Add container doc

Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
2026-05-22 11:20:13 +00:00 · 2025-03-14 10:04:04 +01:00
97 changed files with 516 additions and 2168 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -5,10 +5,8 @@ labels: 0. Needs triage
 ---

 <!---
- Before submitting a bug report, please read through the documentation available at https://github.com/nextcloud/all-in-one#faq
 - If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
 - For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
-
 --->

 <!--- Please fill out the whole template below -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-    - name: 📘 Documentation on Nextcloud AIO
-      url: https://github.com/nextcloud/all-in-one#faq
-      about: Please read the docs first before submitting any report or request!
    - name: ⛑️ General questions and support
      url: https://help.nextcloud.com/tag/aio
      about: For general questions, support and help
@@ -14,4 +11,4 @@ contact_links:
      about: For questions specifically about AIO
    - name: 💼 Nextcloud Enterprise
      url: https://portal.nextcloud.com/
-      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
+      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,7 +1,7 @@
 version: 2
 updates:
 - package-ecosystem: "github-actions"
-  directory: ".github/workflows"
+  directory: "/"
  schedule:
    interval: "daily"
    time: "12:00"
@@ -22,7 +22,6 @@ updates:
  - dependencies
 - package-ecosystem: "docker"
  directories:
-    - "/Containers/alpine"
    - "/Containers/apache"
    - "/Containers/borgbackup"
    - "/Containers/clamav"
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -14,7 +14,7 @@ jobs:
      - name: Check out code
        uses: actions/checkout@v4
      - name: Check spelling
-        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
+        uses: codespell-project/actions-codespell@v2
        with:
          check_filenames: true
          check_hidden: true
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -8,12 +8,12 @@ on:
 jobs:
  dependency_updates:
    name: Run dependency update script
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+    - uses: shivammathur/setup-php@v2
      with:
-        php-version: 8.4
+        php-version: 8.3
        extensions: apcu
    - name: Run dependency update script
      run: |
@@ -44,7 +44,7 @@ jobs:
        )"
        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@v7
      with:
        commit-message: php dependency updates
        signoff: true
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -16,7 +16,7 @@ jobs:
        uses: actions/checkout@v4

      - name: Turnstyle
-        uses: softprops/turnstyle@f9f8ef3f634144b126a09ea5b3bfe51ddebc700f # v2
+        uses: softprops/turnstyle@v2
        with:
          continue-after-seconds: 180
        env:
@@ -32,7 +32,7 @@ jobs:

      # See https://github.com/helm/chart-releaser-action/issues/6
      - name: Set up Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@v4
        with:
          version: v3.6.3

@@ -41,7 +41,7 @@ jobs:
          helm lint ./nextcloud-aio-helm-chart

      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
+        uses: helm/chart-releaser-action@v1.7.0
        with:
          mark_as_latest: false
          charts_dir: .
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -22,7 +22,7 @@ jobs:
        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@v7
      with:
        commit-message: imaginary-update automated change
        signoff: true
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -16,7 +16,7 @@ jobs:
          fetch-depth: 0

      - name: Install Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4
+        uses: azure/setup-helm@v4
        with:
          version: v3.11.1

--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        php-versions: [ "8.4" ]
+        php-versions: [ "8.3" ]

    name: php-lint

@@ -36,7 +36,7 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
        with:
          php-version: ${{ matrix.php-versions }}
          coverage: none
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5
+      - uses: dessant/lock-threads@v5
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -60,6 +60,12 @@ jobs:
        )"
        sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile

+        # Imagick git-commit-hash from HEAD
+        imagick_commit_hash="$(
+          git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}'
+        )"
+        sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile
+
        # Igbinary
        igbinary_version="$(
          git ls-remote --tags https://github.com/igbinary/igbinary.git \
@@ -79,7 +85,7 @@ jobs:
        fi

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@v7
      with:
        commit-message: nextcloud-update automated change
        signoff: true
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -18,9 +18,9 @@ jobs:
    steps:
      - uses: actions/checkout@v4
      - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.4
+          php-version: 8.3
          extensions: apcu
          coverage: none

--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -1,77 +0,0 @@
-name: Playwright Tests
-
-on:
-  workflow_dispatch:
-
-env:
-  BASE_URL: https://localhost:8080
-
-jobs:
-  test:
-    timeout-minutes: 60
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - uses: actions/setup-node@v4
-        with:
-          node-version: lts/*
-
-      - name: Install dependencies
-        run: cd php/tests && npm ci
-
-      - name: Install Playwright Browsers
-        run: cd php/tests && npx playwright install --with-deps chromium
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker pull ghcr.io/nextcloud-releases/all-in-one:develop
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=true \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
-
-      - name: Run Playwright tests for initial setup
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/initial-setup.spec.js
-
-      - name: Start fresh development server
-        run: |
-          docker rm --force nextcloud-aio-{mastercontainer,apache,notify-push,nextcloud,redis,database,domaincheck,whiteboard,imaginary,talk,collabora,borgbackup} || true
-          docker volume rm nextcloud_aio_{mastercontainer,apache,database,database_dump,nextcloud,nextcloud_data,redis,backup_cache,elasticsearch} || true
-          docker run \
-            -d \
-            --init \
-            --name nextcloud-aio-mastercontainer \
-            --restart always \
-            --publish 8080:8080 \
-            --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-            --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-            --env SKIP_DOMAIN_VALIDATION=false \
-            --env APACHE_PORT=11000 \
-            ghcr.io/nextcloud-releases/all-in-one:develop
-          echo Waiting for 10 seconds for the development container to start ...
-          sleep 10
-
-      - name: Run Playwright tests for backup restore
-        run: cd php/tests && DEBUG=pw:api npx playwright test tests/restore-instance.spec.js
-
-      - uses: actions/upload-artifact@v4
-        if: ${{ !cancelled() }}
-        with:
-          name: playwright-report
-          path: php/tests/playwright-report/
-          retention-days: 14
-          overwrite: true
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -13,9 +13,9 @@ jobs:
      - uses: actions/checkout@v4

      - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.4
+          php-version: 8.3
          extensions: apcu
          coverage: none

@@ -30,7 +30,7 @@ jobs:
        continue-on-error: true

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@v7
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update psalm baseline
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -29,9 +29,9 @@ jobs:
        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

      - name: Set up php
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
        with:
-          php-version: 8.4
+          php-version: 8.3
          extensions: apcu
          coverage: none
          ini-file: development
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -17,7 +17,7 @@ jobs:
    steps:
    - uses: actions/checkout@v4
    - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # v2.0.0
+      uses: ludeeus/action-shellcheck@2.0.0
      with:
        check_together: 'yes'
      env:
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -45,7 +45,7 @@ jobs:
        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
        
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+      uses: peter-evans/create-pull-request@v7
      with:
        commit-message: talk-update automated change
        signoff: true
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -27,9 +27,9 @@ jobs:
        uses: actions/checkout@v4

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@cf4cade2721270509d5b1c766ab3549210a39a2a # v2
+        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.4
+          php-version: 8.3
          extensions: apcu
          coverage: none

--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,16 +14,13 @@ jobs:
        uses: actions/checkout@v4
      - name: update helm chart
        run: |
-          set -x
-          GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
-          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
          export DOCKER_TAG
-          set +x
          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
          fi
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@v7
        with:
          commit-message: Helm Chart updates
          signoff: true
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -16,7 +16,7 @@ jobs:
        run: |
          sudo bash manual-install/update-yaml.sh
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        uses: peter-evans/create-pull-request@v7
        with:
          commit-message: Yaml updates
          signoff: true
--- a/Containers/alpine/Dockerfile
+++ b/Containers/alpine/Dockerfile
@@ -1,5 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.21.3
-
-RUN set -ex; \
-    apk upgrade --no-cache -a
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy

 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.63-alpine3.21
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -191,7 +191,7 @@ if [ "$BORG_MODE" = backup ]; then
    fi

    # Exclude the nextcloud log and audit log for GDPR reasons
-    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/lost+found")
+    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
    BORG_INCLUDE=()

    # Exclude datadir if .noaiobackup file was found
@@ -405,7 +405,6 @@ if [ "$BORG_MODE" = restore ]; then
        --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
        --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
        --exclude "nextcloud_aio_mastercontainer/session/**" \
-        --exclude "nextcloud_aio_nextcloud_data/lost+found" \
        "${ADDITIONAL_RSYNC_EXCLUDES[@]}" \
        /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
            RESTORE_FAILED=1
@@ -460,7 +459,6 @@ if [ "$BORG_MODE" = restore ]; then
                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \
                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \
                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \
-                        -o -path "nextcloud_aio_nextcloud_data/lost+found" \
                        "${ADDITIONAL_FIND_EXCLUDES[@]}" \
                    \) \
                    | LC_ALL=C sort \
--- a/Containers/clamav/supervisord.conf
+++ b/Containers/clamav/supervisord.conf
@@ -13,7 +13,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=freshclam --foreground --stdout --daemon --daemon-notify=/tmp/clamd.conf
+command=freshclam --foreground --stdout --daemon

 [program:clamd]
 stdout_logfile=/dev/stdout
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
-# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:24.04.13.3.1
+# From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
+FROM collabora/code:24.04.12.4.1

 USER root
 ARG DEBIAN_FRONTEND=noninteractive
@@ -10,13 +10,15 @@ RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
+#        # Disable because seems to be failing currently
+#        # tzdata \
        netcat-openbsd \
    ; \
    rm -rf /var/lib/apt/lists/*;

 COPY --chmod=775 healthcheck.sh /healthcheck.sh

-USER 1001
+USER 100

 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.7-alpine
+FROM haproxy:3.1.5-alpine

 # hadolint ignore=DL3002
 USER root
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -4,18 +4,16 @@ global
    maxconn 10

 defaults
-    timeout connect 30s
-    timeout client 30s
-    timeout server 1800s
+    timeout connect 10s
+    timeout client 10s
+    timeout server 10s

 frontend http
    mode http
    bind :::2375 v4v6
    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
    # docker system _ping
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
-    # docker inspect image: GET images/%s/json
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
    # container inspect: GET containers/%s/json
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
    # container inspect: GET containers/%s/logs
@@ -40,19 +38,19 @@ frontend http
    # ACL to deny if there are any binds
    acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
    # ACL to restrict the type of Mounts to volume
-    acl type_not_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[[^\]]*(\"Type\"\s*:\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
+    acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST

-    # ACL to restrict container creation, that it has HostConfig.Privileged(by searching for "Privileged" word in all payload)
-    acl no_privileged_flag req.body -m reg -i "\"Privileged\""
+    # ACL to restrict container creation, that it has HostConfig.Privileged not set
+    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
    # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
-    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*{[^}]*\"Source\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
    # end of container create

    # volume create: POST volumes/create
    # restrict name
-    acl nc_app_volume_data req.body -m reg -i "\"Name\"\s*:\s*\"nc_app_[a-zA-Z0-9_.-]+_data\""
+    acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
    # do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
    acl volume_no_device req.body -m reg -i "\"device\""
    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.18.0
+FROM elasticsearch:8.17.3

 USER root

--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,10 +1,9 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.2-alpine3.21 AS go
+FROM golang:1.24.1-alpine3.21 AS go

 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3

 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache \
        vips-dev \
        vips-magick \
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.1.1-cli AS docker
+FROM docker:28.0.1-cli AS docker

 # Caddy is a requirement
-FROM caddy:2.10.0-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy

-# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.4.6-fpm-alpine3.21
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
+FROM php:8.3.17-fpm-alpine3.21

 EXPOSE 80
 EXPOSE 8080
@@ -66,7 +66,6 @@ RUN set -ex; \
    cd /var/www/docker-aio; \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
-    rm -r ./php/tests; \
    chown www-data:www-data -R /var/www/docker-aio; \
    cd php; \
    sudo -u www-data composer install --no-dev; \
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -20,11 +20,6 @@ APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" |
 if [ -z "$APACHE_PORT" ]; then
    echo "APACHE_PORT is not set which is not expected..."
 else
-    # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
-    # Prevent issues like https://github.com/nextcloud/all-in-one/discussions/5222
-    docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
-
-    # Wait for apache to start
    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
        echo "Waiting for apache to become available"
        sleep 30
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -272,13 +272,23 @@ It is set to '$AIO_COMMUNITY_CONTAINERS'."
    fi
 fi

-# Check if ghcr.io is reachable
-# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
-    print_red "Could not reach https://ghcr.io."
-    echo "Most likely is something blocking access to it."
+# Check DNS resolution
+# Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
+curl https://nextcloud.com &>/dev/null
+if [ "$?" = 6 ]; then
+    print_red "Could not resolve the host nextcloud.com."
+    echo "Most likely the DNS resolving does not work."
    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
-    echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
+    exit 1
+fi
+
+# Check if auth.docker.io is reachable
+# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
+if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
+    print_red "Could not reach https://auth.docker.io."
+    echo "Most likely is something blocking access to it."
+    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
    exit 1
 fi

--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.20-fpm-alpine3.21
+FROM php:8.3.17-fpm-alpine3.21

 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,11 +8,14 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0

 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.10
+ENV NEXTCLOUD_VERSION=30.0.7
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!

+# Define the commit hash for imagick as a variable
+ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
+
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
@@ -81,8 +84,21 @@ RUN set -ex; \
    pecl install -o igbinary-3.2.16; \
    pecl install APCu-5.1.24; \
    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
-    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
-   pecl install -o imagick-3.8.0; \
+    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
+#    pecl install -o imagick-3.7.0; \
+# Begin workaround ->
+# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.
+# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround.
+    apk add --no-cache --virtual .git-build-deps git \
+    && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \
+    && cd /tmp/imagick \
+    && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \
+    && git checkout ${IMAGICK_COMMIT_HASH} \
+    && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \
+    && phpize && ./configure && make && make install; \
+    apk del .git-build-deps; \
+    cd && rm -r /tmp/imagick; \
+# <- End workaround
    \
    docker-php-ext-enable \
        igbinary \
@@ -126,7 +142,7 @@ RUN set -ex; \
        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
        echo 'max_execution_time=${PHP_MAX_TIME}'; \
        echo 'max_input_time=${PHP_MAX_TIME}'; \
-        echo 'default_socket_timeout=${PHP_MAX_TIME}'; \
+        echo 'default_socket_timeout=600'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
    { \
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -33,7 +33,7 @@ while ! nc -z "$REDIS_HOST" "6379"; do
 done

 # Check permissions in ncdata
-touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
    echo "The www-data user doesn't seem to have access rights in the datadir.
 Most likely are the files located on a drive that does not follow linux permissions.
@@ -535,13 +535,6 @@ php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https:
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-if [ -n "$NEXTCLOUD_SKELETON_DIRECTORY" ]; then
-    if [ "$NEXTCLOUD_SKELETON_DIRECTORY" = "empty" ]; then
-        php /var/www/html/occ config:system:set skeletondirectory --value=""
-    else
-        php /var/www/html/occ config:system:set skeletondirectory --value="$NEXTCLOUD_SKELETON_DIRECTORY"
-    fi
-fi
 if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
--- a/Containers/nextcloud/root.motd
+++ b/Containers/nextcloud/root.motd
@@ -1,4 +1,4 @@
 Warning: You have logged in into the Nextcloud container as root user.
 See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
-Apart from that, you can use 'sudo -E -u www-data php occ <your-command>' in order to run occ commands.
+Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
 Of course <your-command> needs to be substituted with the command that you want to use.
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -39,7 +39,5 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-# Restart the netcat command once a day to ensure that it stays reachable
-# See https://github.com/nextcloud/all-in-one/issues/6334
-command=timeout 86400 nc -lk 9001
+command=nc -lk 9001
 user=www-data
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.3.1
+FROM onlyoffice/documentserver:8.3.1.1

 # USER root is probably used

--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.8-alpine
+FROM redis:7.2.7-alpine

 COPY --chmod=775 start.sh /start.sh

--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.3-alpine3.21
+FROM python:3.13.2-alpine3.21

 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.3-scratch AS nats
+FROM nats:2.10.26-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
 FROM alpine:3.21.3 AS janus
@@ -7,7 +7,6 @@ FROM alpine:3.21.3 AS janus
 ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache \
        ca-certificates \
        git \
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,19 +1,14 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.2-alpine3.21 AS go
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        build-base; \
-    go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b;
+# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
+FROM containrrr/watchtower:1.7.1 AS watchtower

 FROM alpine:3.21.3

 RUN set -ex; \
    apk upgrade --no-cache -a; \
-    apk add --no-cache bash ca-certificates tzdata
+    apk add --no-cache bash

-COPY --from=go /go/bin/watchtower /watchtower
+COPY --from=watchtower /watchtower /watchtower

 COPY --chmod=775 start.sh /start.sh

--- a/community-containers/borgbackup-viewer/borgbackup-viewer.json
+++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json
@@ -5,7 +5,7 @@
            "image_tag": "v1",
            "display_name": "Borg Backup Viewer",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/borgbackup-viewer",
-            "image": "ghcr.io/szaimen/aio-borgbackup-viewer",
+            "image": "szaimen/aio-borgbackup-viewer",
            "internal_port": "5801",
            "ports": [
                {
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-caddy",
            "display_name": "Caddy with geoblocking",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
-            "image": "ghcr.io/szaimen/aio-caddy",
+            "image": "szaimen/aio-caddy",
            "image_tag": "v2",
            "internal_port": "443",
            "restart": "unless-stopped",
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-fail2ban",
            "display_name": "Fail2ban",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban",
-            "image": "ghcr.io/szaimen/aio-fail2ban",
+            "image": "szaimen/aio-fail2ban",
            "image_tag": "v1",
            "internal_port": "host",
            "restart": "unless-stopped",
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -4,7 +4,6 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
 - If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

 ### Repository
--- a/community-containers/helloworld/container-definition.md
+++ b/community-containers/helloworld/container-definition.md
@@ -0,0 +1,68 @@
+# AIO Containers Definition Schema
+
+## Required Properties
+
+| Field            | Description                                                                                                                                               |
+|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `image`          | This is the image name of the container. You can use 2 repositories: GitHub Container Registry: `ghcr.io/user/repo` (preferred); Docker Hub: `user/repo`; |
+| `container_name` | This is the name of the container. It must be unique and follow the pattern `nextcloud-aio-<service_name>`.                                               |
+| `image_tag`      | This is the tag of the image. We recommend using the `vX` tag corresponding to major versions of the image.                                               |
+| `display_name`   | The name of the container to be displayed in the UI.                                                                                                      |
+| `documentation`  | Link to the documentation of the container.                                                                                                               |
+
+## Optional Properties
+
+| Field                     | Description                                                                                                                                                           |
+|---------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `expose`                  | TODO                                                                                                                                                                  |
+| `cap_add`                 | See [Docker Capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)                                                     |
+| `cap_drop`                | See [Docker Capabilities](https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities)                                                     |
+| `depends_on`              | List containers should be started before starting this container.                                                                                                     |
+| `environment`             | List of environment variables to be set in the container. See [Docker Environment Variables](https://docs.docker.com/engine/reference/run/#env-environment-variables) |
+| `internal_port`           | TODO                                                                                                                                                                  |
+| `stop_grace_period`       | TODO                                                                                                                                                                  |
+| `user`                    | The user to run the container as. See [Docker User](https://docs.docker.com/engine/reference/run/#user)                                                               |
+| `ports`                   | A list of ports to expose on the container. See [port section](#ports)                                                                                                |
+| `healthcheck`             | The healthcheck configuration for the container. See [healthcheck section](#healthcheck)                                                                              |
+| `aio_variables`           | TODO                                                                                                                                                                  |
+| `restart`                 | The restart policy for the container. See [Docker Restart Policy](https://docs.docker.com/engine/reference/run/#restart-policies---restart)                           |
+| `shm_size`                | TODO                                                                                                                                                                  |
+| `secrets`                 | TODO                                                                                                                                                                  |
+| `ui_secret`               | TODO                                                                                                                                                                  |
+| `devices`                 | TODO                                                                                                                                                                  |
+| `enable_nvidia_gpu`       | TODO                                                                                                                                                                  |
+| `apparmor_unconfined`     | TODO                                                                                                                                                                  |
+| `backup_volumes`          | List of volumes should be included in the AIO backup.                                                                                                                 |
+| `nextcloud_exec_commands` | TODO                                                                                                                                                                  |
+| `profiles`                | TODO                                                                                                                                                                  |
+| `read_only`               | TODO                                                                                                                                                                  |
+| `init`                    | TODO                                                                                                                                                                  |
+| `tmpfs`                   | TODO                                                                                                                                                                  |
+| `volumes`                 | List of volumes to mount in the container. See [volumes section](#volumes)                                                                                            |
+
+### Ports
+
+| Field         | Description                         |
+|---------------|-------------------------------------|
+| `ip_binding`  | The IP address to bind the port to. |
+| `port_number` | The port number to expose.          |
+| `protocol`    | The protocol to use.                |
+
+### Healthcheck
+
+| Field            | Description                                                                  |
+|------------------|------------------------------------------------------------------------------|
+| `interval`       | The time between running the healthcheck.                                    |
+| `timeout`        | The time to wait for the healthcheck to complete.                            |
+| `retries`        | The number of retries to attempt before considering the container unhealthy. |
+| `start_period`   | The time to wait before starting the healthcheck.                            |
+| `start_interval` | The time to wait between retries.                                            |
+| `test`           | The command to run to check the health of the container.                     |
+
+### Volumes
+
+| Field         | Description                                    |
+|---------------|------------------------------------------------|
+| `destination` | The path to mount the volume in the container. |
+| `source`      | The source of the volume.                      |
+| `writeable`   | Whether the volume is writeable.               |
--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-libretranslate",
            "display_name": "LibreTranslate",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
-            "image": "ghcr.io/szaimen/aio-libretranslate",
+            "image": "szaimen/aio-libretranslate",
            "image_tag": "v1",
            "internal_port": "5000",
            "restart": "unless-stopped",
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -1,11 +1,6 @@
 ## LibreTranslate
 This container bundles LibreTranslate and auto-configures it for you.

-> [!WARNING]
-> The LibreTranslate container and app is deprecated!
-> Please use the [translate2 app](https://apps.nextcloud.com/apps/translate2) instead.
-> You can activate it by first enabling the Docker-Socket-Proxy in the AIO-interface and then heading over to `https://your-nc-domain.com/settings/apps/tools` and installing and enabling the `Local Machine Translation` app.
-
 ### Notes
 - After the initial startup is done, you might want to change the default language to translate from and to via:
 ```bash
--- a/community-containers/local-ai/local-ai.json
+++ b/community-containers/local-ai/local-ai.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-local-ai",
            "display_name": "Local AI",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
-            "image": "ghcr.io/szaimen/aio-local-ai",
+            "image": "szaimen/aio-local-ai",
            "image_tag": "v2",
            "internal_port": "8080",
            "restart": "unless-stopped",
--- a/community-containers/readme.md
+++ b/community-containers/readme.md
@@ -7,7 +7,7 @@ All containers that are in this directory are community maintained so the respon
 ## How to use this?
 Before adding any additional container, make sure to create a backup via the AIO interface!

-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
+Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.

 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
--- a/community-containers/scrutiny/scrutiny.json
+++ b/community-containers/scrutiny/scrutiny.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-scrutiny",
            "display_name": "Scrutiny",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/scrutiny",
-            "image": "ghcr.io/szaimen/aio-scrutiny",
+            "image": "szaimen/aio-scrutiny",
            "image_tag": "v1",
            "internal_port": "8000",
            "init": false,
--- a/community-containers/smbserver/smbserver.json
+++ b/community-containers/smbserver/smbserver.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-smbserver",
            "display_name": "SMB-server",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/smbserver",
-            "image": "ghcr.io/szaimen/aio-smbserver",
+            "image": "szaimen/aio-smbserver",
            "image_tag": "v1",
            "internal_port": "5803",
            "restart": "unless-stopped",
--- a/community-containers/stalwart/stalwart.json
+++ b/community-containers/stalwart/stalwart.json
@@ -5,7 +5,7 @@
            "display_name": "Stalwart",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart",
            "image": "ghcr.io/docjyj/aio-stalwart",
-            "image_tag": "v3",
+            "image_tag": "%AIO_CHANNEL%",
            "internal_port": "10003",
            "restart": "unless-stopped",
            "ports": [
--- a/community-containers/vaultwarden/vaultwarden.json
+++ b/community-containers/vaultwarden/vaultwarden.json
@@ -4,7 +4,7 @@
            "container_name": "nextcloud-aio-vaultwarden",
            "display_name": "Vaultwarden",
            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden",
-            "image": "ghcr.io/dani-garcia/vaultwarden",
+            "image": "vaultwarden/server",
            "image_tag": "alpine",
            "internal_port": "8812",
            "restart": "unless-stopped",
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,6 +1,6 @@
 services:
  nextcloud-aio-mastercontainer:
-    image: ghcr.io/nextcloud-releases/all-in-one:latest
+    image: nextcloud/all-in-one:latest
    init: true
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
--- a/develop.md
+++ b/develop.md
@@ -11,7 +11,7 @@ sudo docker run \
 --publish 8443:8443 \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-ghcr.io/nextcloud-releases/all-in-one:develop
+nextcloud/all-in-one:develop
 ```
 And you are done :)
 It will now also select the developer channel for all other containers automatically.
@@ -19,9 +19,6 @@ It will now also select the developer channel for all other containers automatic
 ## How to publish new releases?
 Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.

-## How to update existing instances to a new major Nextcloud version?
-Simply use https://github.com/nextcloud/all-in-one/issues/6198 as template.
-
 ## How to build new containers
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.

@@ -30,8 +27,6 @@ Before testing, make sure that at least the amd64 containers are built successfu

 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.

-Additionally, there are now E2E tests available that can be run via https://github.com/nextcloud/all-in-one/actions/workflows/playwright.yml
-
 ## How to promote builds from develop to beta
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml, click on `Run workflow`.
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -19,7 +19,7 @@ services:
      nextcloud-aio-whiteboard:
        condition: service_started
        required: false
-    image: ghcr.io/nextcloud-releases/aio-apache:latest
+    image: nextcloud/aio-apache:latest
    user: "33"
    init: true
    healthcheck:
@@ -60,7 +60,7 @@ services:
      - NET_RAW

  nextcloud-aio-database:
-    image: ghcr.io/nextcloud-releases/aio-postgresql:latest
+    image: nextcloud/aio-postgresql:latest
    user: "999"
    init: true
    healthcheck:
@@ -110,7 +110,7 @@ services:
      nextcloud-aio-imaginary:
        condition: service_started
        required: false
-    image: ghcr.io/nextcloud-releases/aio-nextcloud:latest
+    image: nextcloud/aio-nextcloud:latest
    init: true
    healthcheck:
      start_period: 0s
@@ -185,7 +185,7 @@ services:
      - NET_RAW

  nextcloud-aio-notify-push:
-    image: ghcr.io/nextcloud-releases/aio-notify-push:latest
+    image: nextcloud/aio-notify-push:latest
    user: "33"
    init: true
    healthcheck:
@@ -216,7 +216,7 @@ services:
      - NET_RAW

  nextcloud-aio-redis:
-    image: ghcr.io/nextcloud-releases/aio-redis:latest
+    image: nextcloud/aio-redis:latest
    user: "999"
    init: true
    healthcheck:
@@ -240,7 +240,7 @@ services:

  nextcloud-aio-collabora:
    command: ${ADDITIONAL_COLLABORA_OPTIONS}
-    image: ghcr.io/nextcloud-releases/aio-collabora:latest
+    image: nextcloud/aio-collabora:latest
    init: true
    healthcheck:
      start_period: 60s
@@ -268,7 +268,7 @@ services:
      - NET_RAW

  nextcloud-aio-talk:
-    image: ghcr.io/nextcloud-releases/aio-talk:latest
+    image: nextcloud/aio-talk:latest
    user: "1000"
    init: true
    healthcheck:
@@ -306,7 +306,7 @@ services:
      - NET_RAW

  nextcloud-aio-talk-recording:
-    image: ghcr.io/nextcloud-releases/aio-talk-recording:latest
+    image: nextcloud/aio-talk-recording:latest
    user: "122"
    init: true
    healthcheck:
@@ -336,12 +336,12 @@ services:
      - NET_RAW

  nextcloud-aio-clamav:
-    image: ghcr.io/nextcloud-releases/aio-clamav:latest
+    image: nextcloud/aio-clamav:latest
    user: "100"
    init: false
    healthcheck:
      start_period: 60s
-      test: /healthcheck.sh
+      test: clamdcheck.sh
      interval: 30s
      timeout: 30s
      start_interval: 5s
@@ -351,6 +351,7 @@ services:
    environment:
      - TZ=${TIMEZONE}
      - MAX_SIZE=${NEXTCLOUD_UPLOAD_LIMIT}
+      - CLAMD_STARTUP_TIMEOUT=90
    volumes:
      - nextcloud_aio_clamav:/var/lib/clamav:rw
    restart: unless-stopped
@@ -358,16 +359,14 @@ services:
      - clamav
    read_only: true
    tmpfs:
-      - /tmp
+      - /var/lock
      - /var/log/clamav
-      - /run/clamav
-      - /var/log/supervisord
-      - /var/run/supervisord
+      - /tmp
    cap_drop:
      - NET_RAW

  nextcloud-aio-onlyoffice:
-    image: ghcr.io/nextcloud-releases/aio-onlyoffice:latest
+    image: nextcloud/aio-onlyoffice:latest
    init: true
    healthcheck:
      start_period: 60s
@@ -392,7 +391,7 @@ services:
      - NET_RAW

  nextcloud-aio-imaginary:
-    image: ghcr.io/nextcloud-releases/aio-imaginary:latest
+    image: nextcloud/aio-imaginary:latest
    user: "65534"
    init: true
    healthcheck:
@@ -419,7 +418,7 @@ services:
      - /tmp

  nextcloud-aio-fulltextsearch:
-    image: ghcr.io/nextcloud-releases/aio-fulltextsearch:latest
+    image: nextcloud/aio-fulltextsearch:latest
    init: false
    healthcheck:
      start_period: 60s
@@ -450,7 +449,7 @@ services:
      - NET_RAW

  nextcloud-aio-whiteboard:
-    image: ghcr.io/nextcloud-releases/aio-whiteboard:latest
+    image: nextcloud/aio-whiteboard:latest
    user: "65534"
    init: true
    healthcheck:
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -35,13 +35,13 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d

 | To change                              | Replace with                                        |
 |----------------------------------------|-----------------------------------------------------|
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
+| `nextcloud/aio-nextcloud:latest`       | `nextcloud/aio-nextcloud:php{version}-latest`       |
+| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` |



- - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+ - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
+ - However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)
 - Using nano and the arrow keys to navigate:
  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
 6. Next, stop and remove the current container: 
@@ -94,8 +94,8 @@ Make **note** of the version which is compatible, rounding down to 1 digit after
 - In this example we would want php 8.1 since anything with 8.2 or above is incompatible

 ##### 5. Find the correct container version
-In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+However, if you are unsure check the docker hub (https://hub.docker.com/r/nextcloud/aio-nextcloud/tags)

 ##### 6. Replace the container
 - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
--- a/multiple-instances.md
+++ b/multiple-instances.md
@@ -149,7 +149,7 @@ apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvi
   --env TALK_PORT=3478 \
   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-   ghcr.io/nextcloud-releases/all-in-one:latest
+   nextcloud/all-in-one:latest
   ```
   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.

--- a/nextcloud-aio-helm-chart/Chart.yaml
+++ b/nextcloud-aio-helm-chart/Chart.yaml
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.13.0
+version: 10.7.0
 apiVersion: v2
 keywords:
  - latest
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -61,7 +61,7 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250424_092733
+          image: nextcloud/aio-apache:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -36,7 +36,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: "alpine:3.20"
          command:
            - mkdir
            - "-p"
@@ -55,15 +55,17 @@ spec:
              {{- end }}
      containers:
        - env:
+            - name: CLAMD_STARTUP_TIMEOUT
+              value: "90"
            - name: MAX_SIZE
              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250424_092733
+          image: nextcloud/aio-clamav:20250306_093458
          readinessProbe:
            exec:
              command:
-                - /healthcheck.sh
+                - clamdcheck.sh
            failureThreshold: 9
            initialDelaySeconds: 60
            periodSeconds: 30
@@ -71,7 +73,7 @@ spec:
          livenessProbe:
            exec:
              command:
-                - /healthcheck.sh
+                - clamdcheck.sh
            failureThreshold: 9
            initialDelaySeconds: 60
            periodSeconds: 30
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -35,7 +35,7 @@ spec:
              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250424_092733
+          image: nextcloud/aio-collabora:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -35,7 +35,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: "alpine:3.20"
          command:
            - mkdir
            - "-p"
@@ -64,7 +64,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250424_092733
+          image: nextcloud/aio-postgresql:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: "alpine:3.20"
          command:
            - chmod
            - "777"
@@ -54,7 +54,7 @@ spec:
              value: basic
            - name: xpack.security.enabled
              value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250424_092733
+          image: nextcloud/aio-fulltextsearch:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -38,7 +38,7 @@ spec:
              value: "{{ .Values.IMAGINARY_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250424_092733
+          image: nextcloud/aio-imaginary:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: "alpine:3.20"
          command:
            - chmod
            - "777"
@@ -80,8 +80,6 @@ spec:
              value: "{{ .Values.SERVERINFO_TOKEN }}"
            - name: NEXTCLOUD_DEFAULT_QUOTA
              value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
-            - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
            - name: NEXTCLOUD_MAINTENANCE_WINDOW
              value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
            - name: ADDITIONAL_APKS
@@ -182,7 +180,7 @@ spec:
              value: "{{ .Values.WHITEBOARD_ENABLED }}"
            - name: WHITEBOARD_SECRET
              value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250424_092733
+          image: nextcloud/aio-nextcloud:20250306_093458
          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
          securityContext:
            # The items below only work in container context
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml
@@ -55,7 +55,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250424_092733
+          image: nextcloud/aio-notify-push:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20250424_092733
+          image: "alpine:3.20"
          command:
            - chmod
            - "777"
@@ -42,7 +42,7 @@ spec:
              value: "{{ .Values.ONLYOFFICE_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250424_092733
+          image: nextcloud/aio-onlyoffice:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -39,7 +39,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250424_092733
+          image: nextcloud/aio-redis:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -52,7 +52,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250424_092733
+          image: nextcloud/aio-talk:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml
@@ -44,7 +44,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250424_092733
+          image: nextcloud/aio-talk-recording:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
+++ b/nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml
@@ -48,7 +48,7 @@ spec:
              value: redis
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250424_092733
+          image: nextcloud/aio-whiteboard:20250306_093458
          readinessProbe:
            exec:
              command:
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
+          image: "alpine:3.20"
          command:
            - chmod
            - "777"
@@ -81,7 +81,7 @@ EOL
 cat << EOL > /tmp/initcontainers.database
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
+          image: "alpine:3.20"
          command:
            - mkdir
            - "-p"
@@ -94,7 +94,7 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
+          image: "alpine:3.20"
          command:
            - mkdir
            - "-p"
@@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
+          image: "alpine:3.20"
          command:
            - chmod
            - "777"
@@ -302,8 +302,6 @@ cat << EOL > /tmp/additional.config
              value: "{{ .Values.SERVERINFO_TOKEN }}"
            - name: NEXTCLOUD_DEFAULT_QUOTA
              value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
-            - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
            - name: NEXTCLOUD_MAINTENANCE_WINDOW
              value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL
@@ -416,7 +414,6 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
-NEXTCLOUD_SKELETON_DIRECTORY:        # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
 NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
@@ -505,7 +502,7 @@ cat << EOL > /tmp/security.conf
          {{- end }} # AIO-config - do not change this comment!
 EOL
 # shellcheck disable=SC1083
-find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/image: .*nextcloud.*aio-nextcloud:.*/r /tmp/security.conf" \{} \; 
+find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/nextcloud\/aio-nextcloud:.*/r /tmp/security.conf" \{} \; 

 chmod 777 -R ./

--- a/nextcloud-aio-helm-chart/values.yaml
+++ b/nextcloud-aio-helm-chart/values.yaml
@@ -60,7 +60,6 @@ APPS_ALLOWLIST:        # This allows to configure allowed apps that will be show
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
-NEXTCLOUD_SKELETON_DIRECTORY:        # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
 NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
--- a/php/README.md
+++ b/php/README.md
@@ -34,7 +34,7 @@ docker run \
 --name nextcloud-aio-mastercontainer \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock \
-ghcr.io/nextcloud-releases/all-in-one:latest
+nextcloud/all-in-one:latest
 ```

 ### 4. Start your server
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
 		}
 	},
 	"require": {
-		"php": "8.4.*",
+		"php": "8.3.*",
 		"ext-json": "*",
 		"ext-sodium": "*",
 		"ext-curl": "*",
@@ -20,7 +20,7 @@
 	},
 	"require-dev": {
 		"sserbin/twig-linter": "@dev",
-		"vimeo/psalm": "^6.0",
+		"vimeo/psalm": "^5.25",
 		"wapmorgan/php-deprecation-detector": "dev-master"
 	},
 	"scripts": {
@@ -33,6 +33,6 @@
 		"psalm:strict": "psalm --threads=1 --show-info=true",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
 		"lint:twig": "twig-linter lint ./templates",
-		"php-deprecation-detector": "phpdd scan -n -t 8.4 src/*.php src/**/*.php public/index.php"
+		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
 	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -9,13 +9,13 @@
 			"items": {
 				"type": "object",
 				"additionalProperties": false,
-				"minProperties": 2,
+				"minProperties": 3,
 				"required": ["image", "container_name", "image_tag"],
 				"properties": {
 					"image": {
 						"type": "string",
 						"minLength": 1,
-						"pattern": "^(ghcr.io/)?[a-z0-9/-]+$"
+						"pattern": "^(ghcr.io/)?[a-z0-9_-]+/[a-z0-9_-]+$"
 					},
 					"expose": {
 						"type": "array",
--- a/php/containers.json
+++ b/php/containers.json
@@ -13,7 +13,7 @@
        "nextcloud-aio-whiteboard"
      ],
      "display_name": "Apache",
-      "image": "ghcr.io/nextcloud-releases/aio-apache",
+      "image": "nextcloud/aio-apache",
      "user": "33",
      "init": true,
      "healthcheck": {
@@ -84,7 +84,7 @@
      "container_name": "nextcloud-aio-database",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Database",
-      "image": "ghcr.io/nextcloud-releases/aio-postgresql",
+      "image": "nextcloud/aio-postgresql",
      "user": "999",
      "init": true,
      "healthcheck": {
@@ -149,7 +149,7 @@
        "nextcloud-aio-docker-socket-proxy"
      ],
      "display_name": "Nextcloud",
-      "image": "ghcr.io/nextcloud-releases/aio-nextcloud",
+      "image": "nextcloud/aio-nextcloud",
      "init": true,
      "healthcheck": {
        "start_period": "0s",
@@ -271,7 +271,7 @@
      "container_name": "nextcloud-aio-notify-push",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Notify Push",
-      "image": "ghcr.io/nextcloud-releases/aio-notify-push",
+      "image": "nextcloud/aio-notify-push",
      "user": "33",
      "init": true,
      "healthcheck": {
@@ -319,7 +319,7 @@
      "container_name": "nextcloud-aio-redis",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Redis",
-      "image": "ghcr.io/nextcloud-releases/aio-redis",
+      "image": "nextcloud/aio-redis",
      "user": "999",
      "init": true,
      "healthcheck": {
@@ -361,7 +361,7 @@
      "image_tag": "%AIO_CHANNEL%",
      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
      "display_name": "Collabora",
-      "image": "ghcr.io/nextcloud-releases/aio-collabora",
+      "image": "nextcloud/aio-collabora",
      "init": true,
      "healthcheck": {
        "start_period": "60s",
@@ -404,7 +404,7 @@
      "image_tag": "%AIO_CHANNEL%",
      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
      "display_name": "Talk",
-      "image": "ghcr.io/nextcloud-releases/aio-talk",
+      "image": "nextcloud/aio-talk",
      "user": "1000",
      "init": true,
      "healthcheck": {
@@ -466,7 +466,7 @@
      "container_name": "nextcloud-aio-talk-recording",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Talk Recording",
-      "image": "ghcr.io/nextcloud-releases/aio-talk-recording",
+      "image": "nextcloud/aio-talk-recording",
      "user": "122",
      "init": true,
      "healthcheck": {
@@ -518,7 +518,7 @@
    {
      "container_name": "nextcloud-aio-borgbackup",
      "image_tag": "%AIO_CHANNEL%",
-      "image": "ghcr.io/nextcloud-releases/aio-borgbackup",
+      "image": "nextcloud/aio-borgbackup",
      "init": true,
      "environment": [
        "BORG_REMOTE_REPO=%BORGBACKUP_REMOTE_REPO%",
@@ -586,7 +586,7 @@
    {
      "container_name": "nextcloud-aio-watchtower",
      "image_tag": "%AIO_CHANNEL%",
-      "image": "ghcr.io/nextcloud-releases/aio-watchtower",
+      "image": "nextcloud/aio-watchtower",
      "init": true,
      "environment": [
        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
@@ -606,7 +606,7 @@
    {
      "container_name": "nextcloud-aio-domaincheck",
      "image_tag": "%AIO_CHANNEL%",
-      "image": "ghcr.io/nextcloud-releases/aio-domaincheck",
+      "image": "nextcloud/aio-domaincheck",
      "init": true,
      "ports": [
        {
@@ -637,7 +637,7 @@
      "container_name": "nextcloud-aio-clamav",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "ClamAV",
-      "image": "ghcr.io/nextcloud-releases/aio-clamav",
+      "image": "nextcloud/aio-clamav",
      "user": "100",
      "init": false,
      "healthcheck": {
@@ -683,7 +683,7 @@
      "container_name": "nextcloud-aio-onlyoffice",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "OnlyOffice",
-      "image": "ghcr.io/nextcloud-releases/aio-onlyoffice",
+      "image": "nextcloud/aio-onlyoffice",
      "init": true,
      "healthcheck": {
        "start_period": "60s",
@@ -729,7 +729,7 @@
      "container_name": "nextcloud-aio-imaginary",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Imaginary",
-      "image": "ghcr.io/nextcloud-releases/aio-imaginary",
+      "image": "nextcloud/aio-imaginary",
      "user": "65534",
      "init": true,
      "healthcheck": {
@@ -771,7 +771,7 @@
      "image_tag": "%AIO_CHANNEL%",
      "documentation": "https://github.com/nextcloud/all-in-one/discussions/1709",
      "display_name": "Fulltextsearch",
-      "image": "ghcr.io/nextcloud-releases/aio-fulltextsearch",
+      "image": "nextcloud/aio-fulltextsearch",
      "init": false,
      "healthcheck": {
        "start_period": "60s",
@@ -819,7 +819,7 @@
      "container_name": "nextcloud-aio-docker-socket-proxy",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Docker Socket Proxy",
-      "image": "ghcr.io/nextcloud-releases/aio-docker-socket-proxy",
+      "image": "nextcloud/aio-docker-socket-proxy",
      "init": true,
      "internal_port": "2375",
      "environment": [
@@ -845,7 +845,7 @@
      "container_name": "nextcloud-aio-whiteboard",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "Whiteboard",
-      "image": "ghcr.io/nextcloud-releases/aio-whiteboard",
+      "image": "nextcloud/aio-whiteboard",
      "user": "65534",
      "init": true,
      "healthcheck": {
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,170 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="6.10.1@f9fd6bc117e9ce1e854c2ed6777e7135aaa4966b">
-  <file src="src/Auth/AuthManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Auth/PasswordGenerator.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[PasswordGenerator]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/AioVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AioVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/Container.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Container]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerEnvironmentVariables.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerEnvironmentVariables]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPort.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPort]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerPorts.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerPorts]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolume.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolume]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Container/ContainerVolumes.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerVolumes]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/ContainerDefinitionFetcher.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ContainerDefinitionFetcher]]></code>
-    </ClassMustBeFinal>
-    <PossiblyFalseArgument>
-      <code><![CDATA[file_get_contents($path)]]></code>
-      <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationController]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Controller/DockerController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerController]]></code>
-    </ClassMustBeFinal>
-    <InvalidOperand>
-      <code><![CDATA[$port]]></code>
-    </InvalidOperand>
-  </file>
-  <file src="src/Controller/LoginController.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[LoginController]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Data/ConfigurationManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ConfigurationManager]]></code>
-    </ClassMustBeFinal>
-    <FalsableReturnStatement>
-      <code><![CDATA[$additionalBackupDirectories]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
-    <PossiblyFalseArgument>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$ch]]></code>
-      <code><![CDATA[$configContent]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$content]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[$dailyBackupFile]]></code>
-      <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Data/DataConst.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DataConst]]></code>
-    </ClassMustBeFinal>
-    <FalsableReturnStatement>
-      <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
-      <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
-    </FalsableReturnStatement>
-    <InvalidFalsableReturnType>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-      <code><![CDATA[string]]></code>
-    </InvalidFalsableReturnType>
-  </file>
-  <file src="src/Data/InvalidSettingConfigurationException.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[InvalidSettingConfigurationException]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Data/Setup.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[Setup]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/DependencyInjection.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DependencyInjection]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerActionManager]]></code>
-    </ClassMustBeFinal>
-    <PossiblyFalseArgument>
-      <code><![CDATA[$line]]></code>
-      <code><![CDATA[$line]]></code>
-    </PossiblyFalseArgument>
-  </file>
-  <file src="src/Docker/DockerHubManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[DockerHubManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Docker/GitHubContainerRegistryManager.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[GitHubContainerRegistryManager]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Middleware/AuthMiddleware.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[AuthMiddleware]]></code>
-    </ClassMustBeFinal>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[ClassExtension]]></code>
-    </ClassMustBeFinal>
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getFunctions() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-  <file src="src/Twig/CsrfExtension.php">
-    <ClassMustBeFinal>
-      <code><![CDATA[CsrfExtension]]></code>
-    </ClassMustBeFinal>
-    <MissingOverrideAttribute>
-      <code><![CDATA[public function getGlobals() : array]]></code>
-    </MissingOverrideAttribute>
-  </file>
-</files>
+<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"/>
--- a/php/psalm.xml
+++ b/php/psalm.xml
@@ -5,7 +5,6 @@
 	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
 	errorBaseline="psalm-baseline.xml"
 	findUnusedBaselineEntry="true"
-	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -41,12 +41,12 @@ readonly class DockerController {
            }
        }

-        // Check if registry is reachable in order to make sure that we do not try to pull an image if it is down
+        // Check if docker hub is reachable in order to make sure that we do not try to pull an image if it is down
        // and try to mitigate issues that are arising due to that
        if ($pullImage) {
-            if (!$this->dockerActionManager->isRegistryReachable($container)) {
+            if (!$this->dockerActionManager->isDockerHubReachable($container)) {
                $pullImage = false;
-                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because the registry does not seem to be reachable.');
+                error_log('Not pulling the ' . $container->GetContainerName() . ' image for the ' . $container->GetIdentifier() . ' container because docker hub does not seem to be reachable.');
            }
        }

--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -900,7 +900,7 @@ class ConfigurationManager
    }

    public function shouldDomainValidationBeSkipped() : bool {
-        if (getenv('SKIP_DOMAIN_VALIDATION') === 'true') {
+        if (getenv('SKIP_DOMAIN_VALIDATION') !== false) {
            return true;
        }
        return false;
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -599,7 +599,7 @@ readonly class DockerActionManager {

    }

-    public function isRegistryReachable(Container $container): bool {
+    public function isDockerHubReachable(Container $container): bool {
        $tag = $container->GetImageTag();
        if ($tag === '%AIO_CHANNEL%') {
            $tag = $this->GetCurrentChannel();
@@ -742,33 +742,6 @@ readonly class DockerActionManager {
        }
    }

-    private function GetCurrentImageName(): string {
-        $cacheKey = 'aio-image-name';
-        $imageName = apcu_fetch($cacheKey);
-        if ($imageName !== false && is_string($imageName)) {
-            return $imageName;
-        }
-
-        $containerName = 'nextcloud-aio-mastercontainer';
-        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-        try {
-            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
-            $imageNameArray = explode(':', $output['Config']['Image']);
-            if (count($imageNameArray) === 2) {
-                $imageName = $imageNameArray[0];
-            } else {
-                error_log("No tag was found when getting the current channel. You probably did not follow the documentation correctly. Changing the imageName to the default " . $output['Config']['Image']);
-                $imageName = $output['Config']['Image'];
-            }
-            apcu_add($cacheKey, $imageName);
-            return $imageName;
-        } catch (\Exception $e) {
-            error_log('Could not get current imageName ' . $e->getMessage());
-        }
-
-        return 'nextcloud/all-in-one';
-    }
-
    public function GetCurrentChannel(): string {
        $cacheKey = 'aio-ChannelName';
        $channelName = apcu_fetch($cacheKey);
@@ -780,6 +753,7 @@ readonly class DockerActionManager {
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
        try {
            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true);
+            $containerChecksum = $output['Image'];
            $tagArray = explode(':', $output['Config']['Image']);
            if (count($tagArray) === 2) {
                $tag = $tagArray[1];
@@ -797,7 +771,7 @@ readonly class DockerActionManager {
    }

    public function IsMastercontainerUpdateAvailable(): bool {
-        $imageName = $this->GetCurrentImageName();
+        $imageName = 'nextcloud/all-in-one';
        $containerName = 'nextcloud-aio-mastercontainer';

        $tag = $this->GetCurrentChannel();
@@ -1030,8 +1004,8 @@ readonly class DockerActionManager {
        return false;
    }

-    private function GetCreatedTimeOfNextcloudImage(string $imageName): ?string {
-        $imageName = $imageName . ':' . $this->GetCurrentChannel();
+    private function GetCreatedTimeOfNextcloudImage(): ?string {
+        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
        try {
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
@@ -1052,11 +1026,7 @@ readonly class DockerActionManager {
    }

    public function isNextcloudImageOutdated(): bool {
-        $createdTime = $this->GetCreatedTimeOfNextcloudImage('ghcr.io/nextcloud-releases/aio-nextcloud');
-
-        if ($createdTime === null) {
-            $createdTime = $this->GetCreatedTimeOfNextcloudImage('nextcloud/aio-nextcloud');
-        }
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage();

        if ($createdTime === null) {
            return false;
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -17,7 +17,7 @@

    <div class="container">
        <main>
-            <h1>Nextcloud AIO v10.14.0</h1>
+            <h1>Nextcloud AIO v10.8.0</h1>

            {# Add 2nd tab warning #}
            <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -60,7 +60,7 @@
            {% endfor %}

            {% if is_daily_backup_running == true %}
-                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Mastercontainer logs</a>) (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup" target="_blank">Borg backup container logs</a>)</p>
+                <p><span class="status running"></span> Daily backup currently running. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer" target="_blank">Logs</a>)</p>
                {% if automatic_updates == true %}
                    <p>This will update your containers, the mastercontainer and, on Saturdays, your Nextcloud apps if the backup is successful.</p>
                    {% if is_mastercontainer_update_available == true %}
@@ -101,12 +101,12 @@
                            {% else %}
                                <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                            {% endif %}
-                            <p>Please type in the domain that will be used for Nextcloud and submit it.</p>
+                            <p>Please type the domain that will be used for Nextcloud.</p>
                            {% if skip_domain_validation == true %}
                                <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                            {% endif %}
                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" id="domain" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
+                                <input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                <input type="submit" value="Submit domain" />
@@ -192,12 +192,12 @@
                                <p>
                                Please enter the location of the backup archive on your host or a
                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
-                                if stored remotely; and the encryption password of the backup archive below and submit all values:
+                                if stored remotely; and the encryption password of the backup archive below:
                                </p>
                                <form method="POST" action="/api/configuration" class="xhr">
-                                    <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
+                                    <label>Local backup location</label> <input type="text" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
                                    <label>Remote borg repo</label> <input type="text" name="borg_restore_remote_repo" value="{{borg_remote_repo}}" placeholder="ssh://user@host:port/path/to/repo"/><br>
-                                    <label>Borg passphrase</label> <input type="text" id="borg_restore_password" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
+                                    <label>Borg passphrase</label> <input type="text" name="borg_restore_password" value="{{borg_restore_password}}" placeholder="encryption password"/><br>
                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                    <input type="submit" value="Submit location and encryption password" />
@@ -241,9 +241,9 @@
                                    <p>Initial Nextcloud username: <strong>admin</strong></p>
                            {% if hasBackupLocation %}
                                {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                                <p>Initial Nextcloud password: <strong id="initial-nextcloud-password">{{ nextcloud_password }}</strong></p></details>
+                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p></details>
                            {% else %}
-                                <p>Initial Nextcloud password: <strong id="initial-nextcloud-password">{{ nextcloud_password }}</strong></p>
+                                <p>Initial Nextcloud password: <strong>{{ nextcloud_password }}</strong></p>
                            {% endif %}
                            <p><a href="https://{{ domain }}" class="button" target="_blank">Open your Nextcloud ↗</a></p>
                            {% if not hasBackupLocation %}
@@ -364,13 +364,13 @@
                        {% else %}
                            {% if is_backup_container_running == false and not hasBackupLocation and isApacheStarting != true %}
                                <h2>Backup and restore</h2>
-                                <p>Please enter the directory path below where backups will be created on the host system and submit it. It's best to choose a location on a separate drive and not on your root drive.</p>
+                                <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
                                <p>
                                To store backups remotely instead, fill in the
-                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
+                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
                                </p>
                                <form method="POST" action="/api/configuration" class="xhr">
-                                    <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
+                                    <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                    <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -408,7 +408,7 @@
                                            To try again, click <strong>Create backup</strong>.
                                            </p>
                                            {% endif %}
-
+                                            
                                            <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                            <form method="POST" action="/api/configuration" class="xhr">
                                                <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -433,7 +433,7 @@
                                        <summary>Click here to reveal all backup options (including an option for automatic updates)</summary>
                                    {% endif %}
                                    <h3>Backup information</h3>
-                                    <p>This is your encryption password for backups: <strong id="borg-backup-password">{{ borgbackup_password }}</strong></p>
+                                    <p>This is your encryption password for backups: <strong>{{ borgbackup_password }}</strong></p>
                                    <p>Please save this password in a safe place. You won't be able to restore from backup if you lose this password!</p>
                                    <p>All important data from your Nextcloud AIO instance such as the database, your files and the mastercontainer's configuration files, will be backed up.</p>
                                    <p>The backup uses a tool called <a target="_blank" href="https://github.com/borgbackup/borg#what-is-borgbackup"><strong>BorgBackup</strong></a>, a well-known server backup tool that efficiently backs up your files and encrypts them on the fly.</p>
@@ -507,12 +507,12 @@

                                            <h3>Daily backup and automatic updates</h3>
                                            {% if daily_backup_time == "" %}
-                                                <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
+                                                <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
                                                <form method="POST" action="/api/configuration" class="xhr">
-                                                    <input type="text" name="daily_backup_time" placeholder="04:00"/>
+                                                    <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Submit daily backup time and settings" /><br>
+                                                    <input type="submit" value="Submit backup time" /><br>
                                                    <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
                                                    <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
                                                </form>
@@ -526,12 +526,12 @@
                                                    <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Disable or change daily backup settings" />
+                                                    <input type="submit" value="Disable or change daily backups" />
                                                </form>
                                            {% endif %}

                                            <h3>Back up additional directories and docker volumes of your host</h3>
-                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.</p>
+                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
                                            <form method="POST" action="/api/configuration" class="xhr">
                                                <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -584,7 +584,7 @@
                        {% else %}
                            {% if timezone == "" %}
                                <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
-                                <p>You can configure the timezone for Nextcloud below (Do not forget to submit the value!):</p>
+                                <p>You can configure the timezone for Nextcloud below:</p>
                                <form method="POST" action="/api/configuration" class="xhr">
                                    <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
--- a/php/templates/includes/aio-config.twig
+++ b/php/templates/includes/aio-config.twig
@@ -16,7 +16,7 @@

    <p>
        {% if nextcloud_mount == '' %}
-            The Nextcloud container is confined and local external storage in Nextcloud is disabled.
+            The Nextcloud container is confied and local external storage in Nextcloud is disabled.
        {% else %}
            The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
        {% endif %}
--- a/php/templates/includes/optional-containers.twig
+++ b/php/templates/includes/optional-containers.twig
@@ -184,14 +184,14 @@

    {% if collabora_additional_options == "" %}
        <p>You can configure additional options for collabora below.</p>
-        <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
+        <p>(This can be used for configuring the net.content_security_policy and more)</p>
        <form method="POST" action="/api/configuration" class="xhr">
            <input type="text" name="collabora_additional_options" />
            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
            <input type="submit" value="Submit additional collabora options" />
        </form>
-        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
+        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy="frame-ancestors *.example.com:*;"</strong>.</p>
    {% else %}
        <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
        <form method="POST" action="/api/configuration" class="xhr">
--- a/php/templates/setup.twig
+++ b/php/templates/setup.twig
@@ -10,7 +10,7 @@
        <h1>All-in-One setup</h1>
        <p>The official Nextcloud installation method. Nextcloud All-in-One provides easy deployment and maintenance with most features included in this one Nextcloud instance.</p>
        <p>⚠️ <strong>Please note down the passphrase to access the AIO interface and don't lose it!</strong></p>
-        <strong>Passphrase</strong><br/><span id="initial-password" class="monospace">{{ password }}</span><br>
+        <strong>Passphrase</strong><br/><span class="monospace">{{ password }}</span><br>
        <a href="/" class="button" target="_blank">Open Nextcloud AIO login ↗</a>
    </div>
 {% endblock %}
--- a/php/tests/.gitignore
+++ b/php/tests/.gitignore
@@ -1,7 +0,0 @@
-
-# Playwright
-node_modules/
-/test-results/
-/playwright-report/
-/blob-report/
-/playwright/.cache/
--- a/php/tests/package-lock.json
+++ b/php/tests/package-lock.json
@@ -1,97 +0,0 @@
-{
-  "name": "e2e",
-  "version": "1.0.0",
-  "lockfileVersion": 3,
-  "requires": true,
-  "packages": {
-    "": {
-      "name": "e2e",
-      "version": "1.0.0",
-      "license": "ISC",
-      "devDependencies": {
-        "@playwright/test": "^1.51.1",
-        "@types/node": "^22.13.10"
-      }
-    },
-    "node_modules/@playwright/test": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.51.1.tgz",
-      "integrity": "sha512-nM+kEaTSAoVlXmMPH10017vn3FSiFqr/bh4fKg9vmAdMfd9SDqRZNvPSiAHADc/itWak+qPvMPZQOPwCBW7k7Q==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "playwright": "1.51.1"
-      },
-      "bin": {
-        "playwright": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@types/node": {
-      "version": "22.13.10",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.10.tgz",
-      "integrity": "sha512-I6LPUvlRH+O6VRUqYOcMudhaIdUVWfsjnZavnsraHvpBwaEyMN29ry+0UVJhImYL16xsscu0aske3yA+uPOWfw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "undici-types": "~6.20.0"
-      }
-    },
-    "node_modules/fsevents": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
-      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
-      "dev": true,
-      "hasInstallScript": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
-      }
-    },
-    "node_modules/playwright": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.51.1.tgz",
-      "integrity": "sha512-kkx+MB2KQRkyxjYPc3a0wLZZoDczmppyGJIvQ43l+aZihkaVvmu/21kiyaHeHjiFxjxNNFnUncKmcGIyOojsaw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "playwright-core": "1.51.1"
-      },
-      "bin": {
-        "playwright": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "optionalDependencies": {
-        "fsevents": "2.3.2"
-      }
-    },
-    "node_modules/playwright-core": {
-      "version": "1.51.1",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.51.1.tgz",
-      "integrity": "sha512-/crRMj8+j/Nq5s8QcvegseuyeZPxpQCZb6HNk3Sos3BlZyAknRjoyJPFWkpNn8v0+P3WiwqFF8P+zQo4eqiNuw==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "bin": {
-        "playwright-core": "cli.js"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/undici-types": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.20.0.tgz",
-      "integrity": "sha512-Ny6QZ2Nju20vw1SRHe3d9jVu6gJ+4e3+MMpqu7pqE5HT6WsTSlce++GQmK5UXS8mzV8DSYHrQH+Xrf2jVcuKNg==",
-      "dev": true,
-      "license": "MIT"
-    }
-  }
-}
--- a/php/tests/package.json
+++ b/php/tests/package.json
@@ -1,8 +0,0 @@
-{
-  "name": "nextcloud-aio-mastercontainer-tests",
-  "version": "1.0.0",
-  "license": "AGPL-3.0-or-later",
-  "devDependencies": {
-    "@playwright/test": "^1.51.1"
-  }
-}
--- a/php/tests/playwright.config.js
+++ b/php/tests/playwright.config.js
@@ -1,29 +0,0 @@
-import { defineConfig, devices } from '@playwright/test'
-
-/**
- * @see https://playwright.dev/docs/test-configuration
- */
-export default defineConfig({
-  testDir: './tests',
-  fullyParallel: false,
-  forbidOnly: !!process.env.CI,
-  retries: 0,
-  workers: 1,
-  reporter: [
-    ['list'],
-    ['html'],
-  ],
-  use: {
-    baseURL: process.env.BASE_URL ?? 'http://localhost:8080',
-    trace: 'on',
-  },
-  projects: [
-    {
-      name: 'chromium',
-      use: {
-        ...devices['Desktop Chrome'],
-        ignoreHTTPSErrors: true,
-      },
-    },
-  ],
-})
--- a/php/tests/tests/initial-setup.spec.js
+++ b/php/tests/tests/initial-setup.spec.js
@@ -1,96 +0,0 @@
-import { test, expect } from '@playwright/test';
-import { writeFileSync } from 'node:fs'
-
-test('Initial setup', async ({ page: setupPage }) => {
-  test.setTimeout(10 * 60 * 1000)
-
-  // Extract initial password
-  await setupPage.goto('./setup');
-  const password = await setupPage.locator('#initial-password').innerText()
-  const containersPagePromise = setupPage.waitForEvent('popup');
-  await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click();
-  const containersPage = await containersPagePromise;
-
-  // Log in and wait for redirect
-  await containersPage.locator('#master-password').click();
-  await containersPage.locator('#master-password').fill(password);
-  await containersPage.getByRole('button', { name: 'Log in' }).click();
-  await containersPage.waitForURL('./containers');
-
-  // Reject IP addresses
-  await containersPage.locator('#domain').click();
-  await containersPage.locator('#domain').fill('1.1.1.1');
-  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
-  await expect(containersPage.locator('body')).toContainText('Please enter a domain and not an IP-address!');
-
-  // Accept example.com (requires disabled domain validation)
-  await containersPage.locator('#domain').click();
-  await containersPage.locator('#domain').fill('example.com');
-  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
-
-  // Disable all additional containers
-  await containersPage.locator('#talk').uncheck();
-  await containersPage.getByRole('checkbox', { name: 'Whiteboard' }).uncheck();
-  await containersPage.getByRole('checkbox', { name: 'Imaginary' }).uncheck();
-  await containersPage.getByRole('checkbox', { name: 'Collabora' }).uncheck();
-  await containersPage.getByRole('button', { name: 'Save changes' }).click();
-  await expect(containersPage.locator('#talk')).not.toBeChecked()
-  await expect(containersPage.getByRole('checkbox', { name: 'Whiteboard' })).not.toBeChecked()
-  await expect(containersPage.getByRole('checkbox', { name: 'Imaginary' })).not.toBeChecked()
-  await expect(containersPage.getByRole('checkbox', { name: 'Collabora' })).not.toBeChecked()
-
-  // Reject invalid time zones
-  await containersPage.locator('#timezone').click();
-  await containersPage.locator('#timezone').fill('Invalid time zone');
-  containersPage.once('dialog', dialog => {
-    console.log(`Dialog message: ${dialog.message()}`)
-    dialog.accept()
-  });
-  await containersPage.getByRole('button', { name: 'Submit timezone' }).click();
-  await expect(containersPage.locator('body')).toContainText('The entered timezone does not seem to be a valid timezone!')
-
-  // Accept valid time zone
-  await containersPage.locator('#timezone').click();
-  await containersPage.locator('#timezone').fill('Europe/Berlin');
-  containersPage.once('dialog', dialog => {
-    console.log(`Dialog message: ${dialog.message()}`)
-    dialog.accept()
-  });
-  await containersPage.getByRole('button', { name: 'Submit timezone' }).click();
-
-  // Start containers and wait for starting message
-  await containersPage.getByRole('button', { name: 'Download and start containers' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Containers are currently starting.', { timeout: 3 * 60 * 1000 });
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 2 * 60 * 1000 });
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toHaveAttribute('href', 'https://example.com');
-
-  // Extract initial nextcloud password
-  await expect(containersPage.getByRole('main')).toContainText('Initial Nextcloud password:')
-  const initialNextcloudPassword = await containersPage.locator('#initial-nextcloud-password').innerText();
-
-  // Set backup location and create backup
-  const borgBackupLocation = `/mnt/test/aio-${Math.floor(Math.random() * 2147483647)}`
-  await containersPage.locator('#borg_backup_host_location').click();
-  await containersPage.locator('#borg_backup_host_location').fill(borgBackupLocation);
-  await containersPage.getByRole('button', { name: 'Submit backup location' }).click();
-  containersPage.once('dialog', dialog => {
-    console.log(`Dialog message: ${dialog.message()}`)
-    dialog.accept()
-  });
-  await containersPage.getByRole('button', { name: 'Create backup' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 3 * 60 * 1000 });
-  await expect(containersPage.getByRole('main')).toContainText('Last backup successful on', { timeout: 3 * 60 * 1000 });
-  await containersPage.getByText('Click here to reveal all backup options').click();
-  await expect(containersPage.locator('#borg-backup-password')).toBeVisible();
-  const borgBackupPassword = await containersPage.locator('#borg-backup-password').innerText();
-
-  // Assert that all containers are stopped
-  await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible();
-
-  // Save passwords for restore backup test
-  writeFileSync('test_data.json', JSON.stringify({
-    initialNextcloudPassword,
-    borgBackupLocation,
-    borgBackupPassword,
-  }))
-});
--- a/php/tests/tests/restore-instance.spec.js
+++ b/php/tests/tests/restore-instance.spec.js
@@ -1,79 +0,0 @@
-import { test, expect } from '@playwright/test';
-import { readFileSync } from 'node:fs';
-
-test('Restore instance', async ({ page: setupPage }) => {
-  test.setTimeout(10 * 60 * 1000)
-
-  // Load passwords from previous test
-  const {
-    initialNextcloudPassword,
-    borgBackupLocation,
-    borgBackupPassword,
-  } = JSON.parse(readFileSync('test_data.json'))
-
-  // Extract initial password
-  await setupPage.goto('./setup');
-  const password = await setupPage.locator('#initial-password').innerText()
-  const containersPagePromise = setupPage.waitForEvent('popup');
-  await setupPage.getByRole('link', { name: 'Open Nextcloud AIO login ↗' }).click();
-  const containersPage = await containersPagePromise;
-
-  // Log in and wait for redirect
-  await containersPage.locator('#master-password').click();
-  await containersPage.locator('#master-password').fill(password);
-  await containersPage.getByRole('button', { name: 'Log in' }).click();
-  await containersPage.waitForURL('./containers');
-
-  // Reject example.com (requires enabled domain validation)
-  await containersPage.locator('#domain').click();
-  await containersPage.locator('#domain').fill('example.com');
-  await containersPage.getByRole('button', { name: 'Submit domain' }).click();
-  await expect(containersPage.locator('body')).toContainText('Domain does not point to this server or the reverse proxy is not configured correctly.');
-
-  // Reject invalid backup location
-  await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill('/mnt/test/aio-incorrect-path');
-  await containersPage.locator('#borg_restore_password').click();
-  await containersPage.locator('#borg_restore_password').fill(borgBackupPassword);
-  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
-  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 });
-
-  // Reject invalid backup password
-  await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation);
-  await containersPage.locator('#borg_restore_password').click();
-  await containersPage.locator('#borg_restore_password').fill('foobar');
-  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
-  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Last test failed!', { timeout: 60 * 1000 });
-
-  // Accept correct backup location and password
-  await containersPage.locator('#borg_restore_host_location').click();
-  await containersPage.locator('#borg_restore_host_location').fill(borgBackupLocation);
-  await containersPage.locator('#borg_restore_password').click();
-  await containersPage.locator('#borg_restore_password').fill(borgBackupPassword);
-  await containersPage.getByRole('button', { name: 'Submit location and encryption password' }).click()
-  await containersPage.getByRole('button', { name: 'Test path and encryption' }).click();
-
-  // Check integrity and restore backup
-  await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
-  await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 });
-
-  // Verify a successful backup restore
-  await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 });
-  await expect(containersPage.getByRole('main')).toContainText('⚠️ Container updates are available. Click on Stop containers and Start and update containers to update them. You should consider creating a backup first.');
-  containersPage.once('dialog', dialog => {
-    console.log(`Dialog message: ${dialog.message()}`)
-    dialog.accept()
-  });
-  await containersPage.getByRole('button', { name: 'Start and update containers' }).click();
-  await expect(containersPage.getByRole('link', { name: 'Open your Nextcloud ↗' })).toBeVisible({ timeout: 5 * 60 * 1000 });
-  await expect(containersPage.getByRole('main')).toContainText(initialNextcloudPassword);
-
-  // Verify that containers are all stopped
-  await containersPage.getByRole('button', { name: 'Stop containers' }).click();
-  await expect(containersPage.getByRole('button', { name: 'Start containers' })).toBeVisible({ timeout: 60 * 1000 });
-});
--- a/readme.md
+++ b/readme.md
@@ -111,7 +111,7 @@ curl -fsSL https://get.docker.com | sudo sh
    --publish 8443:8443 \
    --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-    ghcr.io/nextcloud-releases/all-in-one:latest
+    nextcloud/all-in-one:latest
    ```
    <details>
    <summary>Explanation of the command</summary>
@@ -126,7 +126,7 @@ curl -fsSL https://get.docker.com | sudo sh
    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a web server or reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
-    - `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
+    - `nextcloud/all-in-one:latest` This is the docker container image that is used.
    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
    </details>

@@ -331,7 +331,7 @@ Now that this is out of the way, the recommended way how to access Nextcloud loc
 Apart from that there is now a community container that can be added to the AIO stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers/pi-hole

 ### How to skip the domain validation?
-If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).

 ### How to resolve firewall problems with Fedora Linux, RHEL OS, CentOS, SUSE Linux and others?
 It is known that Linux distros that use [firewalld](https://firewalld.org) as their firewall daemon have problems with docker networks. In case the containers are not able to communicate with each other, you may change your firewalld to use the iptables backend by running:
@@ -344,7 +344,7 @@ Afterwards it should work.<br>
 See https://dev.to/ozorest/fedora-32-how-to-solve-docker-internal-network-issue-22me for more details on this. This limitation is even mentioned on the official firewalld website: https://firewalld.org/#who-is-using-it

 ### What can I do to fix the internal or reserved ip-address error?
-If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
+If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.

 ## Infrastructure

@@ -377,7 +377,7 @@ Yes. If SELinux is enabled, you might need to add the `--security-opt label:disa
 > [!WARNING]  
 > Do not set or adjust this value after the initial Nextcloud installation is done! If you still want to do it afterwards, see [this](https://github.com/nextcloud/all-in-one/discussions/890#discussioncomment-3089903) on how to do it.

-You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.
+You can configure the Nextcloud container to use a specific directory on your host as data directory. You can do so by adding the environmental variable `NEXTCLOUD_DATADIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`. The chosen directory or volume will then be mounted to `/mnt/ncdata` inside the container.

 - An example for Linux is `--env NEXTCLOUD_DATADIR="/mnt/ncdata"`. ⚠️ Please note: If you should be using an external BTRFS drive that is mounted to `/mnt/ncdata`, make sure to choose a subfolder like e.g. `/mnt/ncdata/nextcloud` as datadir, since the root folder is not suited as datadir in that case. See https://github.com/nextcloud/all-in-one/discussions/2696.
 - On macOS it might be `--env NEXTCLOUD_DATADIR="/var/nextcloud-data"`
@@ -408,7 +408,7 @@ You can move the whole docker library and all its files including all Nextcloud
 This should solve the problem.

 ### How to allow the Nextcloud container to access directories on the host?
-By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.
+By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). Allowed values for that variable are strings that start with `/` and are not equal to `/`.

 - Two examples for Linux are `--env NEXTCLOUD_MOUNT="/mnt/"` and `--env NEXTCLOUD_MOUNT="/media/"`.
 - On macOS it might be `--env NEXTCLOUD_MOUNT="/Volumes/your_drive/"`
@@ -425,29 +425,29 @@ Be aware though that these locations will not be covered by the built-in backup
 > If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.

 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. This should be set to something higher than 1024! You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517

 ### How to adjust the upload limit for Nextcloud?
-By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.
+By default, public uploads to Nextcloud are limited to a max of 16G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients, since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=16G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `16G`.

 ### How to adjust the max execution time for Nextcloud?
-By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.
+By default, uploads to Nextcloud are limited to a max of 3600s. You can adjust the upload time limit by providing `--env NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a number e.g. `3600`.

 ### How to adjust the PHP memory limit for Nextcloud?
-By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+By default, each PHP process in the Nextcloud container is limited to a max of 512 MB. You can adjust the memory limit by providing `--env NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.

 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.

 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 

-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.21. By default `imagemagick` is added. If you want to keep it, you need to specify it as well.

 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project quickly unmaintainable - there is an official way in which you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default `imagick` is added. If you want to keep it, you need to specify it as well.

 ### What about the pdlib PHP extension for the facerecognition app?
 The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can use [this community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition) in order to run facerecognition.
@@ -464,7 +464,7 @@ A list of supported device can be fond in [MESA 3D documentation](https://docs.m

 This method use the [Direct Rendering Infrastructure](https://dri.freedesktop.org/wiki/) with the access to the `/dev/dri` device.

-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container.


 #### With proprietary drivers for Nvidia :warning: BETA
@@ -476,22 +476,19 @@ In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` t

 This method use the [Nvidia Container Toolkit](https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/index.html) with the nvidia runtime.

-In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.
+In order to use that, you need to add `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will enable the nvidia runtime.

 If you're using WSL2 and want to use the NVIDIA runtime, please follow the instructions to [install the NVIDIA Container Toolkit meta-version in WSL](https://docs.nvidia.com/cuda/wsl-user-guide/index.html#cuda-support-for-wsl-2).

 ### How to keep disabled apps?
-In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
+In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). 
 > [!WARNING]  
 > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.

 ### How to trust user-defined Certification Authorities (CA)?
-> [!NOTE]
-> Please note, that this feature is only intended to make LDAPS connections with self-signed certificates work. It will not make other interconnectivity between the different containers work, as they expect a valid publicly trusted certificate like one from Let's Encrypt.
-
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.

-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.

 When using `docker run`, the environmental variable can be set with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.

@@ -524,7 +521,7 @@ docker run ^
 --publish 8443:8443 ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
-ghcr.io/nextcloud-releases/all-in-one:latest
+nextcloud/all-in-one:latest
 ```

 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -533,7 +530,7 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 > Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not available on Windows, you simply remove `sudo` from the commands and they should work.  

 ### How to run AIO on Synology DSM
-On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
+On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.

 > [!NOTE]  
 > It is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
@@ -579,7 +576,7 @@ See [multiple-instances.md](./multiple-instances.md) for some documentation on t
 Nextcloud features a built-in bruteforce protection which may get triggered and will block an ip-address or disable a user. You can unblock an ip-address by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:bruteforce:reset <ip-address>` and enable a disabled user by running `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ user:enable <name of user>`. See https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/occ_command.html#security for further information.

 ### How to switch the channel?
-You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `ghcr.io/nextcloud-releases/all-in-one:latest` to `ghcr.io/nextcloud-releases/all-in-one:beta` and vice versa.
+You can switch to a different channel like e.g. the beta channel or from the beta channel back to the latest channel by stopping the mastercontainer, removing it (no data will be lost) and recreating the container using the same command that you used initially to create the mastercontainer. You simply need to change the last line `nextcloud/all-in-one:latest` to `nextcloud/all-in-one:beta` and vice versa.

 ### How to update the containers?
 If we push new containers to `latest`, you will see in the AIO interface below the `containers` section that new container updates were found. In this case, just press `Stop containers` and `Start and update containers` in order to update the containers. The mastercontainer has its own update procedure though. See below. And don't forget to back up the current state of your instance using the built-in backup solution before starting the containers again! Otherwise you won't be able to restore your instance easily if something should break during the update. 
@@ -667,7 +664,7 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).

 ### How to adjust the version retention policy and trashbin retention policy?
-By default, AIO sets the `versions_retention_obligation` and `trashbin_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.

 ### How to enable automatic updates without creating a backup beforehand?
 If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
@@ -788,7 +785,7 @@ Be aware that this solution does not back up files and folders that are mounted
 Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).

 ### How to adjust borgs retention policy?
-The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!

 ### How to migrate from AIO to AIO?
 If you have the borg backup feature enabled, you can copy it over to the new host and restore from the backup. This guide assumes the new installation data dir will be on `/mnt/datadir`, you can adjust the steps if it's elsewhere.
@@ -1040,7 +1037,7 @@ One example for this would be `sudo docker exec -it --env DAILY_BACKUP=1 nextclo
 > None of the option returns error codes. So you need to check for the correct result yourself.

 ### How to disable the backup section?
-If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).
+If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `--env AIO_DISABLE_BACKUP_SECTION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used).

 ## Addons

--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -26,7 +26,7 @@ sudo docker run \
 --env SKIP_DOMAIN_VALIDATION=false \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-ghcr.io/nextcloud-releases/all-in-one:latest
+nextcloud/all-in-one:latest
 ```

 <details>
@@ -45,7 +45,7 @@ ghcr.io/nextcloud-releases/all-in-one:latest
 - `--env SKIP_DOMAIN_VALIDATION=false` This can be set to `true` if the domain validation does not work and you are sure that you configured everything correctly after you followed [the debug documentation](#6-how-to-debug-things).
 - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
 - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
- `ghcr.io/nextcloud-releases/all-in-one:latest` This is the docker container image that is used.
+- `nextcloud/all-in-one:latest` This is the docker container image that is used.
 - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml

 </details>
@@ -139,9 +139,8 @@ Add this as a new Apache site config:
    RequestHeader set X-Real-IP %{REMOTE_ADDR}s
    AllowEncodedSlashes NoDecode
    
-    # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
-    ProxyPass / http://localhost:11000/ nocanon
-    ProxyPassReverse / http://localhost:11000/
+    ProxyPass / http://localhost:11000/ nocanon # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
    
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
@@ -232,22 +231,12 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.

    You also need to adjust `<provider>` and `<key>` to match your case.

-1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened).
+1. Now continue with [point 2](#2-use-this-startup-command) but additionally, add `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`) which will disable the domain validation (because it is known that the domain validation will not work when using the DNS-challenge since no port is publicly opened).

 **Advice:** In order to make it work in your home network, you may add the internal ipv4-address of your reverse proxy as A DNS-record to your domain and disable the dns-rebind-protection in your router. Another way it to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally). If both is not possible, you may add the domain to the hosts file which is needed then for any devices that shall use the server.

 </details>

-### OpenLiteSpeed
-
-<details>
-
-<summary>click here to expand</summary>
-
-You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https://github.com/nextcloud/all-in-one/discussions/6370
-
-</details>
-
 ### Citrix ADC VPX / Citrix Netscaler

 <details>
@@ -856,7 +845,7 @@ sudo docker run \
 --env SKIP_DOMAIN_VALIDATION=false \
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
 --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-ghcr.io/nextcloud-releases/all-in-one:latest
+nextcloud/all-in-one:latest
 ```

 Note: you may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -884,7 +873,7 @@ docker run ^
 --env SKIP_DOMAIN_VALIDATION=false ^
 --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config ^
 --volume //var/run/docker.sock:/var/run/docker.sock:ro ^
-ghcr.io/nextcloud-releases/all-in-one:latest
+nextcloud/all-in-one:latest
 ```

 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.