substitute borg --progress by borg -v

Signed-off-by: Simon L <szaimen@e.mail.de>
try to fix the borg check
2026-05-21 19:00:33 +00:00 · 2023-01-04 17:10:21 +01:00 · 2023-01-04 16:49:47 +01:00 · 2023-01-04 16:22:38 +01:00 · 2023-01-04 16:21:45 +01:00 · 2023-01-04 16:17:04 +01:00
112 changed files with 3608 additions and 1332 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -11,6 +11,12 @@ labels: bug, 0. Needs triage
 * Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
 * Subscribe to receive notifications on status change and new comments. 

+
+<!---
+For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
+--->
+
+
 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
 1.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -135,3 +135,24 @@ updates:
  labels:
  - 3. to review
  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/imaginary"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/fulltextsearch"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "elasticsearch"
+      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -0,0 +1,51 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Rebase command
+
+on:
+  issue_comment:
+    types: created
+
+permissions:
+  contents: read
+
+jobs:
+  rebase:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: none
+
+    # On pull requests and if the comment starts with `/rebase`
+    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
+
+    steps:
+      - name: Add reaction on start
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "+1"
+
+      - name: Checkout the latest code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Automatic Rebase
+        uses: cirrus-actions/rebase@1.8
+        env:
+          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Add reaction on failure
+        uses: peter-evans/create-or-update-comment@v2
+        if: failure()
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "-1"
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Modify the Dockerfile
        run: |
          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
          cat << APCU >> "psalm-github-actions/Dockerfile"
          RUN mkdir -p /usr/src/php/ext/apcu && \
            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -1,18 +1,20 @@
 name: dependency-updates

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

 jobs:
  dependency_updates:
    name: Run dependency update script
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v3
    - uses: nanasess/setup-php@master
      with:
-        php-version: '8.0'
+        php-version: 8.1
+        extensions: apcu
    - name: Run dependency update script
      run: |
        set -x
@@ -22,7 +24,7 @@ jobs:
        cd ./php
        composer update
        set +e
-        ALL_LINES="$(composer outdated | grep -v "psr/container")"
+        ALL_LINES="$(composer outdated | grep -v "psr/container\|^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
        set -e
        while [ -n "$ALL_LINES" ]; do
          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -1,48 +1,55 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Lint
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-      - master
-      - stable*
-
-jobs:
-  php-lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-versions: ["8.0"]
-
-    name: php-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: ${{ matrix.php-versions }}
-          coverage: none
-
-      - name: Lint
-        run: cd php && composer run lint
-
-  summary:
-    runs-on: ubuntu-latest
-    needs: php-lint
-
-    if: always()
-
-    name: php-lint-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: lint-php-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  php-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.1"]
+
+    name: php-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: Lint
+        run: cd php && composer run lint
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: php-lint
+
+    if: always()
+
+    name: php-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.php-lint.result != 'success' && needs.php-lint.result != 'skipped' }}; then exit 1; fi
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v3
+      - uses: dessant/lock-threads@v4
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -2,6 +2,7 @@
 name: nextcloud-update

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

@@ -58,7 +59,7 @@ jobs:
            | tail -1
        )"
        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
-        
+
        # Nextcloud
        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -0,0 +1,29 @@
+name: PHP Deprecation Detector
+# See https://github.com/wapmorgan/PhpDeprecationDetector
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: PHP Deprecation Detector
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.1
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.1
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require wapmorgan/php-deprecation-detector dev-master
+          composer install
+          composer run php-deprecation-detector
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -12,10 +12,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -8,7 +8,7 @@ on:

 jobs:
  shellcheck:
-    name: Github Actions
+    name: Check Shell
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 /php/vendor
 /manual-install/*.conf
 !/manual-install/sample.conf
-/manual-install/docker-compose.yml
+/manual-install/docker-compose.yml
+/manual-install/.env
--- a/1
+++ b/1
@@ -1 +0,0 @@
-*       @szaimen @LukasReschke @azul @juliushaertl
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,9 +1,7 @@
 # Caddy is a requirement
-FROM caddy:2.5.1-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy

-FROM debian:bullseye-20220527-slim
-
-EXPOSE 80
+FROM debian:bullseye-20221219-slim

 RUN mkdir -p /mnt/data; \
    chown www-data:www-data /mnt/data;
@@ -47,6 +45,10 @@ RUN rm /etc/apache2/ports.conf; \
 RUN set -ex; \
    a2dissite 000-default && \
    a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
    a2ensite nextcloud.conf && \
    rm -rf /var/www/html/* && \
    chown www-data:www-data -R /var/log/apache2; \
@@ -62,8 +64,10 @@ RUN mkdir /var/log/supervisord; \
 COPY Caddyfile /

 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY supervisord.conf /
 RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /usr/bin/healthcheck.sh; \
    chmod +r /supervisord.conf; \
    chown www-data:www-data /Caddyfile; \
    chmod +r -R /etc/apache2
@@ -74,4 +78,6 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER www-data

 ENTRYPOINT ["start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD healthcheck.sh
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+nc -z localhost 8000 || exit 1
+if [ "$APACHE_PORT" != '443' ]; then
+    nc -z localhost "$APACHE_PORT" || exit 1
+else
+    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
+fi
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -1,8 +1,14 @@
 Listen 8000
 <VirtualHost *:8000>
+    ServerName localhost
+
+    # Add error log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2
+
    # PHP match
    <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"
+        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
    </FilesMatch>
    # Nextcloud dir
    DocumentRoot /var/www/html/
@@ -24,4 +30,13 @@ Listen 8000
    # Fix zero file sizes 
    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
    SetEnv proxy-sendcl 1
+
+    # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
+    LimitRequestBody ${APACHE_MAX_SIZE}
+
+    # See https://httpd.apache.org/docs/current/mod/core.html#timeout
+    Timeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
+    ProxyTimeout ${APACHE_MAX_TIME}
 </VirtualHost>
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -1,23 +1,23 @@
-[supervisord]
-nodaemon=true
-nodaemon=true
-logfile=/var/log/supervisord/supervisord.log
-pidfile=/var/run/supervisord/supervisord.pid
-childlogdir=/var/log/supervisord/
-logfile_maxbytes=50MB                           
-logfile_backups=10                              
-loglevel=error
-
-[program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=apachectl -DFOREGROUND
-
-[program:caddy]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run -config /Caddyfile
+[supervisord]
+nodaemon=true
+nodaemon=true
+logfile=/var/log/supervisord/supervisord.log
+pidfile=/var/run/supervisord/supervisord.pid
+childlogdir=/var/log/supervisord/
+logfile_maxbytes=50MB                           
+logfile_backups=10                              
+loglevel=error
+
+[program:apache]
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=apachectl -DFOREGROUND
+
+[program:caddy]
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/bin/caddy run --config /Caddyfile
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,10 +1,11 @@
-FROM debian:bullseye-20220527-slim
+FROM debian:bullseye-20221219-slim

 RUN set -ex; \
    \
+    echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \
    apt-get update; \
+    apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
    apt-get install -y --no-install-recommends \
-        borgbackup \
        rsync \
        fuse \
        python3-llfuse \
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Test that nothing is empty
    for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ]; then
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
            echo "$directory is empty which is not allowed."
            exit 1
        fi
@@ -87,10 +87,13 @@ if [ "$BORG_MODE" = backup ]; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            echo "Cannot initialize a new repository as that was already done at least one time."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
+            echo "By default it is stored here: /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config"
            exit 1
        fi

        echo "initializing repository..."
+        NEW_REPOSITORY=1
        if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
            echo "Could not initialize borg repository."
            rm -f "$BORG_BACKUP_DIRECTORY/config"
@@ -124,15 +127,19 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --progress --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Create the backup
    echo "Starting the backup..."
    get_start_time
    if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
        echo "Deleting the failed backup archive..."
-        borg delete --stats --progress "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
+        if [ "$NEW_REPOSITORY" = 1 ]; then
+            echo "Deleting borg.config file so that you can choose a different location for the backup."
+            rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
+        fi
        exit 1
    fi

@@ -140,7 +147,7 @@ if [ "$BORG_MODE" = backup ]; then
    rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"

    # Prune options
-    BORG_PRUNE_OPTS=(--stats --progress --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
+    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")

    # Prune archives
    echo "Pruning the archives..."
@@ -149,9 +156,82 @@ if [ "$BORG_MODE" = backup ]; then
        exit 1
    fi

+    # Compact archives
+    echo "Compacting the archives..."
+    if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+        echo "Failed to compact archives!"
+        exit 1
+    fi
+
+    # Back up additional directories of the host
+    if [ "$ADDITIONAL_DIRECTORIES_BACKUP" = 'yes' ]; then
+        if [ -d "/docker_volumes/" ]; then
+            DOCKER_VOLUME_DIRS="$(find /docker_volumes -mindepth 1 -maxdepth 1 -type d)"
+            mapfile -t DOCKER_VOLUME_DIRS <<< "$DOCKER_VOLUME_DIRS"
+            for directory in "${DOCKER_VOLUME_DIRS[@]}"; do
+                if [ -z "$(ls -A "$directory")" ]; then
+                    echo "$directory is empty which is not allowed."
+                    exit 1
+                fi
+            done
+            echo "Starting the backup for additional volumes..."
+            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+                echo "Deleting the failed backup archive..."
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
+                echo "Backup of additional docker-volumes failed!"
+                exit 1
+            fi
+            echo "Pruning additional volumes..."
+            if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+                echo "Failed to prune additional docker-volumes archives!"
+                exit 1
+            fi
+            echo "Compacting additional volumes..."
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
+        fi
+        if [ -d "/host_mounts/" ]; then
+            EXCLUDED_DIRECTORIES=(home/*/.cache root/.cache var/cache lost+found run var/run dev tmp sys proc)
+            # Exclude borg backup cache
+            EXCLUDED_DIRECTORIES+=(var/lib/docker/volumes/nextcloud_aio_backup_cache/_data)
+            # Exclude target directory
+            if [ -n "$BORGBACKUP_HOST_LOCATION" ] && [ "$BORGBACKUP_HOST_LOCATION" != "nextcloud_aio_backupdir" ]; then
+                EXCLUDED_DIRECTORIES+=("$BORGBACKUP_HOST_LOCATION")
+            fi
+            for directory in "${EXCLUDED_DIRECTORIES[@]}"
+            do
+                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
+            done
+            echo "Starting the backup for additional host mounts..."
+            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+                echo "Deleting the failed backup archive..."
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
+                echo "Backup of additional host-mounts failed!"
+                exit 1
+            fi
+            echo "Pruning additional host mounts..."
+            if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+                echo "Failed to prune additional host-mount archives!"
+                exit 1
+            fi
+            echo "Compacting additional host mounts..."
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
+                exit 1
+            fi
+        fi
+    fi
+
    # Inform user
    get_expiration_time
    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/update.failed" ]; then
+        echo "However a Nextcloud update failed. So reporting that the backup failed which will skip any update attempt the next time."
+        echo "Please restore a backup from before the failed Nextcloud update attempt."
+        exit 1
+    fi
    exit 0
 fi

@@ -172,12 +252,25 @@ if [ "$BORG_MODE" = restore ]; then
        exit 1
    fi

+    # Save Additional Backup dirs
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories" ]; then
+        ADDITIONAL_BACKUP_DIRECTORIES="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories)"
+    fi
+
+    # Save daily backup time
+    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time" ]; then
+        DAILY_BACKUPTIME="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time)"
+    fi
+
    # Restore everything except the configuration file
    if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
    --exclude "nextcloud_aio_mastercontainer/certs/"** \
-    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
+    --exclude "nextcloud_aio_mastercontainer/session/"** \
    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
        echo "Something failed while restoring from backup."
        umount /tmp/borg
@@ -222,6 +315,20 @@ if [ "$BORG_MODE" = restore ]; then
    CONTENTS="$(jq ".nextcloud_datadir = $NEXTCLOUD_DATADIR" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json

+    # Reset the additional backup directories
+    if [ -n "$ADDITIONAL_BACKUP_DIRECTORIES" ]; then
+        echo "$ADDITIONAL_BACKUP_DIRECTORIES" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+        chown 33:0 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+        chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/additional_backup_directories"
+    fi
+
+    # Reset the additional backup directories
+    if [ -n "$DAILY_BACKUPTIME" ]; then
+        echo "$DAILY_BACKUPTIME" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+        chown 33:0 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+        chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
+    fi
+
    umount /tmp/borg

    # Inform user
@@ -235,6 +342,9 @@ if [ "$BORG_MODE" = restore ]; then
    # Add file to Nextcloud container so that it performs a fingerprint update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+
+    # Delete redis cache
+    rm -f "/mnt/redis/dump.rdb"
 fi

 # Do the Backup check
@@ -243,7 +353,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg check --verify-data --progress "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
        exit 1
    fi
@@ -254,6 +364,23 @@ if [ "$BORG_MODE" = check ]; then
    exit 0
 fi

+# Do the Backup check-repair
+if [ "$BORG_MODE" = "check-repair" ]; then
+    get_start_time
+    echo "Checking the backup integrity and repairing it..."
+
+    # Perform the check-repair
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+        echo "Some errors were found while checking and repairing the backup integrity!"
+        exit 1
+    fi
+
+    # Inform user
+    get_expiration_time
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    exit 0
+fi
+
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -20,7 +20,7 @@ export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes

 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
    exit 1
 fi
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:0.104.2-3
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+FROM clamav/clamav:0.105.1-7

 RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:21.11.5.3.1
+FROM collabora/code:22.05.9.2.1

 USER root

@@ -9,7 +9,10 @@ RUN set -ex; \
    export DEBIAN_FRONTEND=noninteractive; \
    apt-get install -y --no-install-recommends \
        tzdata \
+        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*

 USER 104
+
+HEALTHCHECK CMD nc -z localhost 9980 || exit 1
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,11 +1,12 @@
-FROM alpine:3.15.4
-RUN apk add --update --no-cache lighttpd bash
+FROM alpine:3.16.3
+RUN apk add --update --no-cache lighttpd bash netcat-openbsd

 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
 COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
 RUN chmod +r -R /etc/lighttpd && \
-    chown www-data:www-data -R /var/www
+    chown www-data:www-data -R /var/www && \
+    chown www-data:www-data /etc/lighttpd/lighttpd.conf

 COPY start.sh /
 RUN chmod +x /start.sh
@@ -13,3 +14,5 @@ RUN chmod +x /start.sh
 USER www-data
 RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
--- a/Containers/domaincheck/lighttpd.conf
+++ b/Containers/domaincheck/lighttpd.conf
@@ -13,4 +13,8 @@ mimetype.assign = (
 )

 static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
-index-file.names = ( "index.html" )
+index-file.names = ( "index.html" )
+
+$SERVER["socket"] == "ipv6-placeholder" {
+	server.document-root = "/var/www/domaincheck/" 
+}
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,6 +11,9 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
+echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf
+
 # Check config file
 lighttpd -tt -f /etc/lighttpd/lighttpd.conf

--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -0,0 +1,14 @@
+# Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
+FROM elasticsearch:7.17.8
+
+RUN elasticsearch-plugin install --batch ingest-attachment
+
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -0,0 +1,16 @@
+# From https://github.com/h2non/imaginary/blob/master/Dockerfile
+FROM nextcloud/imaginary:20230101
+
+USER root
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        netcat \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+USER nobody
+
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,11 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:20.10.17-dind-alpine3.16 as dind
+FROM docker:20.10.21-dind-alpine3.16 as dind

 # Caddy is a requirement
-FROM caddy:2.5.1-alpine as caddy
+FROM caddy:2.6.2-alpine as caddy

 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.20-apache-bullseye
+FROM php:8.1.13-apache-bullseye

 EXPOSE 80
 EXPOSE 8080
@@ -37,7 +37,7 @@ COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker

 RUN set -ex; \
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
    docker-php-ext-enable apcu

 RUN set -e && \
@@ -52,7 +52,7 @@ RUN set -e && \
    cd ..; \
    rm -f /usr/local/bin/composer; \
    chmod 770 -R ./; \
-    chown www-data:www-data -R ./; \
+    chown www-data:www-data -R /var/www; \
    rm -r ./php/data; \
    rm -r ./php/session

@@ -76,8 +76,13 @@ RUN rm /etc/apache2/ports.conf; \
    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
    sed -i "/^Listen /d" /etc/apache2/apache2.conf

-RUN a2dissite 000-default && \
+RUN set -ex; \
+    a2dissite 000-default && \
    a2dissite default-ssl && \
+    rm -f /etc/apache2/sites-enabled/000-default.conf && \
+    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
+    rm /etc/apache2/sites-available/000-default.conf && \
+    rm /etc/apache2/sites-available/default-ssl.conf && \
    a2ensite mastercontainer.conf

 RUN mkdir /var/log/supervisord; \
@@ -88,14 +93,20 @@ COPY start.sh /usr/bin/
 COPY backup-time-file-watcher.sh /
 COPY session-deduplicator.sh /
 COPY cron.sh /
+COPY daily-backup.sh /
 COPY supervisord.conf /
+COPY healthcheck.sh /
 RUN chmod +x /usr/bin/start.sh; \
    chmod +x /cron.sh; \
    chmod +x /session-deduplicator.sh; \
    chmod +x /backup-time-file-watcher.sh; \
-    chmod a+r /Caddyfile
+    chmod +x /daily-backup.sh; \
+    chmod a+r /Caddyfile; \
+    chmod +x /healthcheck.sh

 USER root

 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/mastercontainer/backup-time-file-watcher.sh
+++ b/Containers/mastercontainer/backup-time-file-watcher.sh
@@ -10,12 +10,12 @@ file_present() {
        if [ "$FILE_PRESENT" = 0 ]; then
            restart_process
        else
-            if [ -n "$BACKUP_TIME" ] && [ "$(cat "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
+            if [ -n "$BACKUP_TIME" ] && [ "$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")" != "$BACKUP_TIME" ]; then
                restart_process
            fi
        fi
        FILE_PRESENT=1
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
    else
        if [ "$FILE_PRESENT" = 1 ]; then
            restart_process
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -3,18 +3,25 @@
 while true; do
    if [ -f "/mnt/docker-aio-config/data/daily_backup_time" ]; then
        set -x
-        BACKUP_TIME="$(cat "/mnt/docker-aio-config/data/daily_backup_time")"
-        DAILY_BACKUP=1
+        BACKUP_TIME="$(head -1 "/mnt/docker-aio-config/data/daily_backup_time")"
+        export BACKUP_TIME
+        export DAILY_BACKUP=1
+        if [ "$(sed -n '2p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'automaticUpdatesAreNotEnabled' ]; then
+            export AUTOMATIC_UPDATES=1
+        else
+            export AUTOMATIC_UPDATES=0
+            export START_CONTAINERS=1
+        fi
        set +x
+        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+            export LOCK_FILE_PRESENT=1
+        else
+            export LOCK_FILE_PRESENT=0
+        fi
    else
-        BACKUP_TIME="04:00"
-        DAILY_BACKUP=0
-    fi
-
-    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        LOCK_FILE_PRESENT=1
-    else
-        LOCK_FILE_PRESENT=0
+        export BACKUP_TIME="04:00"
+        export DAILY_BACKUP=0
+        export LOCK_FILE_PRESENT=0
    fi

    # Allow to continue directly if e.g. the mastercontainer was updated. Otherwise wait for the next execution
@@ -25,61 +32,7 @@ while true; do
    fi

    if [ "$DAILY_BACKUP" = 1 ]; then
-        echo "Daily backup has started"
-
-        # Delete all active sessions and create a lock file
-        # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
-        if [ "$LOCK_FILE_PRESENT" = 0 ]; then
-            rm -f "/mnt/docker-aio-config/session/"*
-        fi
-        sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-        APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
-            echo "Waiting for apache to become available"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-            echo "Waiting for watchtower to stop"
-            sleep 30
-        done
-        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
-            echo "Waiting for borgbackup to stop"
-            sleep 30
-        done
-
-        # Update the mastercontainer
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
-
-        # Wait for watchtower to stop
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
-            echo "Something seems to be wrong: Watchtower should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
-                echo "Waiting for watchtower to stop"
-                sleep 30
-            done
-        fi
-
-        # Execute the backup itself and some related tasks
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/DailyBackup.php
-
-        # Delete the lock file
-        rm -f "/mnt/docker-aio-config/data/daily_backup_running"
-
-        # Wait for the nextcloud container to start and send if the backup was successful
-        if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
-            echo "Something seems to be wrong: Nextcloud should be started at this step."
-        else
-            while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
-                echo "Waiting for the Nextcloud container to start"
-                sleep 30
-            done
-        fi
-        sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
-
-        echo "Daily backup has finished"
+        bash /daily-backup.sh
    fi

    # Make sure to delete the lock file always
@@ -88,6 +41,9 @@ while true; do
    # Check for updates and send notification if yes
    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php

+    # Check if AIO is outdated
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+
    # Remove sessions older than 24h
    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete

--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+
+echo "Daily backup script has started"
+
+# Daily backup and backup check cannot be run at the same time
+if [ "$DAILY_BACKUP" = 1 ] && [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Daily backup and backup check cannot be run at the same time. Exiting..."
+    exit 1
+fi
+
+# Delete all active sessions and create a lock file
+# But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
+if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+    rm -f "/mnt/docker-aio-config/session/"*
+fi
+sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"
+
+# Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    echo "Waiting for apache to become available"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+    echo "Waiting for watchtower to stop"
+    sleep 30
+done
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-borgbackup$"; do
+    echo "Waiting for borgbackup to stop"
+    sleep 30
+done
+
+# Update the mastercontainer
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting mastercontainer update..." 
+    echo "(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)"
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateMastercontainer.php
+fi
+
+# Wait for watchtower to stop
+if [ "$AUTOMATIC_UPDATES" = 1 ] && ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; then
+    echo "Something seems to be wrong: Watchtower should be started at this step."
+else
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+fi
+
+# Stop containers if required
+# shellcheck disable=SC2235
+if [ "$CHECK_BACKUP" != 1 ] && ([ "$DAILY_BACKUP" != 1 ] || [ "$STOP_CONTAINERS" = 1 ]); then
+    echo "Stopping containers..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StopContainers.php
+fi
+
+# Execute the backup itself and some related tasks (also stops the containers)
+if [ "$DAILY_BACKUP" = 1 ]; then
+    echo "Creating daily backup..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CreateBackup.php
+fi
+
+# Execute backup check
+if [ "$CHECK_BACKUP" = 1 ]; then
+    echo "Starting backup check..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckBackup.php
+fi
+
+# Start and/or update containers
+if [ "$AUTOMATIC_UPDATES" = 1 ]; then
+    echo "Starting and updating containers..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartAndUpdateContainers.php
+else
+    if [ "$START_CONTAINERS" = 1 ]; then
+        echo "Starting containers without updating them..."
+        sudo -u www-data php /var/www/docker-aio/php/src/Cron/StartContainers.php
+    fi
+fi
+
+# Delete the lock file
+rm -f "/mnt/docker-aio-config/data/daily_backup_running"
+
+# Send backup notification
+# shellcheck disable=SC2235
+if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAINERS" = 1 ]); then
+    # Wait for the nextcloud container to start and send if the backup was successful
+    if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
+        echo "Something seems to be wrong: Nextcloud should be started at this step."
+    else
+        while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$" && ! nc -z nextcloud-aio-nextcloud 9000; do
+            echo "Waiting for the Nextcloud container to start"
+            sleep 30
+            if [ "$(docker inspect nextcloud-aio-nextcloud --format "{{.State.Restarting}}")" = "true" ]; then
+                echo "Nextcloud container restarting. Skipping this check!"
+                break
+            fi
+        done
+    fi
+    echo "Sending backup notification..."
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+fi
+
+echo "Daily backup script has finished"
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
+    nc -z localhost 8080 || exit 1
+fi
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,9 +1,6 @@
 Listen 8000
 Listen 8080

-CustomLog ${APACHE_LOG_DIR}/access.log combined
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
 # Deny access to .ht files
 <Files ".ht*">
    Require all denied
@@ -11,6 +8,8 @@ ErrorLog ${APACHE_LOG_DIR}/error.log

 # Http host
 <VirtualHost *:8000>
+    ServerName localhost
+
    # PHP match
    <FilesMatch "\.php$">
        SetHandler application/x-httpd-php
--- a/Containers/mastercontainer/session-deduplicator.sh
+++ b/Containers/mastercontainer/session-deduplicator.sh
@@ -1,23 +1,22 @@
 #!/bin/bash

+deduplicate_sessions() {
+    echo "Deleting duplicate sessions"
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep -qv "$NEW_SESSION_TIME" {} \; -delete
+}
+
+compare_times() {
+    if [ -f "/mnt/docker-aio-config/data/session_date_file" ]; then
+        unset NEW_SESSION_TIME
+        NEW_SESSION_TIME="$(cat "/mnt/docker-aio-config/data/session_date_file")"
+        if [ -n "$NEW_SESSION_TIME" ] && [ -n "$OLD_SESSION_TIME" ] && [ "$NEW_SESSION_TIME" != "$OLD_SESSION_TIME" ]; then
+            deduplicate_sessions
+        fi
+        OLD_SESSION_TIME="$NEW_SESSION_TIME"
+    fi
+}
+
 while true; do
-    while [ "$(find "/mnt/docker-aio-config/session/" -mindepth 1 -exec grep "aio_authenticated|[a-z]:1" {} \; | wc -l)" -gt 1 ]; do
-        unset SESSION_FILES
-        SESSION_FILES="$(find "/mnt/docker-aio-config/session/" -mindepth 1)"
-        unset SESSION_FILES_ARRAY
-        mapfile -t SESSION_FILES_ARRAY <<< "$SESSION_FILES"
-        for SESSION_FILE in "${SESSION_FILES_ARRAY[@]}"; do
-            if ! grep -q "aio_authenticated|[a-z]:1" "$SESSION_FILE"; then
-                rm "$SESSION_FILE"
-            fi
-        done
-        echo "Deleting duplicate sessions"
-        unset OLDEST_FILE
-        set -x
-        # shellcheck disable=SC2012
-        OLDEST_FILE="$(ls -t "/mnt/docker-aio-config/session/" | tail -1)"
-        rm "/mnt/docker-aio-config/session/$OLDEST_FILE"
-        set +x
-    done
-    sleep 5
+    compare_times
+    sleep 2
 done
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -65,6 +65,17 @@ else
    sleep 10
 fi

+# Check Storage drivers
+STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
+# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
+if echo "$STORAGE_DRIVER" | grep -q vfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+fi
+
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
    echo "It seems like you did not give the mastercontainer the correct name?
@@ -104,6 +115,30 @@ if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
        exit 1
    fi
 fi
+if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
+    if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
+        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+The string must start with a number and end with 'G'.
+It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
+    if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
+        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+The string must be a number. E.g. '3600'.
+It is set to '$NEXTCLOUD_MAX_TIME'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
+    if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
+        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+The string must start with a number and end with 'M'.
+It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
+        exit 1
+    fi
+fi
 if [ -n "$APACHE_PORT" ]; then
    if ! check_if_number "$APACHE_PORT"; then
        echo "You provided an Apache port but did not only use numbers.
@@ -114,6 +149,29 @@ It is set to '$APACHE_PORT'."
        exit 1
    fi
 fi
+if [ -n "$APACHE_IP_BINDING" ]; then
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+It is set to '$APACHE_IP_BINDING'."
+        exit 1
+    fi
+fi
+if [ -n "$TALK_PORT" ]; then
+    if ! check_if_number "$TALK_PORT"; then
+        echo "You provided an Talk port but did not only use numbers.
+It is set to '$TALK_PORT'."
+        exit 1
+    elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
+        echo "The provided Talk port is invalid. It must be between 1 and 65535"
+        exit 1
+    fi
+fi
+if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
+    if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
+        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        exit 1
+    fi
+fi
 if [ -n "$DOCKER_SOCKET_PATH" ]; then
    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
@@ -122,6 +180,38 @@ It is set to '$DOCKER_SOCKET_PATH'."
        exit 1
    fi
 fi
+if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
+It should be an absolute path to a directory that starts with '/' but not end with '/'.
+It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_STARTUP_APPS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
+        exit 1
+    fi
+fi

 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
@@ -181,7 +271,10 @@ print_green "Initial startup of Nextcloud All In One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080

-If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatially by opening the Nextcloud AIO Interface via:
+If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"

+# Set the timezone to UTC
+export TZ=UTC
+
 exec "$@"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -1,26 +1,28 @@
 [supervisord]
 nodaemon=true
-nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           
 logfile_backups=10                 
 loglevel=error
+user=root

 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apache2-foreground
+user=root

 [program:caddy]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=sudo -u www-data /usr/bin/caddy run -config /Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
+user=www-data

 [program:cron]
 stdout_logfile=/dev/stdout
@@ -35,6 +37,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/backup-time-file-watcher.sh
+user=root

 [program:session-deduplicator]
 stdout_logfile=/dev/stdout
@@ -42,3 +45,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
+user=root
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.20-fpm-alpine3.15
+FROM php:8.0.26-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
@@ -38,9 +39,18 @@ RUN set -ex; \
        openldap-dev \
        pcre-dev \
        postgresql-dev \
-        imagemagick-dev \
        libwebp-dev \
        gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
    ; \
    \
    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -53,14 +63,13 @@ RUN set -ex; \
        ldap \
        opcache \
        pcntl \
-        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
    pecl install memcached-3.2.0; \
    pecl install redis-5.3.7; \
    pecl install imagick-3.7.0; \
@@ -69,7 +78,6 @@ RUN set -ex; \
        apcu \
        memcached \
        redis \
-        imagick \
    ; \
    rm -r /tmp/pear; \
    \
@@ -96,6 +104,8 @@ RUN { \
        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
+        echo 'max_execution_time=${PHP_MAX_TIME}'; \
+        echo 'max_input_time=${PHP_MAX_TIME}'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
    mkdir /var/www/data; \
@@ -104,8 +114,7 @@ RUN { \

 VOLUME /var/www/html

-
-ENV NEXTCLOUD_VERSION 23.0.6
+ENV NEXTCLOUD_VERSION 25.0.2

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -124,7 +133,6 @@ RUN set -ex; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
@@ -142,7 +150,6 @@ RUN set -ex; \
    \
    apk add --no-cache \
        ffmpeg \
-        imagemagick \
        procps \
        samba-client \
        supervisor \
@@ -199,15 +206,25 @@ RUN set -ex; \
        git \
        postgresql-client \
        tzdata \
+        mawk \
+        sudo \
+        grep \
+        coreutils \
+        gcompat \
+        libjpeg \
+        librsvg \
+        libheif \
    ; \
    rm -rf /var/lib/apt/lists/*

 RUN set -ex; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_children =.*/pm.max_children = 100/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.start_servers =.*/pm.start_servers = 25/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 25/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 75/' /usr/local/etc/php-fpm.d/www.conf
+    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf

 RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
@@ -220,20 +237,21 @@ RUN set -ex; \
 RUN set -ex; \
    chown www-data:root -R /usr/src && \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
-    chown www-data:root -R /var/log/supervisord/ && \
-    chown www-data:root -R /var/run/supervisord/ && \
+    chown www-data:root -R /usr/local/etc/php-fpm.d && \
    rm -r /usr/src/nextcloud/apps/updatenotification

 COPY start.sh /
 COPY notify.sh /
+COPY notify-all.sh /
 RUN set -ex; \
    chmod +x /start.sh && \
-    chmod +r /supervisord.conf && \
    chmod +x /entrypoint.sh && \
    chmod +r /upgrade.exclude && \
    chmod +x /cron.sh && \
    chmod +x /notify.sh && \
-    chmod +x /activate-collabora.sh
+    chmod +x /notify-all.sh && \
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh

 RUN set -ex; \
    mkdir /mnt/ncdata; \
@@ -244,5 +262,7 @@ VOLUME /mnt/ncdata
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-USER www-data
+USER root
 ENTRYPOINT ["/start.sh"]
+
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
--- a/Containers/nextcloud/activate-collabora.sh
+++ b/Containers/nextcloud/activate-collabora.sh
@@ -1,20 +1,13 @@
 #!/bin/bash

-COLLABORA_ACTIVATED=0
-
-while true; do
-    if [ "$COLLABORA_ENABLED" != yes ]; then
-        # Basically sleep for forever if collabora is not enabled
-        sleep 365d
-    fi
-    if [ "$COLLABORA_ACTIVATED" != 0 ]; then
-        # Basically sleep for forever if collabora was activated
-        sleep 365d
-    fi
-    while ! nc -z "$NC_DOMAIN" 443; do
-        sleep 5
-    done
-    echo "Activating collabora config"
-    php /var/www/html/occ richdocuments:activate-config
-    COLLABORA_ACTIVATED=1
+if [ "$COLLABORA_ENABLED" != yes ]; then
+    # Basically sleep for forever if collabora is not enabled
+    sleep inf
+fi
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
 done
+sleep 10
+echo "Activating collabora config..."
+php /var/www/html/occ richdocuments:activate-config
+sleep inf
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -0,0 +1,27 @@
+<?php
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => array(
+      'class' => '\OC\Files\ObjectStore\S3',
+      'arguments' => array(
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+        'key' => getenv('OBJECTSTORE_S3_KEY') ?: '',
+        'secret' => getenv('OBJECTSTORE_S3_SECRET') ?: '',
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        // required for some non Amazon S3 implementations
+        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        // required for older protocol versions
+        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+      )
+    )
+  );
+} 
--- a/Containers/nextcloud/config/swift.config.php
+++ b/Containers/nextcloud/config/swift.config.php
@@ -0,0 +1,31 @@
+<?php
+if (getenv('OBJECTSTORE_SWIFT_URL')) {
+    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => [
+      'class' => 'OC\\Files\\ObjectStore\\Swift',
+      'arguments' => [
+        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
+        'user' => [
+          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
+          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
+          'domain' => [
+            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
+          ],
+        ],
+        'scope' => [
+          'project' => [
+            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
+            'domain' => [
+              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
+            ],
+          ],
+        ],
+        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
+        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
+        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
+        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
+      ]
+    ]
+  );
+}
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -10,7 +10,7 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }

-echo "Configuring Redis as session handler"
+echo "Configuring Redis as session handler..."
 cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
 session.save_handler = redis
 session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
@@ -21,14 +21,28 @@ redis.session.lock_retries = -1
 redis.session.lock_wait_time = 10000
 REDIS_CONF

+echo "Setting php max children..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+PHP_MAX_CHILDREN=$((MEMORY/50))
+if [ -n "$PHP_MAX_CHILDREN" ]; then
+    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
+fi
+
 # Check permissions in ncdata
-touch "/mnt/ncdata/this-is-a-test-file"
-if ! [ -f "/mnt/ncdata/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in /mnt/ncdata.
-Did you maybe change the datadir and did forget to apply the correct permissions?"
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    echo "The www-data user doesn't seem to have access rights in the datadir.
+Most likely are the files located on a drive that does not follow linux permissions.
+Please adjust the permissions like mentioned below.
+The found permissions are:
+$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
+(userID:groupID permissions)
+but they should be:
+33:0 750
+(userID:groupID permissions)"
    exit 1
 fi
-rm "/mnt/ncdata/this-is-a-test-file"
+rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"

 if [ -f /var/www/html/version.php ]; then
    # shellcheck disable=SC2016
@@ -57,12 +71,35 @@ if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versio
    exit 1
 fi

+# Do not start the container if the last update failed
+if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
+    echo "The last Nextcloud update failed."
+    echo "Please restore from backup and try again!"
+    echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
+    exit 1
+fi
+
+# Do not start the container if the install failed
+if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
+    echo "The initial Nextcloud installation failed."
+    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
+    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
-if ! [ -f "/mnt/ncdata/skip.update" ]; then
+if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
    if version_greater "$image_version" "$installed_version"; then
        # Check if it skips a major version
        INSTALLED_MAJOR="${installed_version%%.*}"
        IMAGE_MAJOR="${image_version%%.*}"
+        
+        if [ "$installed_version" != "0.0.0.0" ]; then
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/update.log")
+            exec 2>&1
+        fi
+
        if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
            set -ex
            NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
@@ -77,7 +114,6 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/
            gpgconf --kill all
            rm nextcloud.tar.bz2.asc nextcloud.tar.bz2
-            rm -rf "$GNUPGHOME" /usr/src/tmp/nextcloud/updater
            mkdir -p /usr/src/tmp/nextcloud/data
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
@@ -111,7 +147,19 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            php /var/www/html/occ maintenance:mode --off

            echo "Getting and backing up the status of apps for later, this might take a while..."
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
+            if [ -z "$NC_APPS" ]; then
+                echo "No apps detected, aborting export of app status..."
+                APPSTORAGE="no-export-done"
+            else
+                mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
+                declare -Ag APPSTORAGE
+                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                for app in "${NC_APPS_ARRAY[@]}"; do
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
+                done
+            fi

            if [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -eq 1 ]; then
                php /var/www/html/occ config:system:delete app_install_overwrite
@@ -120,8 +168,11 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            php /var/www/html/occ app:update --all

            # Fix removing the updatenotification for old instances
+            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
            if [ -d "/var/www/html/apps/updatenotification" ]; then
                php /var/www/html/occ app:disable updatenotification
+            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
+                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
            fi
        fi

@@ -133,6 +184,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"

@@ -159,12 +211,16 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            done
            if [ "$try" -gt "$max_retries" ]; then
                echo "installing of nextcloud failed!"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
                exit 1
            fi

            # unset admin password
            unset ADMIN_PASSWORD

+            # Post Install logs: For questions like https://help.nextcloud.com/t/nextcloud-aio-error-could-not-get-appdata-folder-after-container-has-already-written-data-in-it/151122/5
+            echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
@@ -204,21 +260,28 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
            # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"

            # Install some apps by default
-            php /var/www/html/occ app:install twofactor_totp
-            php /var/www/html/occ app:install deck
-            php /var/www/html/occ app:install tasks
-            php /var/www/html/occ app:install calendar
-            php /var/www/html/occ app:install contacts
-            php /var/www/html/occ app:install apporder
+            if [ -n "$STARTUP_APPS" ]; then
+                read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
+                for app in "${STARTUP_APPS_ARRAY[@]}"; do
+                    if ! echo "$app" | grep -q '^-'; then 
+                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                            # If not shipped, install and enable the app
+                            php /var/www/html/occ app:install "$app"
+                        else
+                            # If shipped, enable the app
+                            php /var/www/html/occ app:enable "$app"
+                        fi
+                    else
+                        app="${app#-}"
+                        # Disable the app if '-' was provided in front of the appid
+                        php /var/www/html/occ app:disable "$app"
+                    fi
+                done
+            fi

        #upgrade
        else
-            while [ -n "$(pgrep -f cron.php)" ]
-            do
-                echo "Waiting for Nextclouds cronjob to finish..."
-                sleep 5
-            done
-
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
            echo "Upgrading nextcloud from $installed_version to $image_version..."
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
@@ -226,12 +289,38 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
                exit 1
            fi

+            rm "$NEXTCLOUD_DATA_DIR/update.failed"
            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."

-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-            echo "The following apps have been disabled:"
-            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-            rm -f /tmp/list_before /tmp/list_after
+            php /var/www/html/occ app:update --all
+
+            # Restore app status
+            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
+                echo "Restoring the status of apps. This can take a while..."
+                for app in "${!APPSTORAGE[@]}"; do
+                    if [ -n "${APPSTORAGE[$app]}" ]; then
+                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
+                            echo "Enabling $app..."
+                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                if [ "$app" = apporder ]; then
+                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
+                                else
+                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                fi
+                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                continue
+                            fi
+                            # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
+                            if [ "${APPSTORAGE[$app]}" != "yes" ]; then
+                                php /var/www/html/occ config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                            fi
+                        fi
+                    fi
+                done
+            fi
+
+            php /var/www/html/occ app:update --all

            # Apply optimization
            echo "Doing some optimizations..."
@@ -245,32 +334,48 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
        fi
    fi

-    # Performing update of all apps if daily backups are enabled, running and successful
-    if [ "$DAILY_BACKUP_RUNNING" = 'yes' ]; then
+    # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
+    if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
        if [ -n "$UPDATED_APPS" ]; then
             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
        fi
    fi
+else
+    SKIP_UPDATE=1
 fi

 # Check if appdata is present
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
-if [ -z "$(find "/mnt/ncdata/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+    echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+    echo "In the datadir was found:"
+    ls -la "$NEXTCLOUD_DATA_DIR/"
    exit 1
 fi

+# Configure tempdirectory
+if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
+    if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
+    fi
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
+fi
+
 # Perform fingerprint update if instance was restored
-if [ -f "/mnt/ncdata/fingerprint.update" ]; then
+if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
    php /var/www/html/occ maintenance:data-fingerprint
-    rm "/mnt/ncdata/fingerprint.update"
+    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi

 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
+php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
+php /var/www/html/occ app:enable support

 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
@@ -303,7 +408,7 @@ if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
    php /var/www/html/occ app:install notify_push
 elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; then
    php /var/www/html/occ app:enable notify_push
-else
+elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
 fi
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
@@ -316,15 +421,52 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install richdocuments
    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
        php /var/www/html/occ app:enable richdocuments
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update richdocuments
    fi
    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
    # Fix https://github.com/nextcloud/all-in-one/issues/188:
    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
+    # Make collabora more save
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
+    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv4_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv4_ADDRESS"
+            fi
+        fi
+    else
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv6_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv6_ADDRESS"
+            fi
+        fi
+    else
+        echo "No ipv6-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
+        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
+    else
+        echo "Warning: wopi_allowlist is empty which should not be the case!"
+    fi
 else
    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
-        php /var/www/html/occ config:system:delete allow_local_remote_servers
        php /var/www/html/occ app:remove richdocuments
    fi
 fi
@@ -339,12 +481,15 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install onlyoffice
    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
        php /var/www/html/occ app:enable onlyoffice
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update onlyoffice
    fi
+    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove onlyoffice
    fi
 fi
@@ -355,15 +500,20 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
        php /var/www/html/occ app:enable spreed
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update spreed
    fi
-    STUN_SERVERS="[\"$NC_DOMAIN:3478\"]"
-    TURN_SERVERS="[{\"server\":\"$NC_DOMAIN:3478\",\"secret\":\"$TURN_SECRET\",\"protocols\":\"udp,tcp\"}]"
-    SIGNALING_SERVERS="{\"servers\":[{\"server\":\"https://$NC_DOMAIN/standalone-signaling/\",\"verify\":true}],\"secret\":\"$SIGNALING_SECRET\"}"
-    php /var/www/html/occ config:app:set spreed stun_servers --value="$STUN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed turn_servers --value="$TURN_SERVERS" --output json
-    php /var/www/html/occ config:app:set spreed signaling_servers --value="$SIGNALING_SERVERS" --output json
+    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
+    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+    fi
+    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
+    fi
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
+    fi
 else
    if [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:remove spreed
@@ -380,7 +530,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:install files_antivirus
    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
        php /var/www/html/occ app:enable files_antivirus
-    else
+    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update files_antivirus
    fi
    php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
@@ -395,5 +545,70 @@ else
    fi
 fi

+# Imaginary
+if version_greater "$installed_version" "24.0.0.0"; then
+    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    else
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+        php /var/www/html/occ config:system:delete preview_imaginary_url
+    fi
+fi
+
+# Fulltextsearch
+if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
+    while ! nc -z "$FULLTEXTSEARCH_HOST" 9200; do
+        echo "waiting for Fulltextsearch to become available..."
+        sleep 5
+    done
+    if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:install fulltextsearch
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable fulltextsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update fulltextsearch
+    fi    
+    if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:install fulltextsearch_elasticsearch
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable fulltextsearch_elasticsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update fulltextsearch_elasticsearch
+    fi    
+    if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:install files_fulltextsearch
+    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" = "no" ]; then
+        php /var/www/html/occ app:enable files_fulltextsearch
+    elif [ "$SKIP_UPDATE" != 1 ]; then
+        php /var/www/html/occ app:update files_fulltextsearch
+    fi
+    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
+
+    # Do the index
+    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
+        echo "Waiting 10s before activating FTS..."
+        sleep 10
+        echo "Activating fulltextsearch..."
+        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
+            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
+        else
+            echo "Fulltextsearch failed. Could not index."
+        fi
+    fi
+else
+    if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch
+    fi
+    if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch_elasticsearch
+    fi
+    if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:remove files_fulltextsearch
+    fi
+fi
+
 # Remove the update skip file always
-rm -f /mnt/ncdata/skip.update
+rm -f "$NEXTCLOUD_DATA_DIR"/skip.update
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nc -z "$POSTGRES_HOST" 5432 || exit 0
+
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
+    exit 1
+fi
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
+SUBJECT="$1"
+MESSAGE="$2"
+
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
+    echo "Cannot send notification as notification app is not enabled."
+    exit 1
+fi
+
+echo "Posting notifications to all users..."
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
+mapfile -t NC_USERS <<< "$NC_USERS"
+for user in "${NC_USERS[@]}"
+do
+    echo "Posting '$SUBJECT' to: $user"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+done
+
+echo "Done!"
+exit 0
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -1,19 +1,25 @@
 #!/bin/bash

+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
 SUBJECT="$1"
 MESSAGE="$2"

-if [ "$(php /var/www/html/occ config:app:get notifications enabled)" = "no" ]; then
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
    echo "Cannot send notification as notification app is not enabled."
    exit 1
 fi

 echo "Posting notifications to users that are admins..."
-NC_USERS=$(php /var/www/html/occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
 mapfile -t NC_USERS <<< "$NC_USERS"
 for user in "${NC_USERS[@]}"
 do
-    if php /var/www/html/occ user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
+    if "${COMMAND[@]}" user:info "$user" | cut -d "-" -f2 | grep -x -q " admin"
    then
        NC_ADMIN_USER+=("$user")
    fi
@@ -22,7 +28,7 @@ done
 for admin in "${NC_ADMIN_USER[@]}"
 do
    echo "Posting '$SUBJECT' to: $admin"
-    php /var/www/html/occ notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
 done

 echo "Done!"
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,7 +1,7 @@
 #!/bin/bash

 # Only start container if database is accessible
-while ! nc -z "$POSTGRES_HOST" 5432; do
+while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
    echo "Waiting for database to start..."
    sleep 5
 done
@@ -11,13 +11,122 @@ POSTGRES_USER="oc_$POSTGRES_USER"
 export POSTGRES_USER

 # Fix false database connection on old instances
-if [ -f "/var/www/html/config/config.php" ] && sleep 2 && psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; then
-    sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+if [ -f "/var/www/html/config/config.php" ]; then
+    sleep 2
+    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
+        echo "Waiting for the database to start..."
+        sleep 5
+    done
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    fi
+fi
+
+# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"
+    update-ca-certificates
+fi
+
+# Check if /dev/dri device is present and apply correct permissions
+set -x
+if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    GID="$(stat -c "%g" /dev/dri/renderD128)"
+    groupadd -g "$GID" render2 || true # sometimes this is needed
+    GROUP="$(getent group "$GID" | cut -d: -f1)"
+    usermod -aG "$GROUP" www-data
+    touch "/dev-dri-group-was-added"
+fi
+set +x
+
+# Check datadir permissions
+sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    chown -R www-data:root "$NEXTCLOUD_DATA_DIR"
+    chmod 750 -R "$NEXTCLOUD_DATA_DIR"
+fi
+sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+
+# Install additional dependencies
+if [ -n "$ADDITIONAL_APKS" ]; then
+    if ! [ -f "/additional-apks-are-installed" ]; then
+        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
+        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
+            echo "Installing $app via apk..."
+            if ! apk add --no-cache "$app" >/dev/null; then
+                echo "The packet $app was not installed!"
+            fi
+        done
+    fi
+    touch /additional-apks-are-installed
+fi
+
+# Install additional php extensions
+if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
+        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                echo "Enabling Imagick..."
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+                continue
+            fi
+            # shellcheck disable=SC2086
+            if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
+                echo "Installing PHP build dependencies..."
+                    if ! apk add --no-cache --virtual .build-deps \
+                        libxml2-dev \
+                        autoconf \
+                        $PHPIZE_DEPS >/dev/null; then
+                    echo "Could not install build-deps!"
+                fi
+                PHP_DEPS_ARE_INSTALLED=1
+            fi
+            if [ "$app" = inotify ]; then
+                echo "Installing $app via PECL..."
+                pecl install "$app" >/dev/null
+                if ! docker-php-ext-enable "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            elif [ "$app" = soap ]; then
+                echo "Installing $app from core..."
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            else
+                echo "Installing PHP extension $app ..."
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install $app from core. Trying to install from PECL..."
+                    pecl install "$app" >/dev/null
+                    if ! docker-php-ext-enable "$app" >/dev/null; then
+                        echo "Could also not install $app from PECL. The PHP extensions was not installed!"
+                    fi
+                fi
+            fi
+        done
+        if [ "$PHP_DEPS_ARE_INSTALLED" = 1 ]; then
+            rm -rf /tmp/pear
+            runDeps="$( \
+                scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+                    | tr ',' '\n' \
+                    | sort -u \
+                    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+            )";
+            # shellcheck disable=SC2086
+            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk del .build-deps >/dev/null
+        fi
+    fi
+    touch /additional-php-extensions-are-installed
 fi

 # Run original entrypoint
-if ! bash /entrypoint.sh; then
+if ! sudo -E -u www-data bash /entrypoint.sh; then
    exit 1
 fi

--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -7,6 +7,7 @@ childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
+user=root

 [program:php-fpm]
 stdout_logfile=/dev/stdout
@@ -14,6 +15,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
+user=root

 [program:cron]
 stdout_logfile=/dev/stdout
@@ -21,6 +23,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
+user=www-data

 [program:notify-push]
 stdout_logfile=/dev/stdout
@@ -28,6 +31,7 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
+user=www-data

 [program:activate-collabora]
 stdout_logfile=/dev/stdout
@@ -35,3 +39,4 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/activate-collabora.sh
+user=www-data
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,2 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.1.1.23
+FROM onlyoffice/documentserver:7.2.2.56
+
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
-# From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.3-alpine3.15
+# From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
+FROM postgres:14.6-alpine

-RUN apk add --update --no-cache bash openssl shadow netcat-openbsd
+RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk

 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
@@ -17,9 +17,12 @@ RUN set -ex; \
    chown -R postgres:postgres "$PGDATA"

 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh

 RUN mkdir /mnt/data; \
    chown postgres:postgres /mnt/data;
@@ -31,3 +34,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER postgres
 ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD healthcheck.sh
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+test -f "/mnt/data/backup-is-running" && exit 0
+
+psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,9 +1,13 @@
 #!/bin/bash
 set -ex

+touch "$DUMP_DIR/initialization.failed"
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL

+rm "$DUMP_DIR/initialization.failed"
+
 set +ex
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -2,13 +2,15 @@

 # Variables
 DATADIR="/var/lib/postgresql/data"
-DUMP_DIR="/mnt/data"
+export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"

 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
    echo "Waiting for backup container to finish..."
+    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file which is by default stored here:"
+    echo "/var/lib/docker/volumes/nextcloud_aio_database_dump/_data/backup-is-running"
    sleep 10
 done

@@ -18,6 +20,23 @@ if ! [ -w "$DUMP_DIR" ]; then
    exit 1
 fi

+# Don't start if import failed
+if [ -f "$DUMP_DIR/import.failed" ]; then
+    echo "The database import failed. Please restore a backup and try again."
+    echo "For further clues on what went wrong, look at the logs above."
+    exit 1
+fi
+
+# Don't start if initialization failed
+if [ -f "$DUMP_DIR/initialization.failed" ]; then
+    echo "The database initialization failed. Most likely was a wrong timezone selected."
+    echo "The selected timezone is '$TZ'." 
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "For further clues on what went wrong, look at the logs above."
+    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
    set -ex
@@ -39,13 +58,20 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
    # If database export was unsuccessful, skip update 
    if [ -f "$DUMP_DIR/export.failed" ]; then
        echo "Database export failed the last time. Most likely was the export time not high enough."
-        echo "Plese report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

+    # Write output to logfile.
+    exec > >(tee -i "$DUMP_DIR/database-import.log")
+    exec 2>&1
+
    # Inform
    echo "Restoring from database dump."

+    # Add import.failed file
+    touch "$DUMP_DIR/import.failed"
+
    # Exit if any command fails
    set -ex

@@ -64,12 +90,26 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
        sleep 5
    done

-    # Set correct permissions
-    if grep -q "Owner: oc_admin" "$DUMP_FILE" && ! grep -q "Owner: oc_$POSTGRES_USER" "$DUMP_FILE"; then
-        OC_ADMIN_EXISTS=1
+    # Check if the line we grep for later on is there
+    GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
+    if ! grep -q "$GREP_STRING" "$DUMP_FILE"; then
+        echo "The needed oc_appconfig line is not there which is unexpected."
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
+        exit 1
+    fi
+
+    # Get the Owner
+    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
+        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
+        echo "It is not possible to import a database dump from this database owner."
+        echo "However you might rename the owner in the dumpfile to something else."
+        exit 1
+    elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+        DIFFERENT_DB_OWNER=1
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-            CREATE USER oc_admin WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
-            ALTER DATABASE "$POSTGRES_DB" OWNER TO oc_admin;
+            CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
+            ALTER DATABASE "$POSTGRES_DB" OWNER TO "$DB_OWNER";
 EOSQL
    fi

@@ -78,10 +118,10 @@ EOSQL
    psql "$POSTGRES_DB" -U "$POSTGRES_USER" < "$DUMP_FILE"

    # Correct permissions
-    if [ -n "$OC_ADMIN_EXISTS" ]; then
+    if [ -n "$DIFFERENT_DB_OWNER" ]; then
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
            ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
-            REASSIGN OWNED BY oc_admin TO "oc_$POSTGRES_USER";
+            REASSIGN OWNED BY "$DB_OWNER" TO "oc_$POSTGRES_USER";
 EOSQL
    fi

@@ -93,6 +133,9 @@ EOSQL

    # Don't exit if command fails anymore
    set +ex
+
+    # Remove import failed file if everything went correctly
+    rm "$DUMP_DIR/import.failed"
 fi

 # Cover the last case
@@ -101,6 +144,13 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
    rm -rf "${DATADIR:?}/"*
 fi

+echo "Setting max connections..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MAX_CONNECTIONS=$((MEMORY/50+3))
+if [ -n "$MAX_CONNECTIONS" ]; then
+    sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
+fi
+
 # Catch docker stop attempts
 trap 'true' SIGINT SIGTERM

--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.7-alpine
+FROM redis:6.2.8-alpine

 RUN apk add --update --no-cache openssl bash

@@ -11,3 +11,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER redis
 ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,6 +1,4 @@
-FROM ubuntu:focal-20220531
-
-EXPOSE 3478
+FROM ubuntu:focal-20221130

 RUN set -ex; \
    \
@@ -11,6 +9,7 @@ RUN set -ex; \
        supervisor \
        curl \
        ca-certificates \
+        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -54,15 +53,22 @@ RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.c

 RUN mkdir -p /etc/nats; \
    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    mkdir /var/lib/turn; \
    chown talk:talk /etc; \
    chown talk:talk -R /etc/nats; \
    chown talk:talk -R /etc/janus; \
    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr
+    chown talk:talk -R /usr; \
+    chown talk:talk -R /var/lib/turn;

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd

+# Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
+ENV TALK_PORT=3478
+
 USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -11,24 +11,27 @@ elif [ -z "$JANUS_API_KEY" ]; then
    echo "You need to provide the JANUS_API_KEY."
    exit 1
 elif [ -z "$SIGNALING_SECRET" ]; then
-    echo "You need to provide the JANUS_API_KEY."
+    echo "You need to provide the SIGNALING_SECRET."
    exit 1
 fi

-# Turn
+# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
 cat << TURN_CONF > "/etc/turnserver.conf"
-listening-port=3478
+listening-port=$TALK_PORT
 fingerprint
 lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN
-total-quota=100
+total-quota=0
 bps-capacity=0
 stale-nonce
 no-multicast-peers
 simple-log
 pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
 TURN_CONF

 # Janus
@@ -36,13 +39,15 @@ set -x
 sed -i "s|#turn_rest_api_key.*|turn_rest_api_key = \"$JANUS_API_KEY\"|" /etc/janus/janus.jcfg
 sed -i "s|#full_trickle.*|full_trickle = true|g" /etc/janus/janus.jcfg
 sed -i 's|#stun_server.*|stun_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
-sed -i "s|#stun_port.*|stun_port = 3478|g" /etc/janus/janus.jcfg
-sed -i "s|#turn_port.*|turn_port = 3478|g" /etc/janus/janus.jcfg
-sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g'/etc/janus/janus.jcfg
+sed -i "s|#stun_port.*|stun_port = $TALK_PORT|g" /etc/janus/janus.jcfg
+sed -i "s|#turn_port.*|turn_port = $TALK_PORT|g" /etc/janus/janus.jcfg
+sed -i 's|#turn_server.*|turn_server = "127.0.0.1"|g' /etc/janus/janus.jcfg
 sed -i 's|#turn_type .*|turn_type = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#ice_ignore_list .*|ice_ignore_list = "udp"|g' /etc/janus/janus.jcfg
 sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
 sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
+sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
+sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
 set +x

 # Signling
@@ -80,7 +85,7 @@ url = ws://127.0.0.1:8188
 [turn]
 apikey = ${JANUS_API_KEY}
 secret = ${TURN_SECRET}
-servers = turn:$NC_DOMAIN:3478?transport=tcp,turn:$NC_DOMAIN:3478?transport=udp
+servers = turn:$NC_DOMAIN:$TALK_PORT?transport=tcp,turn:$NC_DOMAIN:$TALK_PORT?transport=udp
 SIGNALING_CONF

 exec "$@"
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -27,11 +27,11 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --daemon --log-stdout
+command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout

 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling -config /etc/signaling/server.conf
+command=signaling --config /etc/signaling/server.conf
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.4.0 as watchtower
+FROM containrrr/watchtower:1.5.1 as watchtower

-FROM alpine:3.15.4
+FROM alpine:3.16.3

 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -10,7 +10,7 @@ elif ! test -r /var/run/docker.sock; then
 fi

 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
 else
    echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
    exit 1
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
-	<version>0.1.0</version>
+	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="22" max-version="23"/>
+		<nextcloud min-version="24" max-version="25"/>
 	</dependencies>

 	<settings>
--- a/develop.md
+++ b/develop.md
@@ -1,12 +1,13 @@
 ## Developer channel
 If you want to switch to the develop channel, you simply stop and delete the mastercontainer and create a new one with a changed tag to develop:
 ```shell
-sudo docker run -it \
+sudo docker run \
+--sig-proxy=false \
 --name nextcloud-aio-mastercontainer \
 --restart always \
-p 80:80 \
-p 8080:8080 \
-p 8443:8443 \
+--publish 80:80 \
+--publish 8080:8080 \
+--publish 8443:8443 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
 nextcloud/all-in-one:develop
@@ -18,18 +19,19 @@ It will now also select the developer channel for all other containers automatic
 Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.

 ## How to build new containers
-
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.

-## How to promote builds from develop to beta
+## How to test things correctly?
+There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.

+## How to promote builds from develop to beta
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.

+## Where to find the VPS and other builds?
+This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/main/.build
+
 ## How to promote builds from beta to latest

 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
-
-## Where to find the VPS and other builds?
-This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/main/.build
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,16 +11,28 @@ services:
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
    ports:
      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
    # environment: # Is needed when using any of the options below
      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+      # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.

  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -3,10 +3,12 @@
 You can run AIO with docker rootless by following the steps below.

 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
-1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages**. Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/. The daemon.json file is most likely stored in `~/.config/docker/daemon.json`.
 1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
+1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.

-**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. For changing Nextcloud's datadir, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). This logically also applies to the NEXTCLOUD_MOUNT option.
+**Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
--- a/local-instance.md
+++ b/local-instance.md
@@ -0,0 +1,19 @@
+# Local instance
+It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. However AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
+
+## 1. The recommended way
+The recommended way is the following:
+1. Set up your domain correctly to point to your home network
+1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
+
+## 2. Use the ACME DNS-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+
+## 3. Use Cloudflare
+If you do not have any contol over the network, you may think about using Cloudflare Argo Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-argo-tunnel how to set this up.
+
+## 4. Buy a certificate and use that
+If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -1,136 +0,0 @@
-version: "3.8"
-
-services:
-  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
-    depends_on:
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest-arm64
-    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
-      - TZ=${TIMEZONE}
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
-      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest-arm64
-    volumes:
-      - nextcloud_aio_database:/var/lib/postgresql/data:rw
-      - nextcloud_aio_database_dump:/mnt/data:rw
-    environment:
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - TZ=${TIMEZONE}
-      - PGTZ=${TIMEZONE}
-    stop_grace_period: 1800s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
-    depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-    image: nextcloud/aio-nextcloud:latest-arm64
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:rw
-      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
-      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-    environment:
-      - POSTGRES_HOST=nextcloud-aio-database
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - REDIS_HOST=nextcloud-aio-redis
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
-      - NC_DOMAIN=${NC_DOMAIN}
-      - ADMIN_USER=admin
-      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
-      - OVERWRITEHOST=${NC_DOMAIN}
-      - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - AIO_URL=${AIO_URL}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
-      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest-arm64
-    environment:
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest-arm64
-    environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest-arm64
-    ports:
-      - 3478:3478/tcp
-      - 3478:3478/udp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-volumes:
-  nextcloud_aio_apache:
-    name: nextcloud_aio_apache
-  nextcloud_aio_database:
-    name: nextcloud_aio_database
-  nextcloud_aio_database_dump:
-    name: nextcloud_aio_database_dump
-  nextcloud_aio_nextcloud:
-    name: nextcloud_aio_nextcloud
-  nextcloud_aio_nextcloud_data:
-    name: nextcloud_aio_nextcloud_data
-
-networks:
-  nextcloud-aio:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -2,16 +2,14 @@ version: "3.8"

 services:
  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
    depends_on:
      - nextcloud-aio-onlyoffice
      - nextcloud-aio-collabora
-      - nextcloud-aio-clamav
      - nextcloud-aio-talk
      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest
+    image: nextcloud/aio-apache:${IMAGE_TAG}
    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
@@ -20,17 +18,17 @@ services:
      - APACHE_PORT=${APACHE_PORT}
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
      - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:ro
      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest
+    image: nextcloud/aio-postgresql:${IMAGE_TAG}
    volumes:
      - nextcloud_aio_database:/var/lib/postgresql/data:rw
      - nextcloud_aio_database_dump:/mnt/data:rw
@@ -44,17 +42,20 @@ services:
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
    depends_on:
      - nextcloud-aio-database
      - nextcloud-aio-redis
-    image: nextcloud/aio-nextcloud:latest
+      - nextcloud-aio-clamav
+      - nextcloud-aio-fulltextsearch
+      - nextcloud-aio-imaginary
+    image: nextcloud/aio-nextcloud:${IMAGE_TAG}
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:rw
      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
    environment:
      - POSTGRES_HOST=nextcloud-aio-database
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -71,6 +72,7 @@ services:
      - OVERWRITEPROTOCOL=https
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
+      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
      - AIO_URL=${AIO_URL}
      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
      - CLAMAV_ENABLED=${CLAMAV_ENABLED}
@@ -80,73 +82,110 @@ services:
      - COLLABORA_HOST=nextcloud-aio-collabora
      - TALK_ENABLED=${TALK_ENABLED}
      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - DAILY_BACKUP_RUNNING=${DAILY_BACKUP_RUNNING}
+      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+      - TALK_PORT=${TALK_PORT}
+      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
+      - IMAGINARY_HOST=nextcloud-aio-imaginary
+      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
+      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
+      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
+      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest
+    image: nextcloud/aio-redis:${IMAGE_TAG}
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_redis:/data:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest
+    profiles: ["collabora"]
+    image: nextcloud/aio-collabora:${IMAGE_TAG}
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
+      - dictionaries=${COLLABORA_DICTIONARIES}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest
+    profiles: ["talk"]
+    image: nextcloud/aio-talk:${IMAGE_TAG}
    ports:
-      - 3478:3478/tcp
-      - 3478:3478/udp
+      - ${TALK_PORT}:${TALK_PORT}/tcp
+      - ${TALK_PORT}:${TALK_PORT}/udp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - TURN_SECRET=${TURN_SECRET}
      - SIGNALING_SECRET=${SIGNALING_SECRET}
      - JANUS_API_KEY=${JANUS_API_KEY}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+      - TALK_PORT=${TALK_PORT}
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-clamav:
-    container_name: nextcloud-aio-clamav
-    image: nextcloud/aio-clamav:latest
+    profiles: ["clamav"]
+    image: nextcloud/aio-clamav:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
+      - CLAMD_STARTUP_TIMEOUT=90
    volumes:
      - nextcloud_aio_clamav:/var/lib/clamav:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest
+    profiles: ["onlyoffice"]
+    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
+      - JWT_ENABLED=true
+      - JWT_HEADER=AuthorizationJwt
+      - JWT_SECRET=${ONLYOFFICE_SECRET}
    volumes:
      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
+  nextcloud-aio-imaginary:
+    profiles: ["imaginary"]
+    image: nextcloud/aio-imaginary:${IMAGE_TAG}
+    environment:
+      - TZ=${TIMEZONE}
+    restart: unless-stopped
+    networks:
+      - nextcloud-aio
+
+  nextcloud-aio-fulltextsearch:
+    profiles: ["fulltextsearch"]
+    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
+    environment:
+      - TZ=${TIMEZONE}
+      - discovery.type=single-node
+      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+    volumes:
+      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
@@ -156,14 +195,20 @@ volumes:
    name: nextcloud_aio_apache
  nextcloud_aio_clamav:
    name: nextcloud_aio_clamav
+  nextcloud_aio_collabora_fonts:
+    name: nextcloud_aio_collabora_fonts
  nextcloud_aio_database:
    name: nextcloud_aio_database
  nextcloud_aio_database_dump:
    name: nextcloud_aio_database_dump
+  nextcloud_aio_elasticsearch:
+    name: nextcloud_aio_elasticsearch
  nextcloud_aio_nextcloud:
    name: nextcloud_aio_nextcloud
  nextcloud_aio_onlyoffice:
    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_redis:
+    name: nextcloud_aio_redis
  nextcloud_aio_nextcloud_data:
    name: nextcloud_aio_nextcloud_data

--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -5,12 +5,14 @@ You can run the containers that are build for AIO with docker-compose. This come
 ### Advantages
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
+- You can run the containers with docker swarm

 ### Disadvantages
- You loose the AIO interface
- You loose update notifications and automatic updates
- You loose all AIO backup and restore features
+- You lose the AIO interface
+- You lose update notifications and automatic updates
+- You lose all AIO backup and restore features
 - You need to know what you are doing, especially when modifying the docker-compose file
+- For updating, you need to strictly follow the at the bottom described update routine
 - Probably more

 ## How to use this?
@@ -19,23 +21,29 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.  For arm64 support use `IMAGE_TAG=latest-arm64` (Note: there is no clamav image for arm64).

-Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.

-Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+Now you should be ready to go with `sudo docker-compose up`.
+
+## Docker profiles
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
+
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.

 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
-1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
+1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

 ## FAQ
 ### Backup and restore?
-If you leave `NEXTLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 
+If you leave `NEXTCLOUD_DATADIR` in your conf file at the default value of `nextcloud_aio_nextcloud_data` and don't modify the yaml file, all data will be stored inside docker volumes which are on Linux by default located here: `/var/lib/docker/volumes`. Simply backing up this location should be a valid backup solution. Then you can also easily restore in case something bad happens. However if you change `NEXTCLOUD_DATADIR` to a path like `/mnt/ncdata`, you obviously need to back up this location, too because the Nextcloud data will be stored there. The same applies to any change to the yaml file. 

 Obviously you also need to back up the conf file and the yaml file if you modified it.
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,18 +1,34 @@
+IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
+APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
-DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.
+COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
+NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
+NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
+UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,15 +1,21 @@
 #!/bin/bash

 jq -c . ./php/containers.json > /tmp/containers.json
-sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|aio_services_v1|services|g' /tmp/containers.json
+sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+sed -i 's|","port_number":"|:|g' /tmp/containers.json
+sed -i 's|","protocol":"|/|g' /tmp/containers.json
+sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
+cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"

 snap install yq
 mkdir -p ./manual-install
@@ -17,24 +23,18 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml

 cd manual-install || exit
 sed -i "s|'||g" containers.yml
-sed -i 's|production:|services:|' containers.yml
-sed -i 's|- identifier:|  container_name:|' containers.yml
-sed -i 's|restartPolicy:|restart:|' containers.yml
-sed -i 's|environmentVariables:|environment:|' containers.yml
-sed -i '/displayName:/d' containers.yml
-sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
-sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|dependsOn:|depends_on:|' containers.yml
-sed -i 's|- name: |- |' containers.yml
+sed -i 's|- source: |- |' containers.yml
+sed -i 's|- ip_binding: |- |' containers.yml

 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
 for port in "${TCP[@]}" 
 do
    solve_port="${port%%/tcp}"
-    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+    sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
 done

 UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
@@ -42,10 +42,11 @@ mapfile -t UDP <<< "$UDP"
 for port in "${UDP[@]}"
 do
    solve_port="${port%%/udp}"
-    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+    sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
 done

 rm -f sample.conf
+echo 'IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support' >> sample.conf
 VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
 mapfile -t VARIABLES <<< "$VARIABLES"
 for variable in "${VARIABLES[@]}"
@@ -57,17 +58,30 @@ do
 done

 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
-sed -i 's|DAILY_BACKUP_RUNNING=|DAILY_BACKUP_RUNNING=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup.|' sample.conf
+sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container|' sample.conf
+sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
+sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
+sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
+sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
+sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf

 cat sample.conf
@@ -81,6 +95,11 @@ do
    if [ "$name" != "nextcloud-aio-apache" ]; then
        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
    fi
+    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
+        sed -i '/container_name/d' containers.yml
+        SLIM_NAME="${name##nextcloud-aio-}"
+        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
+    fi
 done

 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
@@ -90,6 +109,9 @@ echo "" >> containers.yml

 echo "$OUTPUT" >> containers.yml

+sed -i '/container_name/d' containers.yml
+sed -i 's|^ $||' containers.yml
+
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 echo "" >> containers.yml
@@ -109,15 +131,6 @@ networks:
 NETWORK

 cat containers.yml > latest.yml
-sed -i '/image:/s/$/:latest/' latest.yml
-
-cat containers.yml > latest-arm64.yml
-sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^$/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
-sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
-sed -i '/  nextcloud-aio-onlyoffice:/,/^$/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]onlyoffice/d' latest-arm64.yml
-sed -i '/ONLYOFFICE_ENABLED/d' latest-arm64.yml
+sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml

 rm containers.yml
--- a/migration.md
+++ b/migration.md
@@ -1,9 +1,10 @@
 # How to migrate from an already existing Nextcloud installation to Nextcloud AIO?

-There are basically two ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:
+There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:

 1. Migrate only the files which is the easiest way
-1. Migrate the files and the database which is much more complicated
+1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
+1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user

 ## Migrate only the files 
 **Please note**: If you used groupfolders or encrypted your files before, you will need to restore the database, as well!
@@ -16,11 +17,10 @@ The procedure for migrating only the files works like this:
 1. Restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
 1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` to apply the correct permissions
 1. Start the containers again and wait until all containers are running
-1. Run `sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
+1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

 ## Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!<br>
-Also, you will currently not be able to use local external storage in Nextcloud AIO since that is not supported, yet. See https://github.com/nextcloud/all-in-one/issues/76
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension.

 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
@@ -44,8 +44,8 @@ The procedure for migrating the files and the database works like this:
        ```
        occ db:convert-type --all-apps --password "$PG_PASSWORD" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
        ```
-        **Please note:** You might need to change the ip-address `127.0.0.1` based on your exact installation.<br>
-        Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type
+        **Please note:** You might need to change the ip-address `127.0.0.1` and adjust the occ command (`occ`) based on your exact installation. Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type<br>
+        **Troubleshooting:** If you get an error that it could not find a driver for the conversion, you most likely need to install the PHP extension `pdo_pgsql`.
    1. Hopefully does the conversion finish successfully. If not, simply restore your old Nextcloud installation from backup. If yes, you should now log in to your Nextcloud and test if everything works and if all data has been converted successfully.
    1. If everything works as expected, feel free to continue with the steps below.
 1. Now, run a pg_dump to get an export of your current database. Something like the following command should work:
@@ -64,20 +64,23 @@ The procedure for migrating the files and the database works like this:
    1. Type in `local::/your/old/datadir/` which should bring up the exact line where you need to modify the path to use the one used in Nextcloud AIO, instead.
    1. Change it to look like this: `local::/mnt/ncdata/`.
    1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
-    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.
+    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
    ```
    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
    sudo cp database-dump.sql /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/
    sudo chmod 777 /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
-    sudo rm -r /var/lib/docker/volumes/nextcloud_aio_database/_data/*
+    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/initial-cleanup-done
    ```
-1. If the commands above were executed successfully, restore the datadirectory of your former instance into the following directory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`
-1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions
+1. If the commands above were executed successfully, restore the datadirectory of your former instance into your datadirectory: `/var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/`. Be aware if you have changed the standard path of your datadirectory like described [here](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir).
+1. Next, run `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*`to apply the correct permissions on the datadirectory.
 1. Edit the Nextcloud AIO config.php file that is stored in `/var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/config/config.php` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
-1. Now run `sudo docker exec -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint`.
 1. As last step, install all apps again that were installed before on your old instance by using the webinterface.

 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.
+
+## Use the user_migration app
+A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -0,0 +1,19 @@
+# Multiple AIO instances
+It is possible to run multiple instances of AIO on one server.
+
+There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
+
+Below is described more in detail how the the second way works.
+
+## Run multiple AIO instances on the same server with docker rootless
+1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
+1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
+1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
+1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
+1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
+1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
+1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
+1. Please also do not forget to open each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
+
+Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
        }
    },
    "require": {
-        "php": "^8.0",
+        "php": "^8.1",
        "ext-json": "*",
        "ext-sodium": "*",
        "ext-curl": "*",
@@ -21,6 +21,7 @@
    "scripts": {
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
-        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
+		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
 	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,20 +4,20 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "46e4dcf2df4e1a85aba17d664cacd815",
+    "content-hash": "7a318338d9e074d6f02e1fba5b3dda24",
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.4.5",
+            "version": "7.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82"
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
-                "reference": "1dd98b0564cb3f6bd16ce683cb755f94c10fbd82",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
                "shasum": ""
            },
            "require": {
@@ -32,10 +32,10 @@
                "psr/http-client-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                "ext-curl": "*",
                "php-http/client-integration-tests": "^3.0",
-                "phpunit/phpunit": "^8.5.5 || ^9.3.5",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "suggest": {
@@ -45,8 +45,12 @@
            },
            "type": "library",
            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                "branch-alias": {
-                    "dev-master": "7.4-dev"
+                    "dev-master": "7.5-dev"
                }
            },
            "autoload": {
@@ -112,7 +116,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.4.5"
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
            },
            "funding": [
                {
@@ -128,20 +132,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-06-20T22:16:13+00:00"
+            "time": "2022-08-28T15:39:27+00:00"
        },
        {
            "name": "guzzlehttp/promises",
-            "version": "1.5.1",
+            "version": "1.5.2",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da"
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
-                "reference": "fe752aedc9fd8fcca3fe7ad05d419d32998a06da",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
+                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
                "shasum": ""
            },
            "require": {
@@ -196,7 +200,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.5.1"
+                "source": "https://github.com/guzzle/promises/tree/1.5.2"
            },
            "funding": [
                {
@@ -212,20 +216,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2021-10-22T20:56:57+00:00"
+            "time": "2022-08-28T14:55:35+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.4.0",
+            "version": "2.4.3",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "13388f00956b1503577598873fffb5ae994b5737"
+                "reference": "67c26b443f348a51926030c83481b85718457d3d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/13388f00956b1503577598873fffb5ae994b5737",
-                "reference": "13388f00956b1503577598873fffb5ae994b5737",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
+                "reference": "67c26b443f348a51926030c83481b85718457d3d",
                "shasum": ""
            },
            "require": {
@@ -239,15 +243,19 @@
                "psr/http-message-implementation": "1.0"
            },
            "require-dev": {
-                "bamarni/composer-bin-plugin": "^1.4.1",
+                "bamarni/composer-bin-plugin": "^1.8.1",
                "http-interop/http-factory-tests": "^0.9",
-                "phpunit/phpunit": "^8.5.8 || ^9.3.10"
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
            },
            "suggest": {
                "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses"
            },
            "type": "library",
            "extra": {
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
+                },
                "branch-alias": {
                    "dev-master": "2.4-dev"
                }
@@ -311,7 +319,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
            },
            "funding": [
                {
@@ -327,7 +335,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-06-20T21:43:11+00:00"
+            "time": "2022-10-26T14:07:24+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -389,25 +397,26 @@
        },
        {
            "name": "laravel/serializable-closure",
-            "version": "v1.2.0",
+            "version": "v1.2.2",
            "source": {
                "type": "git",
                "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540"
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/09f0e9fb61829f628205b7c94906c28740ff9540",
-                "reference": "09f0e9fb61829f628205b7c94906c28740ff9540",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/47afb7fae28ed29057fdca37e16a84f90cc62fae",
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae",
                "shasum": ""
            },
            "require": {
                "php": "^7.3|^8.0"
            },
            "require-dev": {
-                "pestphp/pest": "^1.18",
-                "phpstan/phpstan": "^0.12.98",
-                "symfony/var-dumper": "^5.3"
+                "nesbot/carbon": "^2.61",
+                "pestphp/pest": "^1.21.3",
+                "phpstan/phpstan": "^1.8.2",
+                "symfony/var-dumper": "^5.4.11"
            },
            "type": "library",
            "extra": {
@@ -444,7 +453,7 @@
                "issues": "https://github.com/laravel/serializable-closure/issues",
                "source": "https://github.com/laravel/serializable-closure"
            },
-            "time": "2022-05-16T17:09:47+00:00"
+            "time": "2022-09-08T13:45:54+00:00"
        },
        {
            "name": "nikic/fast-route",
@@ -1128,30 +1137,30 @@
        },
        {
            "name": "slim/csrf",
-            "version": "1.2.1",
+            "version": "1.3.0",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400"
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ee811a258ecee807846aefc51aabc1963ae0a400",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ebaaf295fd6d7224078d8ae3bba45329b31798c7",
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7",
                "shasum": ""
            },
            "require": {
-                "php": "^7.3|^8.0",
+                "php": "^7.4 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.0",
                "psr/http-server-handler": "^1.0",
                "psr/http-server-middleware": "^1.0"
            },
            "require-dev": {
-                "phpspec/prophecy": "^1.12",
+                "phpspec/prophecy": "^1.15",
                "phpspec/prophecy-phpunit": "^2.0",
                "phpunit/phpunit": "^9.5",
-                "squizlabs/php_codesniffer": "^3.5.8"
+                "squizlabs/php_codesniffer": "^3.7"
            },
            "type": "library",
            "autoload": {
@@ -1171,7 +1180,7 @@
                }
            ],
            "description": "Slim Framework 4 CSRF protection PSR-15 middleware",
-            "homepage": "http://slimframework.com",
+            "homepage": "https://www.slimframework.com",
            "keywords": [
                "csrf",
                "framework",
@@ -1180,22 +1189,22 @@
            ],
            "support": {
                "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.2.1"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.3.0"
            },
-            "time": "2021-02-04T15:37:21+00:00"
+            "time": "2022-11-05T19:27:53+00:00"
        },
        {
            "name": "slim/slim",
-            "version": "4.10.0",
+            "version": "4.11.0",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim.git",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0"
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
                "shasum": ""
            },
            "require": {
@@ -1210,21 +1219,21 @@
                "psr/log": "^1.1 || ^2.0 || ^3.0"
            },
            "require-dev": {
-                "adriansuter/php-autoload-override": "^1.2",
+                "adriansuter/php-autoload-override": "^1.3",
                "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.1",
+                "guzzlehttp/psr7": "^2.4",
                "httpsoft/http-message": "^1.0",
                "httpsoft/http-server-request": "^1.0",
-                "laminas/laminas-diactoros": "^2.8",
+                "laminas/laminas-diactoros": "^2.17",
                "nyholm/psr7": "^1.5",
                "nyholm/psr7-server": "^1.0",
                "phpspec/prophecy": "^1.15",
                "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^1.4",
+                "phpstan/phpstan": "^1.8",
                "phpunit/phpunit": "^9.5",
                "slim/http": "^1.2",
                "slim/psr7": "^1.5",
-                "squizlabs/php_codesniffer": "^3.6"
+                "squizlabs/php_codesniffer": "^3.7"
            },
            "suggest": {
                "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1297,7 +1306,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-03-14T14:18:23+00:00"
+            "time": "2022-11-06T16:33:39+00:00"
        },
        {
            "name": "slim/twig-view",
@@ -1366,25 +1375,25 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.0.1",
+            "version": "v3.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/1ee04c65529dea5d8744774d474e7cbd2f1206d3",
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3",
                "shasum": ""
            },
            "require": {
-                "php": ">=8.0.2"
+                "php": ">=8.1"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.3-dev"
                },
                "thanks": {
                    "name": "symfony/contracts",
@@ -1413,7 +1422,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.1"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.0"
            },
            "funding": [
                {
@@ -1429,20 +1438,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-01-02T09:55:41+00:00"
+            "time": "2022-11-25T10:21:52+00:00"
        },
        {
            "name": "symfony/polyfill-ctype",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
                "shasum": ""
            },
            "require": {
@@ -1457,7 +1466,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1495,7 +1504,7 @@
                "portable"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
            },
            "funding": [
                {
@@ -1511,20 +1520,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
                "shasum": ""
            },
            "require": {
@@ -1539,7 +1548,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1578,7 +1587,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
            },
            "funding": [
                {
@@ -1594,20 +1603,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/707403074c8ea6e2edaf8794b0157a0bfa52157a",
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a",
                "shasum": ""
            },
            "require": {
@@ -1616,7 +1625,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                },
                "thanks": {
                    "name": "symfony/polyfill",
@@ -1657,7 +1666,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.27.0"
            },
            "funding": [
                {
@@ -1673,20 +1682,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.4.1",
+            "version": "v3.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "e939eae92386b69b49cfa4599dd9bead6bf4a342"
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/e939eae92386b69b49cfa4599dd9bead6bf4a342",
-                "reference": "e939eae92386b69b49cfa4599dd9bead6bf4a342",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3ffcf4b7d890770466da3b2666f82ac054e7ec72",
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72",
                "shasum": ""
            },
            "require": {
@@ -1701,7 +1710,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "3.4-dev"
+                    "dev-master": "3.5-dev"
                }
            },
            "autoload": {
@@ -1737,7 +1746,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.5.0"
            },
            "funding": [
                {
@@ -1749,7 +1758,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-05-17T05:48:52+00:00"
+            "time": "2022-12-27T12:28:18+00:00"
        }
    ],
    "packages-dev": [],
@@ -1759,7 +1768,7 @@
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
-        "php": "^8.0",
+        "php": "^8.1",
        "ext-json": "*",
        "ext-sodium": "*",
        "ext-curl": "*",
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -1,57 +1,77 @@
 {
 	"type": "object",
 	"description": "AIO containers definition schema",
-	"additionalProperties": false,
 	"minProperties": 1,
+	"required": ["aio_services_v1"],
 	"properties": {
-		"production": {
+		"aio_services_v1": {
 			"type": "array",
 			"items": {
 				"type": "object",
 				"additionalProperties": false,
-				"minProperties": 11,
+				"minProperties": 2,
+				"required": ["image", "container_name"],
 				"properties": {
-					"containerName": {
+					"image": {
 						"type": "string"
 					},
-					"dependsOn": {
+					"depends_on": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"displayName": {
+					"display_name": {
 						"type": "string"
 					},
-					"environmentVariables": {
+					"environment": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"identifier": {
+					"container_name": {
 						"type": "string"
 					},
-					"internalPorts": {
-						"type": "array",
-						"items": {
-							"type": "string"
-						}
+					"internal_port": {
+						"type": "string"
 					},
-					"maxShutdownTime": {
+					"stop_grace_period": {
 						"type": "integer"
 					},
 					"ports": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"ip_binding": {
+									"type": "string"
+								},
+								"port_number": {
+									"type": "string"
+								},
+								"protocol": {
+									"type": "string"
+								}
+							}
 						}
 					},
-					"restartPolicy": {
+					"restart": {
 						"type": "string"
 					},
 					"secrets": {
-						"type": "array"
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"devices": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
 					},
 					"volumes": {
 						"type": "array",
@@ -60,10 +80,10 @@
 							"additionalProperties": false,
 							"minProperties": 3,
 							"properties": {
-								"location": {
+								"destination": {
 									"type": "string"
 								},
-								"name": {
+								"source": {
 									"type": "string"
 								},
 								"writeable": {
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,93 +1,90 @@
 {
-  "production": [
+  "aio_services_v1": [
    {
-      "identifier": "nextcloud-aio-apache",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-apache",
+      "depends_on": [
        "nextcloud-aio-onlyoffice",
        "nextcloud-aio-collabora",
-        "nextcloud-aio-clamav",
        "nextcloud-aio-talk",
        "nextcloud-aio-nextcloud"
      ],
-      "displayName": "Apache",
-      "containerName": "nextcloud/aio-apache",
+      "display_name": "Apache",
+      "image": "nextcloud/aio-apache",
      "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
      ],
-      "internalPorts": [
-        "%APACHE_PORT%"
-      ],
-      "secrets": [],
-      "environmentVariables": [
+      "internal_port": "%APACHE_PORT%",
+      "environment": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_HOST=nextcloud-aio-talk",
        "APACHE_PORT=%APACHE_PORT%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
+        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
          "writeable": false
        },
        {
-          "name": "nextcloud_aio_apache",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_apache",
+          "destination": "/mnt/data",
          "writeable": true
        }
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-database",
-      "dependsOn": [],
-      "displayName": "Database",
-      "containerName": "nextcloud/aio-postgresql",
-      "ports": [],
-      "internalPorts": [
-        "5432"
-      ],
+      "container_name": "nextcloud-aio-database",
+      "display_name": "Database",
+      "image": "nextcloud/aio-postgresql",
+      "internal_port": "5432",
      "secrets": [
        "DATABASE_PASSWORD"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_database",
-          "location": "/var/lib/postgresql/data",
+          "source": "nextcloud_aio_database",
+          "destination": "/var/lib/postgresql/data",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/mnt/data",
          "writeable": true
        }
      ],
-      "environmentVariables": [
+      "environment": [
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
        "POSTGRES_USER=nextcloud",
        "TZ=%TIMEZONE%",
        "PGTZ=%TIMEZONE%"
      ],
-      "maxShutdownTime": 1800,
-      "restartPolicy": "unless-stopped"
+      "stop_grace_period": 1800,
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-nextcloud",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-nextcloud",
+      "depends_on": [
        "nextcloud-aio-database",
-        "nextcloud-aio-redis"
-      ],
-      "displayName": "Nextcloud",
-      "containerName": "nextcloud/aio-nextcloud",
-      "ports": [],
-      "internalPorts": [
-        "9000"
+        "nextcloud-aio-redis",
+        "nextcloud-aio-clamav",
+        "nextcloud-aio-fulltextsearch",
+        "nextcloud-aio-imaginary"
      ],
+      "display_name": "Nextcloud",
+      "image": "nextcloud/aio-nextcloud",
+      "internal_port": "9000",
      "secrets": [
        "DATABASE_PASSWORD",
        "REDIS_PASSWORD",
@@ -97,22 +94,27 @@
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/mnt/ncdata",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/mnt/ncdata",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_MOUNT%",
-          "location": "%NEXTCLOUD_MOUNT%",
+          "source": "%NEXTCLOUD_MOUNT%",
+          "destination": "%NEXTCLOUD_MOUNT%",
          "writeable": true
+        },
+        {
+          "source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+          "destination": "/usr/local/share/ca-certificates",
+          "writeable": false
        }
      ],
-      "environmentVariables": [
+      "environment": [
        "POSTGRES_HOST=nextcloud-aio-database",
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
@@ -128,6 +130,7 @@
        "OVERWRITEPROTOCOL=https",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
+        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "NEXTCLOUD_MOUNT=%NEXTCLOUD_MOUNT%",
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
@@ -137,226 +140,272 @@
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_ENABLED=%TALK_ENABLED%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "DAILY_BACKUP_RUNNING=%DAILY_BACKUP_RUNNING%",
-        "TZ=%TIMEZONE%"
+        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%",
+        "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
+        "IMAGINARY_HOST=nextcloud-aio-imaginary",
+        "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
+        "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
+        "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
+        "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
+        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
+        "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
+        "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped",
+      "devices": [
+        "/dev/dri"
+      ]
    },
    {
-      "identifier": "nextcloud-aio-redis",
-      "dependsOn": [],
-      "displayName": "Redis",
-      "containerName": "nextcloud/aio-redis",
-      "ports": [],
-      "internalPorts": [
-        "6379"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-redis",
+      "display_name": "Redis",
+      "image": "nextcloud/aio-redis",
+      "internal_port": "6379",
+      "environment": [
        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
        "TZ=%TIMEZONE%"
      ],
-      "volumes": [],
-      "secrets": [
-        "REDIS_PASSWORD"
+      "volumes": [
+        {
+          "source": "nextcloud_aio_redis",
+          "destination": "/data",
+          "writeable": true
+        }
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "secrets": [
+        "REDIS_PASSWORD",
+        "ONLYOFFICE_SECRET"
+      ],
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-collabora",
-      "dependsOn": [],
-      "displayName": "Collabora",
-      "containerName": "nextcloud/aio-collabora",
-      "ports": [],
-      "internalPorts": [
-        "9980"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-collabora",
+      "display_name": "Collabora",
+      "image": "nextcloud/aio-collabora",
+      "internal_port": "9980",
+      "environment": [
        "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
+        "dictionaries=%COLLABORA_DICTIONARIES%",
        "TZ=%TIMEZONE%"
      ],
-      "volumes": [],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "volumes": [
+        {
+          "source": "nextcloud_aio_collabora_fonts",
+          "destination": "/opt/cool/systemplate/tmpfonts",
+          "writeable": true
+        }
+      ],
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-talk",
-      "dependsOn": [],
-      "displayName": "Talk",
-      "containerName": "nextcloud/aio-talk",
+      "container_name": "nextcloud-aio-talk",
+      "display_name": "Talk",
+      "image": "nextcloud/aio-talk",
      "ports": [
-        "3478/tcp",
-        "3478/udp"
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "tcp"
+        },
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "udp"
+        }
      ],
-      "internalPorts": [
-        "3478"
-      ],
-      "environmentVariables": [
+      "internal_port": "%TALK_PORT%",
+      "environment": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
        "JANUS_API_KEY=%JANUS_API_KEY%",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "TALK_PORT=%TALK_PORT%"
      ],
-      "volumes": [],
      "secrets": [
        "TURN_SECRET",
        "SIGNALING_SECRET",
        "JANUS_API_KEY"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-borgbackup",
-      "dependsOn": [],
-      "displayName": "Borgbackup",
-      "containerName": "nextcloud/aio-borgbackup",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-borgbackup",
+      "image": "nextcloud/aio-borgbackup",
+      "environment": [
        "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
        "BORG_MODE=%BORGBACKUP_MODE%",
        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
-        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%"
+        "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
+        "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
+        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_backup_cache",
-          "location": "/root",
+          "source": "nextcloud_aio_backup_cache",
+          "destination": "/root",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database",
+          "source": "nextcloud_aio_database",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_apache",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_apache",
+          "source": "nextcloud_aio_apache",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_mastercontainer",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+          "source": "nextcloud_aio_mastercontainer",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
          "writeable": true
        },
        {
-          "name": "%BORGBACKUP_HOST_LOCATION%",
-          "location": "/mnt/borgbackup",
+          "source": "%BORGBACKUP_HOST_LOCATION%",
+          "destination": "/mnt/borgbackup",
+          "writeable": true
+        },
+        {
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+          "writeable": true
+        },
+        {
+          "source": "nextcloud_aio_redis",
+          "destination": "/mnt/redis",
          "writeable": true
        }
      ],
      "secrets": [
        "BORGBACKUP_PASSWORD"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      "devices": [
+        "/dev/fuse"
+      ]
    },
    {
-      "identifier": "nextcloud-aio-watchtower",
-      "dependsOn": [],
-      "displayName": "Watchtower",
-      "containerName": "nextcloud/aio-watchtower",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-watchtower",
+      "image": "nextcloud/aio-watchtower",
+      "environment": [
        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
      ],
      "volumes": [
        {
-          "name": "%DOCKER_SOCKET_PATH%",
-          "location": "/var/run/docker.sock",
+          "source": "%DOCKER_SOCKET_PATH%",
+          "destination": "/var/run/docker.sock",
          "writeable": false
        }
-      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      ]
    },
    {
-      "dependsOn": [],
-      "identifier": "nextcloud-aio-domaincheck",
-      "displayName": "Domaincheck",
-      "containerName": "nextcloud/aio-domaincheck",
+      "container_name": "nextcloud-aio-domaincheck",
+      "image": "nextcloud/aio-domaincheck",
      "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
      ],
-      "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
        "INSTANCE_ID=%INSTANCE_ID%",
        "APACHE_PORT=%APACHE_PORT%"
      ],
-      "volumes": [],
      "secrets": [
        "INSTANCE_ID"
      ],
-      "maxShutdownTime": 1,
-      "restartPolicy": ""
+      "stop_grace_period": 1
    },
    {
-      "identifier": "nextcloud-aio-clamav",
-      "dependsOn": [],
-      "displayName": "ClamAV",
-      "containerName": "nextcloud/aio-clamav",
-      "ports": [],
-      "internalPorts": [
-        "3310"
-      ],
-      "environmentVariables": [
-        "TZ=%TIMEZONE%"
+      "container_name": "nextcloud-aio-clamav",
+      "display_name": "ClamAV",
+      "image": "nextcloud/aio-clamav",
+      "internal_port": "3310",
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "CLAMD_STARTUP_TIMEOUT=90"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_clamav",
-          "location": "/var/lib/clamav",
+          "source": "nextcloud_aio_clamav",
+          "destination": "/var/lib/clamav",
          "writeable": true
        }
      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-onlyoffice",
-      "dependsOn": [],
-      "displayName": "OnlyOffice",
-      "containerName": "nextcloud/aio-onlyoffice",
-      "ports": [],
-      "internalPorts": [
-        "80"
-      ],
-      "environmentVariables": [
-        "TZ=%TIMEZONE%"
+      "container_name": "nextcloud-aio-onlyoffice",
+      "display_name": "OnlyOffice",
+      "image": "nextcloud/aio-onlyoffice",
+      "internal_port": "80",
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "JWT_ENABLED=true",
+        "JWT_HEADER=AuthorizationJwt",
+        "JWT_SECRET=%ONLYOFFICE_SECRET%"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_onlyoffice",
-          "location": "/var/lib/onlyoffice",
+          "source": "nextcloud_aio_onlyoffice",
+          "destination": "/var/lib/onlyoffice",
          "writeable": true
        }
      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "secrets": [
+        "ONLYOFFICE_SECRET"
+      ],
+      "restart": "unless-stopped"
+    },
+    {
+      "container_name": "nextcloud-aio-imaginary",
+      "display_name": "Imaginary",
+      "image": "nextcloud/aio-imaginary",
+      "internal_port": "9000",
+      "environment": [
+        "TZ=%TIMEZONE%"
+      ],
+      "restart": "unless-stopped"
+    },
+    {
+      "container_name": "nextcloud-aio-fulltextsearch",
+      "display_name": "Fulltextsearch",
+      "image": "nextcloud/aio-fulltextsearch",
+      "internal_port": "9200",
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "discovery.type=single-node",
+        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
+      ],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/usr/share/elasticsearch/data",
+          "writeable": true
+        }
+      ],
+      "restart": "unless-stopped"
    }
  ]
 }
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,77 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.23.0@f1fe6ff483bf325c803df9f510d09a03fd796f88">
-  <file src="public/index.php">
-    <MissingClosureParamType occurrences="10">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$response</code>
-      <code>$response</code>
-      <code>$response</code>
-    </MissingClosureParamType>
-  </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <MissingParamType occurrences="1">
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/DockerController.php">
-    <MissingParamType occurrences="8">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['selected_restore_time']</code>
-    </PossiblyNullArrayAccess>
-  </file>
-  <file src="src/Controller/LoginController.php">
-    <MissingParamType occurrences="3">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-    <PossiblyInvalidArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyInvalidArrayAccess>
-    <PossiblyNullArgument occurrences="1">
-      <code>$password</code>
-    </PossiblyNullArgument>
-    <PossiblyNullArrayAccess occurrences="1">
-      <code>$request-&gt;getParsedBody()['password']</code>
-    </PossiblyNullArrayAccess>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <InvalidReturnType occurrences="1">
-      <code>IContainerState</code>
-    </InvalidReturnType>
-    <InvalidScalarArgument occurrences="1">
-      <code>$internalPort</code>
-    </InvalidScalarArgument>
-    <RedundantCondition occurrences="1">
-      <code>$container-&gt;GetInternalPorts() !== null</code>
-    </RedundantCondition>
-  </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <UndefinedInterfaceMethod occurrences="1">
-      <code>withStatus</code>
-    </UndefinedInterfaceMethod>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingParamType occurrences="1">
-      <code>$object</code>
-    </MissingParamType>
-  </file>
-</files>
+<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863"/>
--- a/php/public/disable-fulltextsearch.js
+++ b/php/public/disable-fulltextsearch.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Fulltextsearch
+    var fulltextsearch = document.getElementById("fulltextsearch");
+    fulltextsearch.disabled = true;
+}); 
--- a/php/public/disable-imaginary.js
+++ b/php/public/disable-imaginary.js
@@ -0,0 +1,5 @@
+document.addEventListener("DOMContentLoaded", function(event) {
+    // Imaginary
+    var imaginary = document.getElementById("imaginary");
+    imaginary.disabled = true;
+});
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,5 +1,7 @@
-document.addEventListener("DOMContentLoaded", function(event) {
-    // OnlyOffice
-    var onlyoffice = document.getElementById("onlyoffice");
-    onlyoffice.disabled = true;
+document.addEventListener("DOMContentLoaded", function(event) {
+    // OnlyOffice
+    var onlyoffice = document.getElementById("onlyoffice");
+    if (onlyoffice) {
+        onlyoffice.disabled = true;
+    }
 });
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -19,12 +19,13 @@
    const xhr = e.target;
    if (xhr.status === 201) {
      window.location.replace(xhr.getResponseHeader('Location'));
-    }
-    if (xhr.status === 422) {
+    } else if (xhr.status === 422) {
      showError(xhr.response);
-    }
-    if (xhr.status === 500) {
-      showError("Server error. Please see the logs for details.");
+    } else if (xhr.status === 500) {
+      showError("Server error. Please check the mastercontainer logs for details.");
+    } else {
+      // If the responose is not one of the above, we should reload to show the latest content
+      window.location.reload(1);
    }
  }

--- a/php/public/index.php
+++ b/php/public/index.php
@@ -12,6 +12,8 @@ use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
 use Slim\Views\Twig;
 use Slim\Views\TwigMiddleware;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;

 require __DIR__ . '/../vendor/autoload.php';

@@ -22,6 +24,9 @@ ini_set('session.save_path', $dataConst->GetSessionDirectory());
 // Auto logout on browser close
 ini_set('session.cookie_lifetime', '0');

+# Keep session for 24h max
+ini_set('session.gc_maxlifetime', '86400');
+
 // Create app
 AppFactory::setContainer($container);
 $app = AppFactory::create();
@@ -52,6 +57,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
@@ -62,7 +68,7 @@ $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout'
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');

 // Views
-$app->get('/containers', function ($request, $response, $args) use ($container) {
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\ConfigurationManager $configurationManager */
    $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
@@ -74,9 +80,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
    return $view->render($response, 'containers.twig', [
        'domain' => $configurationManager->GetDomain(),
        'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
        'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
        'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
        'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
@@ -97,9 +103,17 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
        'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
        'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
        'timezone' => $configurationManager->GetTimezone(),
+        'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
+        'talk_port' => $configurationManager->GetTalkPort(),
+        'collabora_dictionaries' => $configurationManager->GetCollaboraDictionaries(),
+        'automatic_updates' => $configurationManager->areAutomaticUpdatesEnabled(),
+        'is_backup_section_enabled' => $configurationManager->isBackupSectionEnabled(),
+        'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
+        'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
+        'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
    ]);
 })->setName('profile');
-$app->get('/login', function ($request, $response, $args) use ($container) {
+$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -107,7 +121,7 @@ $app->get('/login', function ($request, $response, $args) use ($container) {
        'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
    ]);
 });
-$app->get('/setup', function ($request, $response, $args) use ($container) {
+$app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\Setup $setup */
    $setup = $container->get(\AIO\Data\Setup::class);
@@ -129,7 +143,7 @@ $app->get('/setup', function ($request, $response, $args) use ($container) {
 });

 // Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, \Psr\Http\Message\ResponseInterface $response, $args) use ($container) {
+$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
    $authManager = $container->get(\AIO\Auth\AuthManager::class);

    /** @var \AIO\Data\Setup $setup */
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -14,7 +14,9 @@ document.addEventListener("DOMContentLoaded", function(event) {

    // OnlyOffice
    var onlyoffice = document.getElementById("onlyoffice");
-    onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+    if (onlyoffice) {
+        onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
+    }

    // Collabora
    var collabora = document.getElementById("collabora");
@@ -23,4 +25,12 @@ document.addEventListener("DOMContentLoaded", function(event) {
    // Talk
    var talk = document.getElementById("talk");
    talk.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Imaginary
+    var imaginary = document.getElementById("imaginary");
+    imaginary.addEventListener('change', makeOptionsFormSubmitVisible);
+
+    // Fulltextsearch
+    var fulltextsearch = document.getElementById("fulltextsearch");
+    fulltextsearch.addEventListener('change', makeOptionsFormSubmitVisible);
 });
--- a/php/public/second-tab-warning.js
+++ b/php/public/second-tab-warning.js
@@ -0,0 +1,12 @@
+const channel = new BroadcastChannel('tab')
+
+channel.postMessage('second-tab')
+// note that listener is added after posting the message
+
+channel.addEventListener('message', (msg) => {
+    if (msg.data === 'second-tab') {
+        // message received from 2nd tab
+        document.getElementById('overlay').classList.add('loading')
+        alert('Cannot open multiple instances. You can use AIO here by reloading the page.')
+    }
+});
--- a/php/src/Auth/AuthManager.php
+++ b/php/src/Auth/AuthManager.php
@@ -3,6 +3,8 @@
 namespace AIO\Auth;

 use AIO\Data\ConfigurationManager;
+use AIO\Data\DataConst;
+use \DateTime;

 class AuthManager {
    private const SESSION_KEY = 'aio_authenticated';
@@ -21,6 +23,14 @@ class AuthManager {
    }

    public function SetAuthState(bool $isLoggedIn) : void {
+
+        if (!$this->IsAuthenticated() && $isLoggedIn === true) {
+            $date = new DateTime();
+            $dateTime = $date->getTimestamp();
+            $_SESSION['date_time'] = $dateTime;
+            file_put_contents(DataConst::GetSessionDateFile(), (string)$dateTime);
+        }
+
        $_SESSION[self::SESSION_KEY] = $isLoggedIn;
    }

--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -14,13 +14,15 @@ class Container {
    private string $restartPolicy;
    private int $maxShutdownTime;
    private ContainerPorts $ports;
-    private ContainerInternalPorts $internalPorts;
+    private string $internalPorts;
    private ContainerVolumes $volumes;
    private ContainerEnvironmentVariables $containerEnvironmentVariables;
    /** @var string[] */
    private array $dependsOn;
    /** @var string[] */
    private array $secrets;
+    /** @var string[] */
+    private array $devices;
    private DockerActionManager $dockerActionManager;

    public function __construct(
@@ -30,11 +32,12 @@ class Container {
        string $restartPolicy,
        int $maxShutdownTime,
        ContainerPorts $ports,
-        ContainerInternalPorts $internalPorts,
+        string $internalPorts,
        ContainerVolumes $volumes,
        ContainerEnvironmentVariables $containerEnvironmentVariables,
        array $dependsOn,
        array $secrets,
+        array $devices,
        DockerActionManager $dockerActionManager
    ) {
        $this->identifier = $identifier;
@@ -48,6 +51,7 @@ class Container {
        $this->containerEnvironmentVariables = $containerEnvironmentVariables;
        $this->dependsOn = $dependsOn;
        $this->secrets = $secrets;
+        $this->devices = $devices;
        $this->dockerActionManager = $dockerActionManager;
    }

@@ -75,11 +79,15 @@ class Container {
        return $this->secrets;
    }

+    public function GetDevices() : array {
+        return $this->devices;
+    }
+
    public function GetPorts() : ContainerPorts {
        return $this->ports;
    }

-    public function GetInternalPorts() : ContainerInternalPorts {
+    public function GetInternalPort() : string {
        return $this->internalPorts;
    }

--- a/php/src/Container/ContainerInternalPorts.php
+++ b/php/src/Container/ContainerInternalPorts.php
@@ -1,19 +0,0 @@
-<?php
-
-namespace AIO\Container;
-
-class ContainerInternalPorts {
-    /** @var string[] */
-    private array $internalPorts = [];
-
-    public function AddInternalPort(string $internalPort) : void {
-        $this->internalPorts[] = $internalPort;
-    }
-
-    /**
-     * @return string[]
-     */
-    public function GetInternalPorts() : array {
-        return $this->internalPorts;
-    }
-}
--- a/php/src/Container/ContainerPort.php
+++ b/php/src/Container/ContainerPort.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace AIO\Container;
+
+class ContainerPort {
+    public string $port;
+    public string $ipBinding;
+    public string $protocol;
+
+    public function __construct(
+        string $port,
+        string $ipBinding,
+        string $protocol
+    ) {
+        $this->port = $port;
+        $this->ipBinding = $ipBinding;
+        $this->protocol = $protocol;
+    }
+}
--- a/php/src/Container/ContainerPorts.php
+++ b/php/src/Container/ContainerPorts.php
@@ -3,17 +3,17 @@
 namespace AIO\Container;

 class ContainerPorts {
-    /** @var string[] */
+    /** @var ContainerPort[] */
    private array $ports = [];

-    public function AddPort(string $port) : void {
+    public function AddPort(ContainerPort $port) : void {
        $this->ports[] = $port;
    }

    /**
-     * @return string[]
+     * @return ContainerPort[]
     */
    public function GetPorts() : array {
        return $this->ports;
    }
-}
+}
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -4,8 +4,8 @@ namespace AIO;

 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
+use AIO\Container\ContainerPort;
 use AIO\Container\ContainerPorts;
-use AIO\Container\ContainerInternalPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
 use AIO\Container\State\RunningState;
@@ -48,119 +48,184 @@ class ContainerDefinitionFetcher
        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);

        $containers = [];
-        foreach ($data['production'] as $entry) {
-            if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+        foreach ($data['aio_services_v1'] as $entry) {
+            if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                if (!$this->configurationManager->isClamavEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-onlyoffice') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
                if (!$this->configurationManager->isOnlyofficeEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-collabora') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                if (!$this->configurationManager->isCollaboraEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-talk') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                if (!$this->configurationManager->isTalkEnabled()) {
                    continue;
                }
+            } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
+                if (!$this->configurationManager->isImaginaryEnabled()) {
+                    continue;
+                }
+            } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
+                if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                    continue;
+                }
            }

            $ports = new ContainerPorts();
-            foreach ($entry['ports'] as $port) {
-                if($port === '%APACHE_PORT%/tcp') {
-                    $port = $this->configurationManager->GetApachePort() . '/tcp';
-                }
-                $ports->AddPort($port);
-            }
+            if (isset($entry['ports'])) {
+                foreach ($entry['ports'] as $value) {
+                    if ($value['port_number'] === '%APACHE_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetApachePort();
+                    } elseif ($value['port_number'] === '%TALK_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetTalkPort();
+                    }

-            $internalPorts = new ContainerInternalPorts();
-            foreach ($entry['internalPorts'] as $internalPort) {
-                if($internalPort === '%APACHE_PORT%') {
-                    $internalPort = $this->configurationManager->GetApachePort();
+                    if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
+                        $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
+                    }
+                    
+                    $ports->AddPort(
+                        new ContainerPort(
+                            $value['port_number'],
+                            $value['ip_binding'],
+                            $value['protocol']
+                        )
+                    );
                }
-                $internalPorts->AddInternalPort($internalPort);
            }

            $volumes = new ContainerVolumes();
-            foreach ($entry['volumes'] as $value) {
-                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['name'] === '') {
-                        continue;
+            if (isset($entry['volumes'])) {
+                foreach ($entry['volumes'] as $value) {
+                    if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
+                        $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                        if($value['source'] === '') {
+                            continue;
+                        }
                    }
+                    if($value['source'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                        if ($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                        $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                        $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    }
+                    if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['destination'] === '') {
+                            continue;
+                        }
+                    }
+                    $volumes->AddVolume(
+                        new ContainerVolume(
+                            $value['source'],
+                            $value['destination'],
+                            $value['writeable']
+                        )
+                    );
                }
-                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                }
-                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['location'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['location'] === '') {
-                        continue;
-                    }
-                }
-                $volumes->AddVolume(
-                    new ContainerVolume(
-                        $value['name'],
-                        $value['location'],
-                        $value['writeable']
-                    )
-                );
            }

            $dependsOn = [];
-            foreach ($entry['dependsOn'] as $value) {
-                if ($value === 'nextcloud-aio-clamav') {
-                    if (!$this->configurationManager->isClamavEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-onlyoffice') {
-                    if (!$this->configurationManager->isOnlyofficeEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-collabora') {
-                    if (!$this->configurationManager->isCollaboraEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-talk') {
-                    if (!$this->configurationManager->isTalkEnabled()) {
-                        continue;
+            if (isset($entry['depends_on'])) {
+                foreach ($entry['depends_on'] as $value) {
+                    if ($value === 'nextcloud-aio-clamav') {
+                        if (!$this->configurationManager->isClamavEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-onlyoffice') {
+                        if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-collabora') {
+                        if (!$this->configurationManager->isCollaboraEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-talk') {
+                        if (!$this->configurationManager->isTalkEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-imaginary') {
+                        if (!$this->configurationManager->isImaginaryEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-fulltextsearch') {
+                        if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                            continue;
+                        }
                    }
+                    $dependsOn[] = $value;
                }
-                $dependsOn[] = $value;
            }
            
            $variables = new ContainerEnvironmentVariables();
-            foreach ($entry['environmentVariables'] as $value) {
-                $variables->AddVariable($value);
+            if (isset($entry['environment'])) {
+                foreach ($entry['environment'] as $value) {
+                    $variables->AddVariable($value);
+                }
+            }
+
+            $displayName = '';
+            if (isset($entry['display_name'])) {
+                $displayName = $entry['display_name'];
+            }
+
+            $restartPolicy = '';
+            if (isset($entry['restart'])) {
+                $restartPolicy = $entry['restart'];
+            }
+
+            $maxShutdownTime = 10;
+            if (isset($entry['stop_grace_period'])) {
+                $maxShutdownTime = $entry['stop_grace_period'];
+            }
+
+            $internalPort = '';
+            if (isset($entry['internal_port'])) {
+                $internalPort = $entry['internal_port'];
+            }
+
+            $secrets = [];
+            if (isset($entry['secrets'])) {
+                $secrets = $entry['secrets'];
+            }
+
+            $devices = [];
+            if (isset($entry['devices'])) {
+                $devices = $entry['devices'];
            }

            $containers[] = new Container(
-                $entry['identifier'],
-                $entry['displayName'],
-                $entry['containerName'],
-                $entry['restartPolicy'],
-                $entry['maxShutdownTime'],
+                $entry['container_name'],
+                $displayName,
+                $entry['image'],
+                $restartPolicy,
+                $maxShutdownTime,
                $ports,
-                $internalPorts,
+                $internalPort,
                $volumes,
                $variables,
                $dependsOn,
-                $entry['secrets'],
+                $secrets,
+                $devices,
                $this->container->get(DockerActionManager::class)
            );
        }
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,7 @@ class ConfigurationController
        $this->configurationManager = $configurationManager;
    }

-    public function SetConfig(Request $request, Response $response, $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args) : Response {
        try {
            if (isset($request->getParsedBody()['domain'])) {
                $domain = $request->getParsedBody()['domain'] ?? '';
@@ -44,14 +44,24 @@ class ConfigurationController
            }

            if (isset($request->getParsedBody()['daily_backup_time'])) {
+                if (isset($request->getParsedBody()['automatic_updates'])) {
+                    $enableAutomaticUpdates = true;
+                } else {
+                    $enableAutomaticUpdates = false;
+                }
                $dailyBackupTime = $request->getParsedBody()['daily_backup_time'] ?? '';
-                $this->configurationManager->SetDailyBackupTime($dailyBackupTime);
+                $this->configurationManager->SetDailyBackupTime($dailyBackupTime, $enableAutomaticUpdates);
            }

            if (isset($request->getParsedBody()['delete_daily_backup_time'])) {
                $this->configurationManager->DeleteDailyBackupTime();
            }

+            if (isset($request->getParsedBody()['additional_backup_directories'])) {
+                $additionalBackupDirectories = $request->getParsedBody()['additional_backup_directories'] ?? '';
+                $this->configurationManager->SetAdditionalBackupDirectories($additionalBackupDirectories);
+            }
+
            if (isset($request->getParsedBody()['delete_timezone'])) {
                $this->configurationManager->DeleteTimezone();
            }
@@ -85,6 +95,25 @@ class ConfigurationController
                } else {
                    $this->configurationManager->SetTalkEnabledState(0);
                }
+                if (isset($request->getParsedBody()['imaginary'])) {
+                    $this->configurationManager->SetImaginaryEnabledState(1);
+                } else {
+                    $this->configurationManager->SetImaginaryEnabledState(0);
+                }
+                if (isset($request->getParsedBody()['fulltextsearch'])) {
+                    $this->configurationManager->SetFulltextsearchEnabledState(1);
+                } else {
+                    $this->configurationManager->SetFulltextsearchEnabledState(0);
+                }
+            }
+
+            if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
+                $this->configurationManager->DeleteCollaboraDictionaries();
+            }
+
+            if (isset($request->getParsedBody()['collabora_dictionaries'])) {
+                $collaboraDictionaries = $request->getParsedBody()['collabora_dictionaries'] ?? '';
+                $this->configurationManager->SetCollaboraDictionaries($collaboraDictionaries);
            }

            return $response->withStatus(201)->withHeader('Location', '/');
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -26,32 +26,30 @@ class DockerController
        $this->configurationManager = $configurationManager;
    }

-    private function PerformRecursiveContainerStart(string $id) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);

        foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency);
+            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
        }

-        $pullcontainer = true;
        if ($id === 'nextcloud-aio-database') {
            if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullcontainer = false;
+                $pullContainer = false;
+                error_log('Not pulling the latest database image because the container was not correctly shut down.');
            }
        }
        $this->dockerActionManager->DeleteContainer($container);
        $this->dockerActionManager->CreateVolumes($container);
-        if ($pullcontainer) {
+        if ($pullContainer) {
            $this->dockerActionManager->PullContainer($container);
-        } else {
-            error_log('Not pulling the latest database image because the container was not correctly shut down.');
        }
        $this->dockerActionManager->CreateContainer($container);
        $this->dockerActionManager->StartContainer($container);
        $this->dockerActionManager->ConnectContainerToNetwork($container);
    }

-    public function GetLogs(Request $request, Response $response, $args) : Response
+    public function GetLogs(Request $request, Response $response, array $args) : Response
    {
        $id = $request->getQueryParams()['id'];
        if (str_starts_with($id, 'nextcloud-aio-')) {
@@ -69,7 +67,7 @@ class DockerController
            ->withHeader('Content-Disposition', 'inline');
    }

-    public function StartBackupContainerBackup(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
        $this->startBackup();
        return $response->withStatus(201)->withHeader('Location', '/');
    }
@@ -86,21 +84,24 @@ class DockerController
        $this->PerformRecursiveContainerStart($id);
    }

-    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
+        $this->checkBackup();
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function checkBackup() : void {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'check';
        $this->configurationManager->WriteConfig($config);

        $id = 'nextcloud-aio-borgbackup';
        $this->PerformRecursiveContainerStart($id);
-
-        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'restore';
-        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'];
+        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
        $this->configurationManager->WriteConfig($config);

        $id = self::TOP_CONTAINER;
@@ -112,7 +113,23 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check-repair';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+
+        // Restore to backup check which is needed to make the UI logic work correctly
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check';
+        $this->configurationManager->WriteConfig($config);
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'test';
        $config['instance_restore_attempt'] = 0;
@@ -127,7 +144,7 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartContainer(Request $request, Response $response, $args) : Response
+    public function StartContainer(Request $request, Response $response, array $args) : Response
    {
        $uri = $request->getUri();
        $host = $uri->getHost();
@@ -145,12 +162,12 @@ class DockerController
        $this->configurationManager->WriteConfig($config);

        // Start container
-        $this->startTopContainer();
+        $this->startTopContainer(true);

        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function startTopContainer() : void {
+    public function startTopContainer(bool $pullContainer) : void {
        $config = $this->configurationManager->GetConfig();
        // set AIO_TOKEN
        $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -161,10 +178,10 @@ class DockerController

        $id = self::TOP_CONTAINER;

-        $this->PerformRecursiveContainerStart($id);
+        $this->PerformRecursiveContainerStart($id, $pullContainer);
    }

-    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
+    public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
        $this->startWatchtower();
        return $response->withStatus(201)->withHeader('Location', '/');
    }
@@ -187,7 +204,7 @@ class DockerController
        $this->dockerActionManager->StopContainer($container);
    }

-    public function StopContainer(Request $request, Response $response, $args) : Response
+    public function StopContainer(Request $request, Response $response, array $args) : Response
    {
        $id = self::TOP_CONTAINER;
        $this->PerformRecursiveContainerStop($id);
@@ -195,6 +212,11 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

+    public function stopTopContainer() : void {
+        $id = self::TOP_CONTAINER;
+        $this->PerformRecursiveContainerStop($id);
+    }
+
    public function StartDomaincheckContainer() : void
    {
        # Don't start if domain is already set
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,11 +19,11 @@ class LoginController
        $this->dockerActionManager = $dockerActionManager;
    }

-    public function TryLogin(Request $request, Response $response, $args) : Response {
+    public function TryLogin(Request $request, Response $response, array $args) : Response {
        if (!$this->dockerActionManager->isLoginAllowed()) {
            return $response->withHeader('Location', '/')->withStatus(302);
        }
-        $password = $request->getParsedBody()['password'];
+        $password = $request->getParsedBody()['password'] ?? '';
        if($this->authManager->CheckCredentials($password)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
@@ -32,8 +32,8 @@ class LoginController
        return $response->withHeader('Location', '/')->withStatus(302);
    }

-    public function GetTryLogin(Request $request, Response $response, $args) : Response {
-        $token = $request->getQueryParams()['token'];
+    public function GetTryLogin(Request $request, Response $response, array $args) : Response {
+        $token = $request->getQueryParams()['token'] ?? '';
        if($this->authManager->CheckToken($token)) {
            $this->authManager->SetAuthState(true);
            return $response->withHeader('Location', '/')->withStatus(302);
@@ -42,7 +42,7 @@ class LoginController
        return $response->withHeader('Location', '/')->withStatus(302);
    }

-    public function Logout(Request $request, Response $response, $args) : Response
+    public function Logout(Request $request, Response $response, array $args) : Response
    {
        $this->authManager->SetAuthState(false);
        return $response
--- a/php/src/Cron/CheckBackup.php
+++ b/php/src/Cron/CheckBackup.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Stop container and start backup check
+$dockerController->checkBackup();
--- a/php/src/Cron/CreateBackup.php
+++ b/php/src/Cron/CreateBackup.php
@@ -15,6 +15,3 @@ $dockerController = $container->get(\AIO\Controller\DockerController::class);

 // Stop container and start backup
 $dockerController->startBackup();
-
-// Start apache
-$dockerController->startTopContainer();
--- a/php/src/Cron/OutdatedNotification.php
+++ b/php/src/Cron/OutdatedNotification.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+
+if ($isNextcloudImageOutdated === true) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+}
+
--- a/php/src/Cron/StartAndUpdateContainers.php
+++ b/php/src/Cron/StartAndUpdateContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(true);
--- a/php/src/Cron/StartContainers.php
+++ b/php/src/Cron/StartContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->startTopContainer(false);
--- a/php/src/Cron/StopContainers.php
+++ b/php/src/Cron/StopContainers.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DockerController $dockerController */
+$dockerController = $container->get(\AIO\Controller\DockerController::class);
+
+// Start apache
+$dockerController->stopTopContainer();
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -32,7 +32,7 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
        $config = $this->GetConfig();
        if(!isset($config['secrets'][$secretId])) {
            $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -46,6 +46,15 @@ class ConfigurationManager
        return $config['secrets'][$secretId];
    }

+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
        file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
    }
@@ -139,6 +148,36 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

+    public function isImaginaryEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetImaginaryEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isImaginaryEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
+    public function isFulltextsearchEnabled() : bool {
+        $config = $this->GetConfig();
+        if (isset($config['isFulltextsearchEnabled']) && $config['isFulltextsearchEnabled'] === 1) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public function SetFulltextsearchEnabledState(int $value) : void {
+        $config = $this->GetConfig();
+        $config['isFulltextsearchEnabled'] = $value;
+        $this->WriteConfig($config);
+    }
+
    public function isOnlyofficeEnabled() : bool {
        $config = $this->GetConfig();
        if (isset($config['isOnlyofficeEnabled']) && $config['isOnlyofficeEnabled'] === 1) {
@@ -198,51 +237,71 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("Please enter a domain and not an IP-address!");
        }

-        $dnsRecordIP = gethostbyname($domain);
-        if ($dnsRecordIP === $domain) {
-            $dnsRecordIP = '';
-        }
+        // Skip domain validation if opted in to do so
+        if (!$this->shouldDomainValidationBeSkipped()) {

-        // Validate IP
-        if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
-            throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
-        }
+            $dnsRecordIP = gethostbyname($domain);
+            if ($dnsRecordIP === $domain) {
+                $dnsRecordIP = '';
+            }

-        if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
-            throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
-        }
+            if (empty($dnsRecordIP)) {
+                $record = dns_get_record($domain, DNS_AAAA);
+                if (!empty($record)) {
+                    $dnsRecordIP = $record[0]['ipv6'];
+                }
+            }

-        // Check if port 443 is open
-        $connection = @fsockopen($domain, 443, $errno, $errstr, 10);
-        if ($connection) {
-            fclose($connection);
-        } else {
-            throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
-        }
+            // Validate IP
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
+                throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
+            }

-        // Get Instance ID
-        $instanceID = $this->GetSecret('INSTANCE_ID');
+            // Get the apache port
+            $port = $this->GetApachePort();

-        // set protocol
-        $port = $this->GetApachePort();
-        if ($port !== '443') {
-            $protocol = 'https://';
-        } else {
-            $protocol = 'http://';
-        }
+            if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
+                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
+                if ($port === '443') {
+                    throw new InvalidSettingConfigurationException($errorMessage);
+                } else {
+                    error_log($errorMessage);
+                }
+            }

-        // Check if response is correct
-        $ch = curl_init();
-        $testUrl = $protocol . $domain . ':443';
-        curl_setopt($ch, CURLOPT_URL, $testUrl);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        $response = (string)curl_exec($ch);
-        # Get rid of trailing \n
-        $response = str_replace("\n", "", $response);
+            // Check if port 443 is open
+            $connection = @fsockopen($domain, 443, $errno, $errstr, 10);
+            if ($connection) {
+                fclose($connection);
+            } else {
+                throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
+            }

-        if ($response !== $instanceID) {
-            error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
-            throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+            // Get Instance ID
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
+
+            // set protocol
+            if ($port !== '443') {
+                $protocol = 'https://';
+            } else {
+                $protocol = 'http://';
+            }
+
+            // Check if response is correct
+            $ch = curl_init();
+            $testUrl = $protocol . $domain . ':443';
+            curl_setopt($ch, CURLOPT_URL, $testUrl);
+            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            $response = (string)curl_exec($ch);
+            # Get rid of trailing \n
+            $response = str_replace("\n", "", $response);
+
+            if ($response !== $instanceID) {
+                error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
+                error_log('Expected was: ' . $instanceID);
+                error_log('The error message was: ' . curl_error($ch));
+                throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
+            }
        }

        // Write domain
@@ -375,6 +434,13 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetTalkPort() : string {
+        $envVariableName = 'TALK_PORT';
+        $configName = 'talk_port';
+        $defaultValue = '3478';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
@@ -382,7 +448,11 @@ class ConfigurationManager
        if(!is_dir(DataConst::GetDataDirectory())) {
            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
        }
-        file_put_contents(DataConst::GetConfigFile(), json_encode($config));
+        $df = disk_free_space(DataConst::GetDataDirectory());
+        if ($df !== false && (int)$df < 10240) {
+            throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");
+        }
+        file_put_contents(DataConst::GetConfigFile(), json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT));
    }

    private function GetEnvironmentalVariableOrConfig(string $envVariableName, string $configName, string $defaultValue) : string {
@@ -460,6 +530,32 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetNextcloudUploadLimit() : string {
+        $envVariableName = 'NEXTCLOUD_UPLOAD_LIMIT';
+        $configName = 'nextcloud_upload_limit';
+        $defaultValue = '10G';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetNextcloudMemoryLimit() : string {
+        $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT';
+        $configName = 'nextcloud_memory_limit';
+        $defaultValue = '512M';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetApacheMaxSize() : int {
+        $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
+        return $uploadLimit * 1024 * 1024 * 1024;
+    }
+
+    public function GetNextcloudMaxTime() : string {
+        $envVariableName = 'NEXTCLOUD_MAX_TIME';
+        $configName = 'nextcloud_max_time';
+        $defaultValue = '3600';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    public function GetDockerSocketPath() : string {
        $envVariableName = 'DOCKER_SOCKET_PATH';
        $configName = 'docker_socket_path';
@@ -467,10 +563,46 @@ class ConfigurationManager
        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
    }

+    public function GetTrustedCacertsDir() : string {
+        $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR';
+        $configName = 'trusted_cacerts_dir';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetNextcloudAdditionalApks() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
+        $configName = 'nextcloud_additional_apks';
+        $defaultValue = 'imagemagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
+    public function GetNextcloudAdditionalPhpExtensions() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS';
+        $configName = 'nextcloud_additional_php_extensions';
+        $defaultValue = 'imagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
+    public function GetCollaboraSeccompPolicy() : string {
+        $defaultString = '--o:security.seccomp=';
+        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+            return $defaultString . 'true';
+        }
+        return $defaultString . 'false';
+    }
+
+    private function GetCollaboraSeccompDisabledState() : string {
+        $envVariableName = 'COLLABORA_SECCOMP_DISABLED';
+        $configName = 'collabora_seccomp_disabled';
+        $defaultValue = 'false';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
    /**
     * @throws InvalidSettingConfigurationException
     */
-    public function SetDailyBackupTime(string $time) : void {
+    public function SetDailyBackupTime(string $time, bool $enableAutomaticUpdates) : void {
        if ($time === "") {
            throw new InvalidSettingConfigurationException("The daily backup time must not be empty!");
        }
@@ -479,6 +611,9 @@ class ConfigurationManager
            throw new InvalidSettingConfigurationException("You did not enter a correct time! One correct example is '04:00'!");
        }
        
+        if ($enableAutomaticUpdates === false) {
+            $time .= PHP_EOL . 'automaticUpdatesAreNotEnabled';
+        }
        file_put_contents(DataConst::GetDailyBackupTimeFile(), $time);
    }

@@ -486,7 +621,22 @@ class ConfigurationManager
        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
            return '';
        }
-        return file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        return $dailyBackupFileArray[0];
+    }
+
+    public function areAutomaticUpdatesEnabled() : bool {
+        if (!file_exists(DataConst::GetDailyBackupTimeFile())) {
+            return false;
+        }
+        $dailyBackupFile = file_get_contents(DataConst::GetDailyBackupTimeFile());
+        $dailyBackupFileArray = explode("\n", $dailyBackupFile);
+        if (isset($dailyBackupFileArray[1]) && $dailyBackupFileArray[1] === 'automaticUpdatesAreNotEnabled') {
+            return false;
+        } else {
+            return true;
+        }
    }

    public function DeleteDailyBackupTime() : void {
@@ -495,6 +645,45 @@ class ConfigurationManager
        }
    }

+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetAdditionalBackupDirectories(string $additionalBackupDirectories) : void {
+        $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
+        $validDirectories = '';
+        foreach($additionalBackupDirectoriesArray as $entry) {
+            // Trim all unwanted chars on both sites
+            $entry = trim($entry);
+            if ($entry !== "") {
+                if (!preg_match("#^/[0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[0-1a-zA-Z_-]+$#", $entry)) {
+                    throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
+                }
+                $validDirectories .= rtrim($entry, '/') . PHP_EOL;
+            }
+        }
+
+        if ($validDirectories === '') {
+            unlink(DataConst::GetAdditionalBackupDirectoriesFile());
+        } else {
+            file_put_contents(DataConst::GetAdditionalBackupDirectoriesFile(), $validDirectories);
+        }
+    }
+
+    public function GetAdditionalBackupDirectoriesString() : string {
+        if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
+            return '';
+        }
+        $additionalBackupDirectories = file_get_contents(DataConst::GetAdditionalBackupDirectoriesFile());
+        return $additionalBackupDirectories;
+    }
+
+    public function GetAdditionalBackupDirectoriesArray() : array {
+        $additionalBackupDirectories = $this->GetAdditionalBackupDirectoriesString();
+        $additionalBackupDirectoriesArray = explode("\n", $additionalBackupDirectories);
+        $additionalBackupDirectoriesArray = array_unique($additionalBackupDirectoriesArray, SORT_REGULAR);
+        return $additionalBackupDirectoriesArray;
+    }
+
    public function isDailyBackupRunning() : bool {
        if (file_exists(DataConst::GetDailyBackupBlockFile())) {
            return true;
@@ -533,4 +722,88 @@ class ConfigurationManager
        $config['timezone'] = '';
        $this->WriteConfig($config);
    }
+
+    public function shouldDomainValidationBeSkipped() : bool {
+        if (getenv('SKIP_DOMAIN_VALIDATION') !== false) {
+            return true;
+        }
+        return false;
+    }
+
+    public function GetNextcloudStartupApps() : string {
+        $apps = getenv('NEXTCLOUD_STARTUP_APPS');
+        if (is_string($apps)) {
+            return trim($apps);
+        }
+        return 'deck twofactor_totp tasks calendar contacts';
+    }
+
+    public function GetCollaboraDictionaries() : string {
+        $config = $this->GetConfig();
+        if(!isset($config['collabora_dictionaries'])) {
+            $config['collabora_dictionaries'] = '';
+        }
+
+        return $config['collabora_dictionaries'];
+    }
+
+    /**
+     * @throws InvalidSettingConfigurationException
+     */
+    public function SetCollaboraDictionaries(string $CollaboraDictionaries) : void {
+        if ($CollaboraDictionaries === "") {
+            throw new InvalidSettingConfigurationException("The dictionaries must not be empty!");
+        }
+
+        if (!preg_match("#^[a-zA-Z_ ]+$#", $CollaboraDictionaries)) {
+            throw new InvalidSettingConfigurationException("The entered dictionaries do not seem to be a valid!");
+        }
+
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = $CollaboraDictionaries;
+        $this->WriteConfig($config);
+    }
+
+    public function DeleteCollaboraDictionaries() : void {
+        $config = $this->GetConfig();
+        $config['collabora_dictionaries'] = '';
+        $this->WriteConfig($config);
+    }
+
+    public function GetApacheIPBinding() : string {
+        $envVariableName = 'APACHE_IP_BINDING';
+        $configName = 'apache_ip_binding';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    private function GetDisableBackupSection() : string {
+        $envVariableName = 'DISABLE_BACKUP_SECTION';
+        $configName = 'disable_backup_section';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isBackupSectionEnabled() : bool {
+        if ($this->GetDisableBackupSection() === 'true') {
+            return false;
+        } else {
+            return true;
+        }
+    }
+
+    private function GetEnabledDriDevice() : string {
+        $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
+        $configName = 'nextcloud_enable_dri_device';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isDriDeviceEnabled() : bool {
+        if ($this->GetEnabledDriDevice() === 'true') {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }
--- a/php/src/Data/DataConst.php
+++ b/php/src/Data/DataConst.php
@@ -31,6 +31,10 @@ class DataConst {
        return self::GetDataDirectory() . '/daily_backup_time';
    }

+    public static function GetAdditionalBackupDirectoriesFile() : string {
+        return self::GetDataDirectory() . '/additional_backup_directories';
+    }
+
    public static function GetDailyBackupBlockFile() : string {
        return self::GetDataDirectory() . '/daily_backup_running';
    }
@@ -42,4 +46,8 @@ class DataConst {
    public static function GetBackupArchivesList() : string {
        return self::GetDataDirectory() . '/backup_archives.list';
    }
+
+    public static function GetSessionDateFile() : string {
+        return self::GetDataDirectory() . '/session_date_file';
+    }
 }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -124,15 +124,20 @@ class DockerActionManager
        }

        $containerName = $container->GetIdentifier();
-        if ($container->GetInternalPorts() !== null) {
-            foreach($container->GetInternalPorts()->GetInternalPorts() as $internalPort) {
-                $connection = @fsockopen($containerName, $internalPort, $errno, $errstr, 0.1);
-                if ($connection) {
-                    fclose($connection);
-                    return new RunningState();
-                } else {
-                    return new StartingState();
-                }
+        $internalPort = $container->GetInternalPort();
+        if($internalPort === '%APACHE_PORT%') {
+            $internalPort = $this->configurationManager->GetApachePort();
+        } elseif($internalPort === '%TALK_PORT%') {
+            $internalPort = $this->configurationManager->GetTalkPort();
+        }
+        
+        if ($internalPort !== "" && $internalPort !== 'host') {
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
+            if ($connection) {
+                fclose($connection);
+                return new RunningState();
+            } else {
+                return new StartingState();
            }
        } else {
            return new RunningState();
@@ -162,11 +167,11 @@ class DockerActionManager
        $response = "";
        $separator = "\r\n";
        $line = strtok($responseBody, $separator);
-        $response = substr($line, 8) . "\n";
+        $response = substr($line, 8) . $separator;

        while ($line !== false) {
            $line = strtok($separator);
-            $response .= substr($line, 8) . "\n";
+            $response .= substr($line, 8) . $separator;
        }

        return $response;
@@ -217,11 +222,6 @@ class DockerActionManager
            $volumes[] = $volumeEntry;
        }

-        $exposedPorts = [];
-        foreach($container->GetPorts()->GetPorts() as $port) {
-            $exposedPorts[$port] = null;
-        }
-
        $requestBody = [
            'Image' => $this->BuildImageName($container),
        ];
@@ -230,10 +230,22 @@ class DockerActionManager
            $requestBody['HostConfig']['Binds'] = $volumes;
        }

+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
        $envs = $container->GetEnvironmentVariables()->GetVariables();
        foreach($envs as $key => $env) {
-            $patterns = ['/%(.*)%/'];
+            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
+            if (str_starts_with($env, 'extra_params=')) {
+                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
+                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
+                $envs[$key] = $env;
+                continue;
+            }

+            // Original implementation
+            $patterns = ['/%(.*)%/'];

            if(preg_match($patterns[0], $env, $out) === 1) {
                $replacements = array();
@@ -250,6 +262,8 @@ class DockerActionManager
                    $replacements[1] = $this->configurationManager->GetSelectedRestoreTime();
                } elseif ($out[1] === 'APACHE_PORT') {
                    $replacements[1] = $this->configurationManager->GetApachePort();
+                } elseif ($out[1] === 'TALK_PORT') {
+                    $replacements[1] = $this->configurationManager->GetTalkPort();
                } elseif ($out[1] === 'NEXTCLOUD_MOUNT') {
                    $replacements[1] = $this->configurationManager->GetNextcloudMount();
                } elseif ($out[1] === 'BACKUP_RESTORE_PASSWORD') {
@@ -278,8 +292,8 @@ class DockerActionManager
                    } else {
                        $replacements[1] = '';
                    }
-                } elseif ($out[1] === 'DAILY_BACKUP_RUNNING') {
-                    if ($this->configurationManager->isDailyBackupRunning()) {
+                } elseif ($out[1] === 'UPDATE_NEXTCLOUD_APPS') {
+                    if ($this->configurationManager->isDailyBackupRunning() && $this->configurationManager->areAutomaticUpdatesEnabled()) {
                        $replacements[1] = 'yes';
                    } else {
                        $replacements[1] = '';
@@ -290,8 +304,56 @@ class DockerActionManager
                    } else {
                        $replacements[1] = $this->configurationManager->GetTimezone();
                    }
+                } elseif ($out[1] === 'COLLABORA_DICTIONARIES') {
+                    if ($this->configurationManager->GetCollaboraDictionaries() === '') {
+                        $replacements[1] = 'de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru';
+                    } else {
+                        $replacements[1] = $this->configurationManager->GetCollaboraDictionaries();
+                    }
+                } elseif ($out[1] === 'IMAGINARY_ENABLED') {
+                    if ($this->configurationManager->isImaginaryEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'FULLTEXTSEARCH_ENABLED') {
+                    if ($this->configurationManager->isFulltextsearchEnabled()) {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
+                } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
+                } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
+                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
+                } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
+                    if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
+                        $replacements[1] = 'yes';
+                    } else {
+                        $replacements[1] = '';
+                    }
+                } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
+                    $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
+                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
+                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
+                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
+                } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                }

                $envs[$key] = preg_replace($patterns, $replacements, $env);
@@ -303,24 +365,68 @@ class DockerActionManager
        }

        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+ 
+        $exposedPorts = [];
+        if ($container->GetInternalPort() !== 'host') {
+            foreach($container->GetPorts()->GetPorts() as $value) {
+                $portWithProtocol = $value->port . '/' . $value->protocol;
+                $exposedPorts[$portWithProtocol] = null;
+            }
+        } else {
+            $requestBody['HostConfig']['NetworkMode'] = 'host';
+        }

        if(count($exposedPorts) > 0) {
            $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach($container->GetPorts()->GetPorts() as $port) {
-                $portNumber = explode("/", $port);
-                $requestBody['HostConfig']['PortBindings'][$port] = [
+            foreach ($container->GetPorts()->GetPorts() as $value) {
+                $port = $value->port;
+                $ipBinding = $value->ipBinding;
+                $protocol = $value->protocol;
+                $portWithProtocol = $port . '/' . $protocol;
+                $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
                    [
-                    'HostPort' => $portNumber[0],
+                    'HostPort' => $port,
+                    'HostIp' => $ipBinding,
                    ]
                ];
            }
        }

+        $devices = [];
+        foreach($container->GetDevices() as $device) {
+            if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
+                continue;
+            }
+            $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
+        }
+
+        if (count($devices) > 0) {
+            $requestBody['HostConfig']['Devices'] = $devices;
+        }
+
        // Special things for the backup container which should not be exposed in the containers.json
        if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
            $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
-            $requestBody['HostConfig']['Devices'] = [["PathOnHost" => "/dev/fuse", "PathInContainer" => "/dev/fuse", "CgroupPermissions" => "rwm"]];
            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
+            
+            // Additional backup directories
+            $mounts = [];
+            foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
+                if ($additionalBackupDirectories !== '') {
+                    if (!str_starts_with($additionalBackupDirectories, '/')) {
+                        $mounts[] = ["Type" => "volume", "Source" => $additionalBackupDirectories, "Target" => "/docker_volumes/" . $additionalBackupDirectories, "ReadOnly" => true];
+                    } else {
+                        $mounts[] = ["Type" => "bind", "Source" => $additionalBackupDirectories, "Target" => "/host_mounts" . $additionalBackupDirectories, "ReadOnly" => true, "BindOptions" => ["NonRecursive" => true]];
+                    }
+                }
+            }
+            if(count($mounts) > 0) {
+                $requestBody['HostConfig']['Mounts'] = $mounts;
+            }
+        // Special things for the talk container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
        }

        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
@@ -470,7 +576,7 @@ class DockerActionManager
        return true;
    }

-    public function sendNotification(Container $container, string $subject, string $message) : void
+    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
    {
        if ($this->GetContainerStartingState($container) instanceof RunningState) {

@@ -488,7 +594,7 @@ class DockerActionManager
                            'Tty' => true,
                            'Cmd' => [
                                'bash',
-                                '/notify.sh',
+                                $file,
                                $subject,
                                $message
                            ],
@@ -498,7 +604,6 @@ class DockerActionManager
                true
            );

-            // get the id from the response
            $id = $response['Id'];

            // start the exec
@@ -538,8 +643,13 @@ class DockerActionManager
        }
    }

-    private function ConnectContainerIdToNetwork(string $id) : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
    {
+        if ($internalPort === 'host') {
+            return;
+        }
+
+        $network = 'nextcloud-aio';
        $url = $this->BuildApiUrl('networks/create');
        try {
            $this->guzzleClient->request(
@@ -565,7 +675,7 @@ class DockerActionManager
        }

        $url = $this->BuildApiUrl(
-            sprintf('networks/%s/connect', 'nextcloud-aio')
+            sprintf('networks/%s/connect', $network)
        );
        try {
            $this->guzzleClient->request(
@@ -587,12 +697,12 @@ class DockerActionManager

    public function ConnectMasterContainerToNetwork() : void
    {
-        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer');
+        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
    }

    public function ConnectContainerToNetwork(Container $container) : void
    {
-      $this->ConnectContainerIdToNetwork($container->GetIdentifier());
+      $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
    }

    public function StopContainer(Container $container) : void {
@@ -669,4 +779,36 @@ class DockerActionManager
        }
        return false;
    }
+
+    private function GetCreatedTimeOfNextcloudImage() : ?string {
+        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+        try {
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+
+            if (!isset($imageOutput['Created'])) {
+                error_log('Created is not set of image ' . $imageName);
+                return null;
+            }
+
+            return str_replace('T', ' ', $imageOutput['Created']);
+        } catch (\Exception $e) {
+            return null;
+        }
+    }
+
+    public function isNextcloudImageOutdated() : bool {
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+
+        if ($createdTime === null) {
+            return false;
+        }
+
+        // If the image is older than 90 days, it is outdated.
+        if ((time() - (60 * 60 * 24 * 90)) > strtotime($createdTime)) {
+            return true;
+        }
+
+        return false;
+    }
 }
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`* @szaimen @LukasReschke @azul @juliushaertl`