' latest-arm64.yml
 sed -i '/nextcloud[-_]aio[-_]onlyoffice/d' latest-arm64.yml
 sed -i '/ONLYOFFICE_ENABLED/d' latest-arm64.yml
+sed -i '/ONLYOFFICE_SECRET/d' latest-arm64.yml

 rm containers.yml
--- a/php/composer.json
+++ b/php/composer.json
@@ -20,6 +20,7 @@
    },
    "scripts": {
 		"psalm": "psalm --threads=1",
-		"psalm:update-baseline": "psalm --threads=1 --update-baseline"
+		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
+        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
 	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -8,22 +8,22 @@
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.4.2",
+            "version": "7.4.5",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4"
+                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/ac1ec1cd9b5624694c3a40be801d94137afb12b4",
-                "reference": "ac1ec1cd9b5624694c3a40be801d94137afb12b4",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
+                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
                "guzzlehttp/promises": "^1.5",
-                "guzzlehttp/psr7": "^1.8.3 || ^2.1",
+                "guzzlehttp/psr7": "^1.9 || ^2.4",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
                "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -112,7 +112,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.4.2"
+                "source": "https://github.com/guzzle/guzzle/tree/7.4.5"
            },
            "funding": [
                {
@@ -128,7 +128,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-03-20T14:16:28+00:00"
+            "time": "2022-06-20T22:16:13+00:00"
        },
        {
            "name": "guzzlehttp/promises",
@@ -216,16 +216,16 @@
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.2.1",
+            "version": "2.4.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2"
+                "reference": "13388f00956b1503577598873fffb5ae994b5737"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/c94a94f120803a18554c1805ef2e539f8285f9a2",
-                "reference": "c94a94f120803a18554c1805ef2e539f8285f9a2",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/13388f00956b1503577598873fffb5ae994b5737",
+                "reference": "13388f00956b1503577598873fffb5ae994b5737",
                "shasum": ""
            },
            "require": {
@@ -249,7 +249,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "2.2-dev"
+                    "dev-master": "2.4-dev"
                }
            },
            "autoload": {
@@ -311,7 +311,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.2.1"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.0"
            },
            "funding": [
                {
@@ -327,7 +327,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-03-20T21:55:58+00:00"
+            "time": "2022-06-20T21:43:11+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -1366,7 +1366,7 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.0.1",
+            "version": "v3.0.2",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1413,7 +1413,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2"
            },
            "funding": [
                {
@@ -1433,16 +1433,16 @@
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab"
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/30885182c981ab175d4d034db0f6f469898070ab",
-                "reference": "30885182c981ab175d4d034db0f6f469898070ab",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
                "shasum": ""
            },
            "require": {
@@ -1457,7 +1457,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1495,7 +1495,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1511,20 +1511,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-20T20:35:02+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825"
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/0abb51d2f102e00a4eefcf46ba7fec406d245825",
-                "reference": "0abb51d2f102e00a4eefcf46ba7fec406d245825",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
                "shasum": ""
            },
            "require": {
@@ -1539,7 +1539,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1578,7 +1578,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1594,20 +1594,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-11-30T18:21:41+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.25.0",
+            "version": "v1.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f"
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
-                "reference": "5de4ba2d41b15f9bd0e19b2ab9674135813ec98f",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
                "shasum": ""
            },
            "require": {
@@ -1616,7 +1616,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.23-dev"
+                    "dev-main": "1.26-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1657,7 +1657,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.25.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
            },
            "funding": [
                {
@@ -1673,7 +1673,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-09-13T13:58:11+00:00"
+            "time": "2022-05-24T11:49:31+00:00"
        },
        {
            "name": "twig/twig",
--- a/php/containers.json
+++ b/php/containers.json
@@ -24,7 +24,8 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_HOST=nextcloud-aio-talk",
        "APACHE_PORT=%APACHE_PORT%",
-        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice"
+        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [
        {
@@ -68,7 +69,9 @@
      "environmentVariables": [
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
-        "POSTGRES_USER=nextcloud"
+        "POSTGRES_USER=nextcloud",
+        "TZ=%TIMEZONE%",
+        "PGTZ=%TIMEZONE%"
      ],
      "maxShutdownTime": 1800,
      "restartPolicy": "unless-stopped"
@@ -125,6 +128,7 @@
        "OVERWRITEPROTOCOL=https",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
+        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
@@ -134,7 +138,9 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_ENABLED=%TALK_ENABLED%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "DAILY_BACKUP_RUNNING=%DAILY_BACKUP_RUNNING%"
+        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%"
      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
@@ -149,11 +155,13 @@
        "6379"
      ],
      "environmentVariables": [
-        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%"
+        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [
-        "REDIS_PASSWORD"
+        "REDIS_PASSWORD",
+        "ONLYOFFICE_SECRET"
      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
@@ -169,7 +177,9 @@
      ],
      "environmentVariables": [
        "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning"
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning",
+        "dictionaries=%COLLABORA_DICTIONARIES%",
+        "TZ=%TIMEZONE%"
      ],
      "volumes": [],
      "secrets": [],
@@ -182,17 +192,19 @@
      "displayName": "Talk",
      "containerName": "nextcloud/aio-talk",
      "ports": [
-        "3478/tcp",
-        "3478/udp"
+        "%TALK_PORT%/tcp",
+        "%TALK_PORT%/udp"
      ],
      "internalPorts": [
-        "3478"
+        "%TALK_PORT%"
      ],
      "environmentVariables": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
-        "JANUS_API_KEY=%JANUS_API_KEY%"
+        "JANUS_API_KEY=%JANUS_API_KEY%",
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%"
      ],
      "volumes": [],
      "secrets": [
@@ -276,7 +288,7 @@
      ],
      "volumes": [
        {
-          "name": "/var/run/docker.sock",
+          "name": "%DOCKER_SOCKET_PATH%",
          "location": "/var/run/docker.sock",
          "writeable": false
        }
@@ -314,7 +326,9 @@
      "internalPorts": [
        "3310"
      ],
-      "environmentVariables": [],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%"
+      ],
      "volumes": [
        {
          "name": "nextcloud_aio_clamav",
@@ -335,7 +349,12 @@
      "internalPorts": [
        "80"
      ],
-      "environmentVariables": [],
+      "environmentVariables": [
+        "TZ=%TIMEZONE%",
+        "JWT_ENABLED=true",
+        "JWT_HEADER=AuthorizationJwt",
+        "JWT_SECRET=%ONLYOFFICE_SECRET%"
+      ],
      "volumes": [
        {
          "name": "nextcloud_aio_onlyoffice",
@@ -343,7 +362,9 @@
          "writeable": true
        }
      ],
-      "secrets": [],
+      "secrets": [
+        "ONLYOFFICE_SECRET"
+      ],
      "maxShutdownTime": 10,
      "restartPolicy": "unless-stopped"
    }
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.23.0@f1fe6ff483bf325c803df9f510d09a03fd796f88">
+<files psalm-version="4.24.0@06dd975cb55d36af80f242561738f16c5f58264f">
  <file src="public/index.php">
    <MissingClosureParamType occurrences="10">
      <code>$args</code>
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -12,7 +12,7 @@
    }
    lastError = toast
    body.prepend(toast)
-    setTimeout(toast.remove.bind(toast), 7000)
+    setTimeout(toast.remove.bind(toast), 10000)
  }

  function handleEvent(e) {
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -96,6 +96,11 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
        'borg_restore_password' => $configurationManager->GetBorgRestorePassword(),
        'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
        'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
+        'timezone' => $configurationManager->GetTimezone(),
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
+        'talk_port' => $configurationManager->GetTalkPort(),
+        'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
+        'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
    ]);
 })->setName('profile');
 $app->get('/login', function ($request, $response, $args) use ($container) {
--- a/php/src/Auth/PasswordGenerator.php
+++ b/php/src/Auth/PasswordGenerator.php
@@ -7792,7 +7792,7 @@ class PasswordGenerator
            if($password !== '') {
                $password = $password . ' ';
            }
-            $password = $password . $this->words[random_int(0, 2047)];
+            $password = $password . $this->words[random_int(0, 7775)];
        }

        return $password;
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -71,6 +71,10 @@ class ContainerDefinitionFetcher
            foreach ($entry['ports'] as $port) {
                if($port === '%APACHE_PORT%/tcp') {
                    $port = $this->configurationManager->GetApachePort() . '/tcp';
+                } elseif($port === '%TALK_PORT%/tcp') {
+                    $port = $this->configurationManager->GetTalkPort() . '/tcp';
+                } elseif($port === '%TALK_PORT%/udp') {
+                    $port = $this->configurationManager->GetTalkPort() . '/udp';
                }
                $ports->AddPort($port);
            }
@@ -79,6 +83,8 @@ class ContainerDefinitionFetcher
            foreach ($entry['internalPorts'] as $internalPort) {
                if($internalPort === '%APACHE_PORT%') {
                    $internalPort = $this->configurationManager->GetApachePort();
+                } elseif($internalPort === '%TALK_PORT%') {
+                    $internalPort = $this->configurationManager->GetTalkPort();
                }
                $internalPorts->AddInternalPort($internalPort);
            }
@@ -101,8 +107,13 @@ class ContainerDefinitionFetcher
                    if ($value['name'] === '') {
                        continue;
                    }
+                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
+                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
+                    if($value['name'] === '') {
+                        continue;
+                    }
                }
-                if($value['location'] === '%NEXTCLOUD_MOUNT%') {
+                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
                    $value['location'] = $this->configurationManager->GetNextcloudMount();
                    if($value['location'] === '') {
                        continue;
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -44,14 +44,28 @@ class ConfigurationController
            }

            if (isset($request->getParsedBody()['daily_backup_time'])) {
+                if (isset($request->getParsedBody()['automatic_updates'])) {
+                    $enableAutomaticUpdates = true;
+                } else {
+                    $enableAutomaticUpdates = false;
+                }
                $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
-                $this->configurationManager->SetDailyBackupTime($dailyBackupTime);
+                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates);
            }

            if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
                $this->configurationManager->DeleteDailyBackupTime();
            }

+            if (isset($request->getParsedBody()['delete_timezone'])) {
+                $this->configurationManager->DeleteTimezone();
+            }
+
+            if (isset($request->getParsedBody()['timezone'])) {
+                $timezone = $request->getParsedBody()['timezone'] ?? '';
+                $this->configurationManager->SetTimezone($timezone);
+            }
+
            if (isset($request->getParsedBody()['options-form'])) {
                if (isset($request->getParsedBody()['collabora']) && isset($request->getParsedBody()['onlyoffice'])) {
                    throw new InvalidSettingConfigurationException("Collabora and Onlyoffice are not allowed to be enabled at the same time!");
@@ -78,6 +92,15 @@ class ConfigurationController
                }
            }

+            if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
+                $this->configurationManager->DeleteCollaboraDictionaries();
+            }
+
+            if (isset($request->getParsedBody()['collabora_dictionaries'])) {
+                $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
+                $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
+            }
+
            return $response->withStatus(201)->withHeader('Location', '/');
        } catch (InvalidSettingConfigurationException $ex) {
            $response->getBody()->write($ex->getMessage());
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,22 +26,21 @@ class DockerController
        $this->configurationManager = $configurationManager;
    }

-    private function PerformRecursiveContainerStart(string $id) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        foreach($container->GetDependsOn() as $dependency) {
            $this->PerformRecursiveContainerStart($dependency);
        }

-        $pullcontainer = true;
        if ($id === 'nextcloud-aio-database') {
            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullcontainer = false;
+                $pullContainer = false;
            }
        }
        $this->dockerActionManager->DeleteContainer($container);
        $this->dockerActionManager->CreateVolumes($container);
-        if ($pullcontainer) {
+        if ($pullContainer) {
            $this->dockerActionManager->PullContainer($container);
        } else {
            error_log('Not pulling the latest database image because the container was not correctly shut down.');
@@ -132,6 +131,10 @@ class DockerController
        $uri = $request->getUri();
        $host = $uri->getHost();
        $port = $uri->getPort();
+        if ($port === 8000) {
+            error_log('The AIO_URL-port was discovered to be 8000 which is not expected. It is now set to 443.');
+            $port = 443;
+        }

        $config = $this->configurationManager->GetConfig();
        // set AIO_URL
@@ -141,12 +144,12 @@ class DockerController
        $this->configurationManager->WriteConfig($config);

        // Start container
-        $this->startTopContainer();
+        $this->startTopContainer(true);

        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function startTopContainer() : void {
+    public function startTopContainer(bool $pullContainer) : void {
        $config = $this->configurationManager->GetConfig();
        // set AIO_TOKEN
        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -157,7 +160,7 @@ class DockerController

        $id = self::TOP_CONTAINER;

-        $this->PerformRecursiveContainerStart($id);
+        $this->PerformRecursiveContainerStart($id, $pullContainer);
    }

    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
@@ -191,6 +194,11 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

+    public function stopTopContainer() : void {
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveContainerStop($id);
+    }
+
    public function StartDomaincheckContainer() : void
    {
        # Don't start if domain is already set
--- a/php/src/Cron/CreateBackup.php
+++ b/php/src/Cron/CreateBackup.php
@@ -15,6 +15,3 @@ $dockerController = $container->get(\AIO\Controller\DockerController::class);

 // Stop container and start backup
 $dockerController->startBackup();
-
-// Start apache
-$dockerController->startTopContainer();
--- a/php/src/Cron/StartAndUpdateContainers.php
+++ b/php/src/Cron/StartAndUpdateContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(true);
--- a/php/src/Cron/StartContainers.php
+++ b/php/src/Cron/StartContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(false);
--- a/php/src/Cron/StopContainers.php
+++ b/php/src/Cron/StopContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->stopTopContainer();
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -190,7 +190,7 @@ class ConfigurationManager
    public function SetDomain(string $domain) : void {
        // Validate domain
        if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
-            throw new InvalidSettingConfigurationException("Domain is not in a valid format!");
+            throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
        }

        // Validate that it is not an IP-address
@@ -198,40 +198,71 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("Please enter a domain and not an IP-address!");
        }

-        $dnsRecordIP = gethostbyname($domain);
+        // Skip domain validation if opted in to do so
+        if (!$this->shouldDomainValidationBeSkipped()) {

-        // Validate IP
-        if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
-            throw new InvalidSettingConfigurationException("DNS config is not set or domain is not in a valid format!");
-        }
+            $dnsRecordIP = gethostbyname($domain);
+            if ($dnsRecordIP === $domain) {
+                $dnsRecordIP = '';
+            }

-        $connection = @fsockopen($domain, 443, $errno, $errstr, 0.1);
-        if ($connection) {
-            fclose($connection);
-        } else {
-            throw new InvalidSettingConfigurationException("The server is not reachable on Port 443.");
-        }
+            if (empty($dnsRecordIP)) {
+                $record = dns_get_record($domain, DNS_AAAA);
+                if (!empty($record)) {
+                    $dnsRecordIP = $record[0]['ipv6'];
+                }
+            }

-        // Get Instance ID
-        $instanceID = $this->GetSecret('INSTANCE_ID');
+            // Validate IP
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
+                throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
+            }

-        // set protocol
-        $port = $this->GetApachePort();
-        if ($port !== '443') {
-            $protocol = 'https://';
-        } else {
-            $protocol = 'http://';
-        }
+            // Get the apache port
+            $port = $this->GetApachePort();

-        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $protocol . $domain . ':443');
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        $response = (string)curl_exec($ch);
-        # Get rid of trailing \n
-        $response = str_replace("\n", "", $response);
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
+                if ($port === '443') {
+                    throw new InvalidSettingConfigurationException($errorMessage);
+                } else {
+                    error_log($errorMessage);
+                }
+            }

-        if($response !== $instanceID) {
-            throw new InvalidSettingConfigurationException("Domain does not point to this server or reverse proxy not configured correctly.");
+            // Check if port 443 is open
+            $connection = @fsockopen($domain, 443, $errno, $errstr, 10);
+            if ($connection) {
+                fclose($connection);
+            } else {
+                throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
+            }
+
+            // Get Instance ID
+            $instanceID = $this->GetSecret('INSTANCE_ID');
+
+            // set protocol
+            if ($port !== '443') {
+                $protocol = 'https://';
+            } else {
+                $protocol = 'http://';
+            }
+
+            // Check if response is correct
+            $ch = curl_init();
+            $testUrl = $protocol . $domain . ':443';
+            curl_setopt($ch, CURLOPT_URL, $testUrl);
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            $response = (string)curl_exec($ch);
+            # Get rid of trailing \n
+            $response = str_replace("\n", "", $response);
+
+            if ($response !== $instanceID) {
+                error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
+                error_log('Expected was: ' . $instanceID);
+                error_log('The error message was: ' . curl_error($ch));
+                throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+            }
        }

        // Write domain
@@ -285,6 +316,8 @@ class ConfigurationManager
        $isValidPath = false;
        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
        }

        if (!$isValidPath) {
@@ -308,6 +341,8 @@ class ConfigurationManager
        $isValidPath = false;
        if (str_starts_with($location, '/') && !str_ends_with($location, '/')) {
            $isValidPath = true;
+        } elseif ($location === 'nextcloud_aio_backupdir') {
+            $isValidPath = true;
        }

        if (!$isValidPath) {
@@ -360,6 +395,13 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetTalkPort() : string {
+        $envVariableName = 'TALK_PORT';
+        $configName = 'talk_port';
+        $defaultValue = '3478';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
@@ -445,10 +487,17 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetDockerSocketPath() : string {
+        $envVariableName = 'DOCKER_SOCKET_PATH';
+        $configName = 'docker_socket_path';
+        $defaultValue = '/var/run/docker.sock';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
-    public function SetDailyBackupTime(string $time) : void {
+    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates) : void {
        if ($time === "") {
            throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
        }
@@ -457,6 +506,9 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
        }
        
+        if ($enableAutomaticUpdates === false) {
+            $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
+        }
        file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
    }

@@ -464,7 +516,22 @@ class ConfigurationManager
        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
            return '';
        }
-        return file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        return $dailyBackupFileArray[0];
+    }
+
+    public function areAutomaticUpdatesEnabled() : bool {
+        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
+            return false;
+        }
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        if (isset($dailyBackupFileArray[1]) && $dailyBackupFileArray[1] === 'automaticUpdatesAreNotEnabled') {
+            return false;
+        } else {
+            return true;
+        }
    }

    public function DeleteDailyBackupTime() : void {
@@ -479,4 +546,82 @@ class ConfigurationManager
        }
        return false;
    }
+
+    public function GetTimezone() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['timezone'])) {
+            $config['timezone'] = '';
+        }
+
+        return $config['timezone'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetTimezone(string $timezone) : void {
+        if ($timezone === "") {
+            throw new InvalidSettingConfigurationException("The timezone must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z0-9_\-\/\+]+$#", $timezone)) {
+            throw new InvalidSettingConfigurationException("The entered timezone does not seem to be a valid timezone!");
+        }
+
+        $config = $this->GetConfig();
+        $config['timezone'] = $timezone;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteTimezone() : void {
+        $config = $this->GetConfig();
+        $config['timezone'] = '';
+        $this->WriteConfig($config);
+    }
+
+    public function shouldDomainValidationBeSkipped() : bool {
+        if (getenv('SKIP_DOMAIN_VALIDATION') !== false) {
+            return true;
+        }
+        return false;
+    }
+
+    public function GetCollaboraDictionaries() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['collabora_dictionaries'])) {
+            $config['collabora_dictionaries'] = '';
+        }
+
+        return $config['collabora_dictionaries'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetCollaboraDictionaries(string $CollaboraDictionaries) : void {
+        if ($CollaboraDictionaries === "") {
+            throw new InvalidSettingConfigurationException("The dictionaries must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z_ ]+$#", $CollaboraDictionaries)) {
+            throw new InvalidSettingConfigurationException("The entered dictionaries do not seem to be a valid!");
+        }
+
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = $CollaboraDictionaries;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteCollaboraDictionaries() : void {
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = '';
+        $this->WriteConfig($config);
+    }
+
+    public function GetApacheIPBinding() : string {
+        $envVariableName = 'APACHE_IP_BINDING';
+        $configName = 'apache_ip_binding';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
 }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -185,6 +185,10 @@ class DockerActionManager
                '/',
            ];

+            if ($volume->name === 'nextcloud_aio_nextcloud_datadir' || $volume->name === 'nextcloud_aio_backupdir') {
+                return;
+            }
+
            $firstChar = substr($volume->name, 0, 1);
            if(!in_array($firstChar, $forbiddenChars)) {
                $this->guzzleClient->request(
@@ -246,6 +250,8 @@ class DockerActionManager
                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
                } elseif ($out[1] === 'APACHE_PORT') {
                    $replacements[1] = $this->configurationManager->GetApachePort();
+                } elseif ($out[1] === 'TALK_PORT') {
+                    $replacements[1] = $this->configurationManager->GetTalkPort();
                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
@@ -274,12 +280,24 @@ class DockerActionManager
                    } else {
                        $replacements[1] = '';
                    }
-                } elseif ($out[1] === 'DAILY_BACKUP_RUNNING') {
-                    if ($this->configurationManager->isDailyBackupRunning()) {
+                } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') {
+                    if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
                        $replacements[1] = 'yes';
                    } else {
                        $replacements[1] = '';
                    }
+                } elseif ($out[1] === 'TIMEZONE') {
+                    if ($this->configurationManager->GetTimezone() === '') {
+                        $replacements[1] = 'UTC';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetTimezone();
+                    }
+                } elseif ($out[1] === 'COLLABORA_DICTIONARIES') {
+                    if ($this->configurationManager->GetCollaboraDictionaries() === '') {
+                        $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetCollaboraDictionaries();
+                    }
                } else {
                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                }
@@ -296,13 +314,22 @@ class DockerActionManager

        if(count($exposedPorts) > 0) {
            $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach($container->GetPorts()->GetPorts() as $port) {
+            foreach ($container->GetPorts()->GetPorts() as $port) {
                $portNumber = explode("/", $port);
-                $requestBody['HostConfig']['PortBindings'][$port] = [
-                    [
-                    'HostPort' => $portNumber[0],
-                    ]
-                ];
+                if ($this->configurationManager->GetApachePort() === $portNumber[0] && $this->configurationManager->GetApacheIPBinding() !== '') {
+                    $requestBody['HostConfig']['PortBindings'][$port] = [
+                        [
+                        'HostPort' => $portNumber[0],
+                        'HostIp' => $this->configurationManager->GetApacheIPBinding(),
+                        ]
+                    ];
+                } else {
+                    $requestBody['HostConfig']['PortBindings'][$port] = [
+                        [
+                        'HostPort' => $portNumber[0],
+                        ]
+                    ];
+                }
            }
        }

@@ -421,6 +448,13 @@ class DockerActionManager
            $tagArray = explode(':', $output['Config']['Image']);
            $tag = $tagArray[1];
            apcu_add($cacheKey, $tag);
+            /**
+             * @psalm-suppress TypeDoesNotContainNull
+             */
+            if ($tag === null) {
+                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the channel to the default 'latest'.");
+                $tag = 'latest';
+            }
            return $tag;
        } catch (\Exception $e) {
            error_log('Could not get current channel ' . $e->getMessage());
@@ -530,9 +564,13 @@ class DockerActionManager
                $url,
                [
                    'json' => [
-                        'name' => 'nextcloud-aio',
-                        'checkDuplicate' => true,
-                        'internal' => true,
+                        'Name' => 'nextcloud-aio',
+                        'CheckDuplicate' => true,
+                        'Driver' => 'bridge',
+                        'Internal' => false,
+                        'Options' => [
+                            'com.docker.network.bridge.enable_icc' => 'true'
+                        ]
                    ]
                ]
            );
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
    </header>

    <div class="content">
-        <h1>Nextcloud AIO v1.2.1</h1>
+        <h1>Nextcloud AIO v1.6.0</h1>

        {% set isAnyRunning = false %}
        {% set isAnyRestarting = false %}
@@ -51,13 +51,15 @@

        {% if is_daily_backup_running == true %}
            <span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br /><br />
-            It will update your containers, the mastercontainer and your Nextcloud apps if the backup is successful.<br /><br />
-            {% if is_mastercontainer_update_available == true %}
-                Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+            {% if automatic_updates == true %}
+                It will update your containers, the mastercontainer and on saturdays your Nextcloud apps if the backup is successful.<br /><br />
+                {% if is_mastercontainer_update_available == true %}
+                    Since the mastercontainer gets updated, it will restart the container which will make it unavailable for a moment. (<a href="/api/docker/logs?id=nextcloud-aio-watchtower">Logs</a>)<br /><br />
+                {% endif %}
            {% endif %}
            {% if has_update_available == false %}
                The whole process should not take more than a few minutes.<br /><br />
-            {% else %}
+            {% elseif automatic_updates == true %}
                The whole process can take a while because your containers get updated.<br /><br />
            {% endif %}
            <a href="" class="button reload">Reload ↻</a><br/>
@@ -68,7 +70,7 @@
            {% if is_backup_container_running == false and domain == "" %}
                {% if is_mastercontainer_update_available == true %}
                    <h2>Mastercontainer update</h2>
-                    ⚠ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
+                    ⚠️ A mastercontainer update is available. Please click on the button below to update it. Afterwards, you will be able to proceed with the setup.<br><br>
                    <form method="POST" action="/api/docker/watchtower" class="xhr">
                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -79,14 +81,19 @@
                        Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
                        <h2>New AIO instance</h2>
                        Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
+                        {% if skip_domain_validation == true %}
+                            <b>Please Note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
+                        {% endif %}
                        <form method="POST" action="/api/configuration" class="xhr">
                            <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                            <input class="button" type="submit" value="Submit" />
                        </form>
-                        Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
-                        If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
+                        {% if skip_domain_validation == false %}
+                            Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
+                            If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
+                        {% endif %}

                        <h2>Restore former AIO instance from backup</h2>
                        You can alternatively restore a former AIO instance from backup.<br><br>
@@ -144,8 +151,8 @@
                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
                            An example for Linux is <b>/mnt/backup</b>.<br>
                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/host_mnt/c/backup</b>. (This Windows example would be equivalent to 'C:\backup' on the Windows host. So you need to translate the path that you want to use into the correct format.)<br><br>
-                            ⚠ Note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-it-on-windows"><b>click here</b></a><br><br>
+                            ⚠️ Note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                        {% endif %}
                    {% else %}
                        <b>Everything set!</b> Click on the button below to test the path and password:<br/><br/>
@@ -223,7 +230,7 @@

                    {% if has_update_available == true %}
                        {% if is_mastercontainer_update_available == false %}
-                            ⚠ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
+                            ⚠️ Container updates are available. Click on 'Stop Containers' and 'Start Containers' to update them. You should consider creating a backup first.<br><br>
                        {% endif %}
                    {% else %}
                        {% if is_mastercontainer_update_available == false %}
@@ -235,7 +242,7 @@
                {% if isAnyRunning == true %}
                    {% if isApacheStarting != true %}
                        {% if is_mastercontainer_update_available == true %}
-                            ⚠ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
+                            ⚠️ A mastercontainer update is available. Please click on the button below to stop your containers in order to be able to update the mastercontainer.<br /><br />
                            {% if current_channel starts with 'latest' %}
                                You can find the changelog <a href="https://github.com/nextcloud/all-in-one/releases/latest"><b>here</b></a><br><br>
                            {% elseif current_channel starts with 'beta' %}
@@ -260,7 +267,7 @@
                            Clicking on the button below will download all docker containers and start them. This can take a lot of time depending on your internect connection. Since the overall size is a few GB, this will take around 5-10 min or more. So be aware and patient!<br><br>
                        {% endif %}
                        {% if is_mastercontainer_update_available == true %}
-                            ⚠ A mastercontainer update is available. Please click on the button below to update it.<br><br>
+                            ⚠️ A mastercontainer update is available. Please click on the button below to update it.<br><br>
                            <form method="POST" action="/api/docker/watchtower" class="xhr">
                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -298,7 +305,7 @@
                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
                            An example for Linux is <b>/mnt/backup</b>.<br>
                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/host_mnt/c/backup</b>. (This Windows example would be equivalent to 'C:\backup' on the Windows host. So you need to translate the path that you want to use into the correct format.)<br><br>
+                            On Windows it must be <b>nextcloud_aio_backupdir</b>. You need to create the 'nextcloud_aio_backupdir' volume beforehand by following this documentation: <a href="https://github.com/nextcloud/all-in-one#how-to-run-it-on-windows"><b>click here</b></a><br><br>
                    {% endif %}

                    {% if borg_backup_host_location != "" %}
@@ -306,6 +313,15 @@
                            <h2>Backup and restore</h2>
                            {% if backup_exit_code > 0 %}
                                <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                {% if has_backup_run_once == false %}
+                                    You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
+                                    <form method="POST" action="/api/configuration" class="xhr">
+                                        <input type="text" value="{{borg_backup_host_location}}" name="borg_backup_host_location" placeholder="/mnt/backup"/>
+                                        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                        <input class="button" type="submit" value="Submit" />
+                                    </form>
+                                {% endif %}
                            {% elseif backup_exit_code == 0 %}
                                {% if borg_backup_mode == "backup" %}
                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful on {{ last_backup_time }} UTC! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -318,7 +334,7 @@
                        {% if is_backup_container_running == false and isApacheStarting == false %}
                            {% if has_backup_run_once == true %}
                                <details>
-                                <summary>Click here to reveal all backup options</summary><br />
+                                <summary>Click here to reveal all backup options (it also includes an option for automatic updates)</summary><br />
                            {% endif %}
                            <h3>Backup information</h3>
                            This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
@@ -359,18 +375,22 @@
                                        <input class="button" type="submit" value="Restore selected backup" onclick="return confirm('Restore the selected backup? Are you sure that you want to restore the selected backup? This will stop all running containers and restore the selected backup. It is recommended to create a backup first. You might also want to check the backup integrity.')" />
                                    </form>

-                                    <h3>Daily backup</h3>
+                                    <h3>Daily backup and automatic updates</h3>
                                    {% if daily_backup_time == "" %}
                                        By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <b>04:00</b> will create backups at 4 am UTC and <b>16:00</b> at 4 pm UTC.<br><br/>
                                        <form method="POST" action="/api/configuration" class="xhr">
                                            <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                            <input class="button" type="submit" value="Submit" />
+                                            <input class="button" type="submit" value="Submit" /><br>
+                                            <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
                                        </form>
-                                        This option will also automatically update your containers, the mastercontainer and your Nextcloud apps and will send a notification about the result of the backup.<br><br/>
                                    {% else %}
-                                        Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup and automatic updates of your containers, the mastercontainer and your Nextcloud apps. You can disable this option again by clicking on the button below.<br><br/>
+                                        Daily backups will be created at <b>{{ daily_backup_time }} UTC</b> which includes a notification about the result of the backup.
+                                        {% if automatic_updates == true %}
+                                            Also your containers, the mastercontainer and on saturdays your Nextcloud apps will be automatically updated. 
+                                        {% endif %}
+                                        You can disable this option again by clicking on the button below.<br><br/>
                                        <form method="POST" action="/api/configuration" class="xhr">
                                            <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -399,7 +419,7 @@
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                <input class="button" type="submit" value="Submit" />
                            </form>
-                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.
+                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br><br>
                        {% endif %}
                    {% endif %}
                {% endif %}
@@ -424,9 +444,9 @@
                            <input type="checkbox" id="collabora" name="collabora"><label for="collabora">Collabora (Nextcloud Office)</label><br>
                        {% endif %}
                        {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
                        {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports 3478/TCP and 3478/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
                        {% endif %}
                        {% if is_onlyoffice_enabled == true %}
                            <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice (only supported on x64)</label><br>
@@ -444,6 +464,57 @@
                        <script type="text/javascript" src="disable-talk.js"></script>
                        <script type="text/javascript" src="disable-collabora.js"></script>
                    {% endif %}
+
+                    {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
+                        <h3>Collabora dictionaries</h3>
+
+                        {% if collabora_dictionaries == "" %}
+                            In order to get the correct dictionaries in Collabora, you may configure the dictionaries below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="collabora_dictionaries" placeholder="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" />
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            You need to make sure that the dictionaries that you enter are valid. An example is <b>de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru</b>.<br><br>
+                        {% else %}
+                            The dictionaries for Collabora are currently set to <b>{{ collabora_dictionaries }}</b>. You can reset them again by clicking on the button below.<br><br/>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="hidden" name="delete_collabora_dictionaries" value="yes"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Reset collabora dictionaries" />
+                            </form>
+                        {% endif %}
+                    {% endif %}
+
+                    <h2>Timezone change</h2>
+                    {% if isAnyRunning == true %}
+                        {% if timezone != "" %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>.<br><br>
+                        {% endif %}
+                        <b>Note:</b> You can change the timezone when your containers are stopped.<br><br>
+                    {% else %}
+                        {% if timezone == "" %}
+                            In order to get the correct time values for certain Nextcloud features, it makes sense to set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.<br><br>
+                            You can configure the timezone for Nextcloud below:<br><br>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="text" name="timezone" placeholder="Europe/Berlin" />
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Submit" />
+                            </form>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>.<br><br>
+                        {% else %}
+                            The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
+                            <form method="POST" action="/api/configuration" class="xhr">
+                                <input type="hidden" name="delete_timezone" value="yes"/>
+                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                <input class="button" type="submit" value="Reset the timezone" />
+                            </form>
+                        {% endif %}
+                    {% endif %}
                {% endif %}
            {% endif %}
        {% endif %}
--- a/readme.md
+++ b/readme.md
@@ -16,7 +16,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
    ```
    curl -fsSL get.docker.com | sudo sh
    ```
-
+1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:<br><br>
    (For people that cannot use ports 80 and/or 443 on this server, please follow the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) because port 443 is used by this project and opened on the host by default even though it does not look like this is the case. Otherwise please run the command below!)
    ```
@@ -75,12 +75,10 @@ Only those (if you access the Mastercontainer Interface internally via port 8080
 - `3478/TCP` and `3478/UDP`: will be used by the Turnserver inside the Talk container and needs to be open in your firewall/router

 ### How to run it on macOS?
-On macOS, there is one specialty in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). Apart from that it should work and behave the same like on Linux.
+On macOS, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /var/run/docker.sock.raw:/var/run/docker.sock:ro` to run it after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/). You also need to add `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"`to the startup command. Apart from that it should work and behave the same like on Linux.

 ### How to run it on Windows?
-On Windows, the following command should work after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):
-<details>
-<summary>Click here to show it</summary>
+On Windows, the following command should work in the command prompt after you installed [Docker Desktop](https://www.docker.com/products/docker-desktop/):

 ```
 docker run -it ^
@@ -94,9 +92,32 @@ docker run -it ^
 nextcloud/all-in-one:latest
 ```

-**Please note:** AIO works on Windows in general but due to a bug in `Docker for Windows`, it currently does not support mounting directories from the host into AIO which means that `NEXTCLOUD_DATADIR`, `NEXTCLOUD_MOUNT` do not work and the built-in backup solution is not able to write to the host OS. See https://github.com/nextcloud/all-in-one/discussions/600.
+**Please note:** In order to make the built-in backup solution able to back up to the host system, you need to create a volume with the name `nextcloud_aio_backupdir` beforehand:
+```
+docker volume create ^
+--driver local ^
+--name nextcloud_aio_backupdir ^
+-o device="/host_mnt/c/your/backup/path" ^
+-o type="none" ^
+-o o="bind"
+```
+(The value `/host_mnt/c/your/backup/path` in this example would be equivalent to `C:\your\backup\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!

-</details>
+### How to run it with Portainer?
+The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
+
+### How to run it behind a Cloudflare Argo Tunnel?
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Argo Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Argo Tunnel.
+
+### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
+It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
+```
+sudo sed -i 's/FirewallBackend=nftables/FirewallBackend=iptables/g' /etc/firewalld/firewalld.conf
+sudo systemctl restart firewalld docker
+```
+Afterwards it should work.<br>
+
+See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it

 ### How to run `occ` commands?
 Simply run the following: `sudo docker exec -it nextcloud-aio-nextcloud php occ your-command`. Of course `your-command` needs to be exchanged with the command that you want to run.
@@ -104,6 +125,9 @@ Simply run the following: `sudo docker exec -it nextcloud-aio-nextcloud php occ
 ### How to resolve `Security & setup warnings displays the "missing default phone region" after initial install`?
 Simply run the following command: `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set default_phone_region --value="yourvalue"`. Of course you need to modify `yourvalue` based on your location. Examples are `DE`, `EN` and `GB`. See this list for more codes: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements

+### Bruteforce protection FAQ
+Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.
+
 ### Update policy
 This project values stability over new features. That means that when a new major Nextcloud update gets introduced, we will wait at least until the first patch release, e.g. `24.0.1` is out before upgrading to it. Also we will wait with the upgrade until all important apps are compatible with the new major version. Minor or patch releases for Nextcloud and all dependencies as well as all containers will be updated to new versions as soon as possible but we try to give all updates first a good test round before pushing them. That means that it can take around 2 weeks before new updates reach the `latest` channel. If you want to help testing, you can switch to the `beta` channel by following [this documentation](#how-to-switch-the-channel) which will also give you the updates earlier.

@@ -120,12 +144,35 @@ Additionally, there is a cronjob that runs once a day that checks for container
 ### How to easily log in to the AIO interface?
 If your Nextcloud is running and you are logged in as admin in your Nextcloud, you can easily log in to the AIO interface by opening `https://yourdomain.tld/settings/admin/overview` which will show a button on top that enables you to log in to the AIO interface by just clicking on this button. **Note:** You can change the domain/ip-address/port of the button by simply stopping the containers, visiting the AIO interface from the correct and desired domain/ip-address/port and clicking once on `Start containers`.

+### How to change the domain?
+If you set up a new AIO instance, you need to enter a domain. Currently there is no way to change this domain afterwards from the AIO interface. So in order to change it, you need to edit the configuration.json manually that is most likely stored in `/var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/configuration.json`, subsitute each occurrence of your old domain with your new domain and save and write out the file. Afterwards restart your containers from the AIO interface and everything should work as expected if the new domain is correctly configured.<br>
+If you are running AIO behind a reverse proxy, you need to obviously also change the domain in your reverse proxy config.
+
+**⚠️ Please note:** Editing the configuration.json manually and making a mistake may break your instance so please create a backup first!
+
+### How to properly reset the instance?
+If something goes unexpected routes during the initial installation, you might want to reset the AIO installation to be able to start from scratch.
+
+**Please note**: if you already have it running and have data on your instance, you should not follow these instructions as it will delete all data that is coupled to your AIO instance.
+
+Here is how to reset the AIO instance properly:
+1. Stop all containers if they are running from the AIO interface
+1. Stop the mastercontainer with `sudo docker stop nextcloud-aio-mastercontainer`
+1. If the domaincheck container is still running, stop it with `sudo docker stop nextcloud-aio-domaincheck`
+1. Check which containers are stopped: `sudo docker ps --filter "status=exited"`
+1. Now remove all these stopped containers with `sudo docker container prune`
+1. Delete the docker network with `sudo docker network rm nextcloud-aio`
+1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
+1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`)
+1. Optional: You can remove all docker images with `sudo docker image prune -a`.
+1. And you are done! Now feel free to start over with the recommended docker run command!
+
 ### Backup solution
 Nextcloud AIO provides a local backup solution based on [BorgBackup](https://github.com/borgbackup/borg#what-is-borgbackup). These backups act as a local restore point in case the installation gets corrupted. 

 It is recommended to create a backup before any container update. By doing this, you will be safe regarding any possible complication during updates because you will be able to restore the whole instance with basically one click. 

-If you connect an external drive to your host, and choose the backup directory to be on that drive, you are also kind of save against drive failures of the drive where the docker volumes are stored on. 
+If you connect an external drive to your host, and choose the backup directory to be on that drive, you are also kind of safe against drive failures of the drive where the docker volumes are stored on. 

 <details>
 <summary>How to do the above step for step</summary>
@@ -261,11 +308,21 @@ if ! [ -d "$TARGET_DIRECTORY" ]; then
    exit 1
 fi

+if [ -f "$SOURCE_DIRECTORY/aio-lockfile" ]; then
+    echo "Not continuing because aio-lockfile already exists."
+    exit 1
+fi
+
+touch "$SOURCE_DIRECTORY/aio-lockfile"
+
 if ! rsync --stats --archive --human-readable --delete "$SOURCE_DIRECTORY/" "$TARGET_DIRECTORY"; then
    echo "Failed to sync the backup repository to the target directory."
    exit 1
 fi

+rm "$SOURCE_DIRECTORY/aio-lockfile"
+rm "$TARGET_DIRECTORY/aio-lockfile"
+
 umount "$DRIVE_MOUNTPOINT"

 if docker ps --format "{{.Names}}" | grep "^nextcloud-aio-nextcloud$"; then
@@ -278,14 +335,21 @@ fi

 </details>

-You can simply copy and past the script into a file e.g. named `backup-script.sh` e.g. here: `/root/backup-script.sh`. Do not forget to modify the variables to your needings though!
+You can simply copy and past the script into a file e.g. named `backup-script.sh` e.g. here: `/root/backup-script.sh`. Do not forget to modify the variables to your requirements!

-Afterwards apply the correct permissions with `sudo chown root:root /root/backup-script.sh` and `sudo chmod 700 /root/backup-script.sh`. Then you can create a cronjob that runs e.g. at `20:00` each week on sundays like this: 
+Afterwards apply the correct permissions with `sudo chown root:root /root/backup-script.sh` and `sudo chmod 700 /root/backup-script.sh`. Then you can create a cronjob that runs e.g. at `20:00` each week on Sundays like this: 
 1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
-1. Add the following new line to the crontab if not alreaddy present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on sundays each week. 
-1. save and close the crontab (when using nano are the shortcouts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+1. Add the following new line to the crontab if not already present: `0 20 * * 7 /root/backup-script.sh` which will run the script at 20:00 on Sundays each week. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).

-⚠ **Attention:** Make sure that the execution of the script does not collidate with the daily backups from AIO (if configured) since the target backup repository might get into an inconsistent state. (There is no check in place that checks this.)
+### How to stop/start/update containers or trigger the daily backup from a script externally?
+You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
+- `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
+- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking which means that the backup is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
+- `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
+
+One example for this would be `sudo docker exec -it nextcloud-aio-mastercontainer DAILY_BACKUP=1 /daily-backup.sh`, which you can run via a cronjob or put it in a script.

 ### How to change the default location of Nextcloud's Datadir?
 You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
@@ -293,30 +357,45 @@ You can configure the Nextcloud container to use a specific directory on your ho
 - An example for Linux is `-e NEXTCLOUD_DATADIR="/mnt/ncdata"`.
 - On macOS it might be `-e NEXTCLOUD_DATADIR="/var/nextcloud-data"`
 - For Synology it may be `-e NEXTCLOUD_DATADIR="/volume1/docker/nextcloud/data"`. 
- On Windows it might be `-e NEXTCLOUD_DATADIR="/host_mnt/c/your/data/path"` (This Windows example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) 
+- On Windows it must be `-e NEXTCLOUD_DATADIR="nextcloud_aio_nextcloud_datadir"`. In order to use this, you need to create the `nextcloud_aio_nextcloud_datadir` volume beforehand:
+    ```
+    docker volume create ^
+    --driver local ^
+    --name nextcloud_aio_nextcloud_datadir ^
+    -o device="/host_mnt/c/your/data/path" ^
+    -o type="none" ^
+    -o o="bind"
+    ```
+    (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!

-⚠ Please make sure to apply the correct permissions to the chosen directory before starting Nextcloud the first time (not needed on Windows). 
+⚠️ Please make sure to apply the correct permissions to the chosen directory before starting Nextcloud the first time (not needed on Windows). 

 - In this example for Linux, the command for this would be `sudo chown -R 33:0 /mnt/ncdata` and `sudo chmod -R 750 /mnt/ncdata`. 
 - On macOS, the command for this would be `sudo chown -R 33:0 /var/nextcloud-data` and `sudo chmod -R 750 /var/nextcloud-data`.
 - For Synology, the command for this example would be `sudo chown -R 33:0 /volume1/docker/nextcloud/data` and `sudo chmod -R 750 /volume1/docker/nextcloud/data`
 - On Windows, this command is not needed.

-⚠ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards!
+⚠️ **Attention:** It is very important to change the datadir **before** Nextcloud is installed/started the first time and not to change it afterwards!

 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.

 - Two examples for Linux are `-e NEXTCLOUD_MOUNT="/mnt/"` and `-e NEXTCLOUD_MOUNT="/media/"`.
 - For Synology it may be `-e NEXTCLOUD_MOUNT="/volume1/"`.
- On Windows it might be `-e NEXTCLOUD_MOUNT="/host_mnt/c"` (This Windows example would be equivalent to `C:\` on the Windows host. So you need to translate the path that you want to use into the correct format.) 
+- On Windows is this option not supported.

-After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud (not needed on Windows). E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. 
+After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `-e NEXTCLOUD_MOUNT="/mnt/"`. 

 You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 

 Be aware though that these locations will not be covered by the built-in backup solution!

+### What can I do to fix the internal or reserved ip-address error?
+If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
+
+### How to run this with docker rootless?
+You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

@@ -335,11 +414,30 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 ### Custom skeleton directory
 If you want to define a custom skeleton directory, you can do so by putting your skeleton files into `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton/`, applying the correct permissions with `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/skeleton` and and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and setting the skeleton directory option with `sudo docker exec -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`. You can read further on this option here: [click here](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html?highlight=skeletondir#:~:text=adding%20%3Fdirect%3D1-,'skeletondirectory',-%3D%3E%20'%2Fpath%2Fto%2Fnextcloud)

+### Fail2ban
+You can configure your server to block certain ip-addresses using fail2ban as bruteforce protection. Here is how to set it up: https://docs.nextcloud.com/server/stable/admin_manual/installation/harden_server.html#setup-fail2ban. The logpath of AIO is by default `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/data/nextcloud.log`. Do not forget to add `chain=DOCKER-USER` to your nextcloud jail config (`nextcloud.local`) otherwise the nextcloud service running on docker will still be accessible even if the IP is banned.
+
 ### LDAP
-It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/osixia/openldap/. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container. **Pro-tip**: You will probably find this app useful: https://apps.nextcloud.com/apps/ldap_write_support
+It is possible to connect to an existing LDAP server. You need to make sure that the LDAP server is reachable from the Nextcloud container. Then you can enable the LDAP app and configure LDAP in Nextcloud manually. If you don't have a LDAP server yet, recommended is to use this docker container: https://hub.docker.com/r/nitnelave/lldap. Make sure here as well that Nextcloud can talk to the LDAP server. The easiest way is by adding the LDAP docker container to the docker network `nextcloud-aio`. Then you can connect to the LDAP container by its name from the Nextcloud container.
+
+### Netdata
+Netdata allows you to monitor your server using a GUI. You can install it by following https://learn.netdata.cloud/docs/agent/packaging/docker#create-a-new-netdata-agent-container.

 ### USER_SQL
 If you want to use the user_sql app, the easiest way is to create an additional database container and add it to the docker network `nextcloud-aio`. Then the Nextcloud container should be able to talk to the database container using its name.

+### phpMyAdmin, Adminer or pgAdmin
+It is possible to install any of these to get a GUI for your AIO database. The pgAdmin container is recommended. You can get some docs on it here: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html. For the container to connect to the aio-database, you need to connect the container to the docker network `nextcloud-aio` and use `nextcloud-aio-database` as database host, `oc_nextcloud` as database username and the password that you get when running `sudo grep dbpassword /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` as the password. 
+
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
+
+### Requirements for integrating new containers
+For integrating new containers, they must pass specific requirements for being considered to get integrated in AIO itself. Even if not considered, we may add some documentation on it.
+
+What are the requirements?
+1. New containers must be related to Nextcloud. Related means that there must be a feature in Nextcloud that gets added by adding this container.
+2. It must be optionally installable. Disabling and enabling the container from the AIO interface must work and must not produce any unexpected side-effects.
+3. The feature that gets added into Nextcloud by adding the container must be maintained by the Nextcloud GmbH. 
+4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
+5. The container should not mount directories from the host into the container: only docker volumes should be used.
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,20 +1,80 @@
 # Reverse Proxy Documentation

-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 3](#3-optional-get-a-valid-certificate-for-the-aio-interface). 
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface). 

 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.

 **Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
- Optional: get a valid certificate for the AIO interface! See [point 3](#3-optional-get-a-valid-certificate-for-the-aio-interface)
- How to debug things? See [point 4](#4-how-to-debug-things)
+1. If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
+- Optional: get a valid certificate for the AIO interface! See [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface)
+- How to debug things? See [point 5](#5-how-to-debug-things)

 ## 1. Add this to your reverse proxy config

 **Please note:** Since the Apache container gets spawned by the mastercontainer, there is **NO** way to provide custom docker labels or custom environmental variables for the Apache container. So please do not attempt to do this because you will fail! Only the documented way will work!

-### Caddy
+### Apache
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. See e.g. https://github.com/nextcloud/all-in-one/issues/834. Improvements to it are very welcome!
+
+Add this as a new Apache site config:
+
+(The config below assumse that you are using certbot to get your certificates. You need to create them first in order to make it work.)
+
+```
+<VirtualHost *:80>
+    ServerName <your-nc-domain>
+
+    RewriteEngine On
+    RewriteCond %{HTTPS} off
+    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+    RewriteCond %{SERVER_NAME} =<your-nc-domain>
+    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName <your-nc-domain>
+
+    # Reverse proxy
+    RewriteEngine On
+    ProxyPreserveHost On
+    RewriteCond %{HTTP:Upgrade} websocket [NC]
+    RewriteCond %{HTTP:Connection} upgrade [NC]
+    RewriteRule ^/(.*) "ws://localhost:11000/$1" [P,L]
+    ProxyPass / http://localhost:11000/
+    ProxyPassReverse / http://localhost:11000/
+
+    # Enable h2, h2c and http1.1
+    Protocols h2 h2c http/1.1
+
+    # SSL
+    SSLEngine on
+    Include /etc/letsencrypt/options-ssl-apache.conf
+    SSLCertificateFile /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/<your-nc-domain>/privkey.pem
+
+    # Disable HTTP TRACE method.
+    TraceEnable off
+    <Files ".ht*">
+        Require all denied
+    </Files>
+</VirtualHost>
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+To make the config work you can run the following command:
+`sudo a2enmod rewrite proxy proxy_http proxy_wstunnel ssl headers http2`
+
+</details>
+
+### Caddy (Recommended)

 <details>

@@ -24,12 +84,24 @@ Add this to your Caddyfile:

 ```
 https://<your-nc-domain>:443 {
-    header Strict-Transport-Security max-age=31536000;
    reverse_proxy localhost:11000
 }
 ```

-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `locahost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
+### Cloudflare Argo Tunnel
+
+<details>
+
+<summary>click here to expand</summary>
+
+Although it does not seems like it is the case but from AIO perspective a Cloudflare Argo Tunnel works like a reverse proxy. Here is how to make it work:
+
+1. Install the Cloudflare Argo Tunnel on the same machine where AIO will be running on and point the Argo Tunnel with the domain that you want to use for AIO to `http://localhost:11000`. If the Argo Tunnel is running on a different machine, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+2. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command which will disable the dommain validation (because it is known that the domain validation will not work behind a Cloudflare Argo Tunnel). So you need to ensure yourself that you've configured everything correctly.

 </details>

@@ -58,7 +130,7 @@ location / {
    }
 ```

-Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `locahost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)

 </details>

@@ -77,6 +149,26 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al

 </details>

+### Nginx-Proxy-Manager
+
+<details>
+
+<summary>click here to expand</summary>
+
+See these screenshots for a working config:
+
+![image](https://user-images.githubusercontent.com/75573284/169556183-2999a733-de42-4008-af09-d4151719a474.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169555356-71f32be5-99b5-43ea-8aa7-632c8ef8fad3.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169557664-52db8713-f0ef-42ac-a161-de40280232a3.png)
+
+![image](https://user-images.githubusercontent.com/75573284/169555441-dd9a42f5-aea5-4082-8e26-7adcfa4e6cfa.png)
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also change `<you>@<your-mail-provider-domain>` to a mail address of yours. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+
+</details>
+
 ### Traefik 2

 <details>
@@ -102,7 +194,7 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
            [http.services.nc-svc.loadBalancer]
                passHostHeader = true
                [[http.services.nc-svc.loadBalancer.servers]]
-                    url = "http://locahost:11000"
+                    url = "http://localhost:11000"
    ```

 2. Add to the bottom of the `middlewares.toml` file in the Treafik rules folder the following content:
@@ -112,10 +204,6 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
        [http.middlewares.nc-middlewares-secure-headers.headers]
            hostsProxyHeaders = ["X-Forwarded-Host"]
            sslRedirect = true
-            stsSeconds = 63072000
-            stsIncludeSubdomains = true
-            stsPreload = true
-            forceSTSHeader = true
            referrerPolicy = "same-origin"
            X-Robots-Tag = "none"
    ```
@@ -130,7 +218,7 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al

 ---

-Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `locahost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen APACHE_PORT. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)

 </details>

@@ -162,6 +250,8 @@ sudo docker run -it \
 nextcloud/all-in-one:latest
 ```

+You should also think about limiting the apache container to listen only on localhost in case the reverse proxy is running on the same host by providing an additional environmental variable to this docker run command. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost).
+
 <details>

 <summary>Command for arm64 CPUs like the Raspberry Pi 4</summary>
@@ -208,7 +298,11 @@ Simply translate the docker run command into a docker-compose file. You can have
 ### How to continue? 
 After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!

-## 3. Optional: get a valid certificate for the AIO interface
+## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.
+
+Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`
+
+## 4. Optional: get a valid certificate for the AIO interface

 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:

@@ -222,14 +316,17 @@ https://<your-nc-domain>:8443 {
 }
 ```

-Of course you need to modify `<your-nc-domain>` in the nextcloud.toml to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `locahost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)

 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.

-## 4. How to debug things?
+## 5. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
+1. Make sure that all ports match the chosen APACHE_PORT.
 1. Make sure that the mastercontainer is able to spawn other containers. You can do so by checking that the mastercontainer indeed has access to the Docker socket which might not be positioned in one of the suggested directories like `/var/run/docker.sock` but in a different directory, based on your OS and the way how you installed Docker. The mastercontainer logs should help figuring this out. You can have a look at them by running `sudo docker logs nextcloud-aio-mastercontainer` after the container is started the first time.
-1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z locahost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `locahost` the ip-address of the host here for the test.
+1. Check if after the mastercontainer was started, the reverse proxy if running inside a container, can reach the provided apache port. You can test this by running `nc -z localhost 11000; echo $?` from inside the reverse proxy container. If the output is `0`, everything works. Alternatively you can of course use instead of `localhost` the ip-address of the host here for the test.
 1. Try to configure everything from scratch if it still does not work!
+1. As last resort, you may disable the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!
+
--- a/tests/QA/050-optional-addons.md
+++ b/tests/QA/050-optional-addons.md
@@ -1,6 +1,6 @@
 # Optional addons

- [ ] At the bottom of the page in the AIO interface, you should see the optional addons section
+- [ ] Close to the bottom of the page in the AIO interface, you should see the optional addons section
 - [ ] You should be able to change optional addons when containers are stopped and not change them when containers are running
 - [ ] Enabling either of the options should start a new container with the same or comparable name and should also list them in the containers section
 - [ ] After all containers are started with the new config active, you should verify that the options were automatically activated/deactivated.
@@ -8,5 +8,6 @@
    - [ ] Collabora by trying to open a .docx or .odt file in Nextcloud
    - [ ] Nextcloud Talk by opening the Talk app in Nextcloud, creating a new chat and trying to join a call in this chat. Also verifying in the settings that the HPB and turn server work.
    - [ ] Onlyoffice by trying to open a .docx file in Nextcloud
+- [ ] When Collabora is enabled, it should show below the Optional Addons section a section where you can change the dictionaries for collabora. `de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru` should be a valid setting. E.g. `de.De` not. If already set, it should show a button that allows to remove the setting again.

 You can now continue with [060-environmental-variables.md](./060-environmental-variables.md)
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -1,6 +1,12 @@
 # Environmental variables

 - [ ] When starting the mastercontainer with `-e APACHE_PORT=11000` on a clean instance, the domaincheck container should be started with that same port published. That makes sure that also the Apache container will use that port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `-e APACHE_IP_BINDING=127.0.0.1` on a clean instance, the domaincheck container's apache port should only listen on localhost on the host. Using a value here that is not a number or dot will not allow the mastercontainer to start correctly.
+- [ ] When starting the mastercontainer with `-e TALK_PORT=3479` on a clean instance, the talk container should use this port later on. Using a value here that is not a port will not allow the mastercontainer to start correctly. Also it should stop if apache_port and talk_port are set to the same value.
 - [ ] Make also sure that reverse proxies work by following https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#reverse-proxy-documentation and following [001-initial-setup.md](./001-initial-setup.md) and [002-new-instance.md](./002-new-instance.md)
+- [ ] When starting the mastercontainer with `-e SKIP_DOMAIN_VALIDATION=true` on a clean instance, it should skip the domain verification. So it should accept any domain that you type in then.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
+- [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
+
+You can now continue with [070-timezone-change.md](./070-timezone-change.md)
--- a/tests/QA/070-timezone-change.md
+++ b/tests/QA/070-timezone-change.md
@@ -0,0 +1,10 @@
+# Timezone change
+
+- [ ] At the very bottom of the page you should see the timezone change section
+- [ ] When the containers are stopped, you should be able to change it and set/reset it
+- [ ] If not already set, it should show an input field where you can enter a timezone
+- [ ] `Europe/Berlin` should be accepted, e.g. `Europe Berlin` not
+- [ ] When it is set, it should show that it is set to which timezone and display a button that allows to reset it again which does this on a press
+- [ ] When it is set, running `date` inside Nextcloud releated containers should return the correct timezone
+
+You can now continue with [080-daily-backup-script.md](./080-daily-backup-script.md)
--- a/tests/QA/080-daily-backup-script.md
+++ b/tests/QA/080-daily-backup-script.md
@@ -0,0 +1,5 @@
+# Daily backup script
+
+The script is delivered within the mastercontainer and allows to run a few things like daily backup and container updates from an external script.
+
+You can find the documentation on this here which needs to work as documented: https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally