Merge pull request #5935 from nextcloud/aio-helm-update

Helm Chart updates

.github/dependabot.yml

@@ -7,6 +7,9 @@ updates:
     time: "12:00"
   open-pull-requests-limit: 10
   rebase-strategy: "disabled"
+  labels:
+  - 3. to review
+  - dependencies
 - package-ecosystem: composer
   directory: "/php/"
   schedule:

.github/workflows/helm-release.yml

@@ -41,7 +41,7 @@ jobs:
           helm lint ./nextcloud-aio-helm-chart
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         with:
           mark_as_latest: false
           charts_dir: .

Containers/apache/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.8.4-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.62-alpine3.21

Containers/borgbackup/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 RUN set -ex; \
     \

Containers/borgbackup/backupscript.sh

@@ -521,7 +521,7 @@ if [ "$BORG_MODE" = check ]; then
     # Perform the check
     if ! borg check -v --verify-data; then
         echo "Some errors were found while checking the backup integrity!"
-        echo "Check the AIO interface for advices on how to proceed now!"
+        echo "Check the AIO interface for advice on how to proceed now!"
         exit 1
     fi
 

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.1-20
+FROM clamav/clamav:1.4.1-22
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

Containers/collabora/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.11.1.1
+FROM collabora/code:24.04.11.3.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.1-alpine
+FROM haproxy:3.1.2-alpine
 
 # hadolint ignore=DL3002
 USER root

Containers/domaincheck/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.0
+FROM elasticsearch:8.17.1
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.23.4-alpine3.21 AS go
+FROM golang:1.23.5-alpine3.21 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
 RUN set -ex; \
     apk add --no-cache \
@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

Containers/mastercontainer/Dockerfile

@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.4.1-cli AS docker
+FROM docker:27.5.0-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.8.4-alpine AS caddy
+FROM caddy:2.9.1-alpine AS caddy
 
 # From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.15-fpm-alpine3.21
+FROM php:8.3.16-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080

Containers/mastercontainer/start.sh

@@ -283,6 +283,15 @@ if [ "$?" = 6 ]; then
     exit 1
 fi
 
+# Check if auth.docker.io is reachable
+# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
+if ! curl https://auth.docker.io/token | grep -q token; then
+    print_red "Could not reach https://auth.docker.io."
+    echo "Most likely is something blocking access to it."
+    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    exit 1
+fi
+
 # Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
 if [ -n "$TZ" ]; then
     print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"

Containers/nextcloud/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.15-fpm-alpine3.21
+FROM php:8.3.16-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.4
+ENV NEXTCLOUD_VERSION=30.0.5
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -147,7 +147,7 @@ RUN set -ex; \
     \
     { \
         echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379/${REDIS_DB_INDEX}?auth=${REDIS_HOST_PASSWORD}"'; \
+        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
         echo 'redis.session.locking_enabled = 1'; \
         echo 'redis.session.lock_retries = -1'; \
         echo 'redis.session.lock_wait_time = 10000'; \

Containers/nextcloud/config/redis.config.php

@@ -18,4 +18,8 @@ if (getenv('REDIS_HOST')) {
   if (getenv('REDIS_DB_INDEX')) {
     $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
   }
+
+  if (getenv('REDIS_USER_AUTH') !== false) {
+    $CONFIG['redis']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
+  }
 }

Containers/nextcloud/entrypoint.sh

@@ -864,17 +864,20 @@ else
 fi
 
 # Docker socket proxy
+# app_api is a shipped app
+if [ -d "/var/www/html/custom_apps/app_api" ]; then
+    php /var/www/html/occ app:disable app_api
+    rm -r "/var/www/html/custom_apps/app_api"
+fi
 if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-    if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
-        php /var/www/html/occ app:install app_api
-    elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
+    if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
         php /var/www/html/occ app:enable app_api
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update app_api
     fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
-        php /var/www/html/occ app:remove app_api
+    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
+        if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "no" ]; then
+            php /var/www/html/occ app:disable app_api
+        fi
     fi
 fi
 

Containers/notify-push/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/notify-push/start.sh

@@ -62,7 +62,7 @@ fi
 
 # Set sensitive values as env
 export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
 /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \

Containers/talk/Dockerfile

@@ -2,7 +2,7 @@
 FROM nats:2.10.24-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.1 AS signaling
-FROM alpine:3.21.1 AS janus
+FROM alpine:3.21.2 AS janus
 
 ARG JANUS_VERSION=v1.3.0
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

Containers/watchtower/Dockerfile

@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.21.1
+FROM alpine:3.21.2
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \

Containers/whiteboard/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.5
 
 USER root
 RUN set -ex; \

Containers/whiteboard/start.sh

@@ -11,7 +11,7 @@ if [ -z "$REDIS_DB_INDEX" ]; then
     REDIS_DB_INDEX=0
 fi
 
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
+export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
 
 # Run it
 exec npm run server:start

community-containers/caddy/readme.md

@@ -9,6 +9,7 @@ This container bundles caddy and auto-configures it for you. It also covers http
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, make sure that you point `media.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyfin.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap, make sure that you point `ldap.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for lldap.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb, make sure that you point `tables.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for nocodb.
+- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, make sure that you point `requests.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for jellyseerr.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
 - You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack

community-containers/calcardbackup/calcardbackup.json

@@ -0,0 +1,37 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-calcardbackup",
+            "display_name": "Calendar and contacts backup",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/calcardbackup",
+            "image": "waja/calcardbackup",
+            "image_tag": "latest",
+            "restart": "unless-stopped",
+            "environment": [
+                "CRON_TIME=0 0 * * *",
+                "INIT_BACKUP=yes",
+                "BACKUP_DIR=/backup",
+                "NC_DIR=/nextcloud",
+                "NC_HOST=%NC_DOMAIN%",
+                "DB_HOST=nextcloud-aio-database",
+                "DB_PORT=5432",
+                "CALCARD_OPTS=-ltm 5"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_calcardbackup",
+                    "destination": "/backup",
+                    "writeable": true
+                },
+                {
+                    "source": "nextcloud_aio_nextcloud",
+                    "destination": "/nextcloud",
+                    "writeable": false
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_calcardbackup"
+            ]
+        }
+    ]
+}

community-containers/calcardbackup/readme.md

@@ -0,0 +1,15 @@
+## calcardbackup  
+This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
+  
+### Notes  
+- Backups will be created at 00:00 CEST every day. Make sure that this does not conflict with the configured daily backups inside AIO.
+- All the exports will be included in AIOs backup solution
+- You can find the exports in the nextcloud_aio_calcardbackup volume
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack  
+  
+### Repository  
+https://github.com/waja/docker-calcardbackup
+
+### Maintainer
+https://github.com/pailloM
+  

community-containers/fail2ban/fail2ban.json

@@ -25,6 +25,16 @@
                     "source": "nextcloud_aio_vaultwarden_logs",
                     "destination": "/vaultwarden",
                     "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_jellyfin",
+                    "destination": "/jellyfin",
+                    "writeable": false
+                },
+                {
+                    "source": "nextcloud_aio_jellyseerr",
+                    "destination": "/jellyseerr",
+                    "writeable": false
                 }
             ]
         }

community-containers/fail2ban/readme.md

@@ -1,5 +1,5 @@
 ## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
 
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.

community-containers/jellyfin/readme.md

@@ -8,6 +8,7 @@ This container bundles Jellyfin and auto-configures it for you.
 - In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
 - ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
 - If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important!
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
 - The data of Jellyfin will be automatically included in AIO's backup solution!
 - See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
 

community-containers/jellyseerr/jellyseerr.json

@@ -0,0 +1,34 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-jellyseerr",
+            "display_name": "Jellyseerr",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr",
+            "image": "fallenbagel/jellyseerr",
+            "image_tag": "latest",
+            "internal_port": "5055",
+            "restart": "unless-stopped",
+            "ports": [
+                {
+                    "ip_binding": "%APACHE_IP_BINDING%",
+                    "port_number": "5055",
+                    "protocol": "tcp"
+                }
+            ],
+            "environment": [
+                "PORT=5055",
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_jellyseerr",
+                    "destination": "/app/config",
+                    "writeable": true
+                }
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_jellyseerr"
+            ]
+        }
+    ]
+}

community-containers/jellyseerr/readme.md

@@ -0,0 +1,16 @@
+## Jellyseerr
+This container bundles Jellyseerr and auto-configures it for you.
+
+### Notes
+- This container is only intended to be used inside home networks as it uses http for its management page by default.
+- After adding and starting the container, you can directly visit `http://ip.address.of.server:5055` and access your new Jellyseerr instance, which can be used to manage Plex, Jellyfin, and Emby.
+- In order to access your Jellyseerr outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyseerr's reverse proxy documentation.](https://docs.jellyseerr.dev/extending-jellyseerr/reverse-proxy), OR use the Caddy community container that will automatically configure requests.$NC_DOMAIN to redirect to your Jellyseerr.
+- If you want to secure the installation with fail2ban, you might want to check out https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban
+- The config of Jellyseerr will be automatically included in AIO's backup solution!
+- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
+
+### Repository
+https://github.com/Fallenbagel/jellyseerr
+
+### Maintainer
+https://github.com/Anvil5465

community-containers/npmplus/readme.md

@@ -3,7 +3,6 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 
 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
-- You can ignore the NPM configuration of the reverse-proxy.md. The NPMplus fork already contains the changes of the advanced tab.
 - Make sure that no other service is using port `443 (tcp/upd)` or `81 (tcp)` on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep "443\|81"` before installing AIO.
 - Please change the default login data first, after you can read inside the logs that the default config for AIO is created and there are no errors.
 - After the container was started the first time, please check the logs for errors. Then you can open NPMplus on `https://<ip>:81` and change the password. 
@@ -11,7 +10,7 @@ This container contains a fork of the Nginx Proxy Manager, which is a WebUI for
 - If you want to use NPMplus behind a domain and outside localhost just create a new proxy host inside the NPMplus which proxies to `https`, `127.0.0.1` and port `81` - all other settings should be the same as for the AIO host.
 - If you want to set env options from this [compose.yaml](https://github.com/ZoeyVid/NPMplus/blob/develop/compose.yaml), please set them inside the `.env` file which you can find in the `nextcloud_aio_npmplus` volume
 - The data (certs, configs, etc.) of NPMplus will be automatically included in AIOs backup solution!
-- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true
+- **Important:** you always need to enable https for your hosts, since `DISABLE_HTTP` is set to true by default
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository and Documentation

manual-install/readme.md

@@ -6,11 +6,13 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
 - You can run the containers with docker swarm
+- You can run this in environments where access to docker.io is not possible. See [this issue](https://github.com/nextcloud/all-in-one/discussions/5268).
 
 ### Disadvantages
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
+- You lose the built-in [Docker Socket Proxy container](https://github.com/nextcloud/docker-socket-proxy#readme) (needed for [Nextcloud App API](https://github.com/nextcloud/app_api#nextcloud-appapi))
 - You lose all community containers: https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
 - **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine

manual-install/sample.conf

@@ -37,5 +37,5 @@ NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS=yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
-TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
+TALK_PORT=3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.2.0
+version: 10.4.0
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -61,7 +61,21 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: nextcloud/aio-apache:20250106_094420
+          image: nextcloud/aio-apache:20250122_091948
+          readinessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
+          livenessProbe:
+            exec:
+              command:
+                - /healthcheck.sh
+            failureThreshold: 3
+            periodSeconds: 30
+            timeoutSeconds: 30
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20250106_094420
+          image: nextcloud/aio-clamav:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20250106_094420
+          image: nextcloud/aio-collabora:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20250106_094420
+          image: nextcloud/aio-postgresql:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20250106_094420
+          image: nextcloud/aio-fulltextsearch:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20250106_094420
+          image: nextcloud/aio-imaginary:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -180,7 +180,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: nextcloud/aio-nextcloud:20250106_094420
+          image: nextcloud/aio-nextcloud:20250122_091948
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -53,7 +53,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20250106_094420
+          image: nextcloud/aio-notify-push:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20250106_094420
+          image: nextcloud/aio-onlyoffice:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20250106_094420
+          image: nextcloud/aio-redis:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20250106_094420
+          image: nextcloud/aio-talk:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20250106_094420
+          image: nextcloud/aio-talk-recording:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-whiteboard:20250106_094420
+          image: nextcloud/aio-whiteboard:20250122_091948
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/values.yaml

@@ -34,7 +34,7 @@ NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 16G          # This allows to change the upload limit of the Nextcloud container
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
-TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
+TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes

php/composer.lock

@@ -502,16 +502,16 @@
         },
         {
             "name": "php-di/invoker",
-            "version": "2.3.4",
+            "version": "2.3.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/Invoker.git",
-                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86"
+                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/33234b32dafa8eb69202f950a1fc92055ed76a86",
-                "reference": "33234b32dafa8eb69202f950a1fc92055ed76a86",
+                "url": "https://api.github.com/repos/PHP-DI/Invoker/zipball/59f15608528d8a8838d69b422a919fd6b16aa576",
+                "reference": "59f15608528d8a8838d69b422a919fd6b16aa576",
                 "shasum": ""
             },
             "require": {
@@ -545,7 +545,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/Invoker/issues",
-                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.4"
+                "source": "https://github.com/PHP-DI/Invoker/tree/2.3.6"
             },
             "funding": [
                 {
@@ -553,7 +553,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2023-09-08T09:24:21+00:00"
+            "time": "2025-01-17T12:49:27+00:00"
         },
         {
             "name": "php-di/php-di",

php/containers-schema.json

@@ -187,13 +187,6 @@
 							"pattern": "^[a-z-]+$"
 						}
 					},
-					"networks": {
-						"type": "array",
-						"items": {
-							"type": "string",
-							"pattern": "^nextcloud-aio$"
-						}
-					},
 					"read_only": {
 						"type": "boolean"
 					},

php/containers.json

@@ -67,9 +67,6 @@
         "nextcloud_aio_nextcloud",
         "nextcloud_aio_apache"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/log/supervisord",
@@ -130,9 +127,6 @@
         "nextcloud_aio_database",
         "nextcloud_aio_database_dump"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/run/postgresql"
@@ -268,9 +262,6 @@
       "backup_volumes": [
         "nextcloud_aio_nextcloud"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]
@@ -317,9 +308,6 @@
         "POSTGRES_USER=nextcloud"
       ],
       "restart": "unless-stopped",
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
@@ -361,9 +349,6 @@
         "RECORDING_SECRET"
       ],
       "restart": "unless-stopped",
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "cap_drop": [
         "NET_RAW"
@@ -404,9 +389,6 @@
       "profiles": [
         "collabora"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_add": [
         "MKNOD",
         "SYS_ADMIN"
@@ -466,9 +448,6 @@
         "talk",
         "talk-recording"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/log/supervisord",
@@ -526,9 +505,6 @@
         "/dev/dri"
       ],
       "enable_nvidia_gpu": true,
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/conf"
@@ -690,9 +666,6 @@
       "profiles": [
         "clamav"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/var/lock",
@@ -745,9 +718,6 @@
       "profiles": [
         "onlyoffice"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]
@@ -785,9 +755,6 @@
       "profiles": [
         "imaginary"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "read_only": true,
       "tmpfs": [
         "/tmp"
@@ -838,9 +805,6 @@
       "profiles": [
         "fulltextsearch"
       ],
-      "networks": [
-        "nextcloud-aio"
-      ],
       "secrets": [
         "FULLTEXTSEARCH_PASSWORD"
       ],
@@ -910,9 +874,6 @@
         "whiteboard"
       ],
       "read_only": true,
-      "networks": [
-        "nextcloud-aio"
-      ],
       "cap_drop": [
         "NET_RAW"
       ]

php/src/Data/ConfigurationManager.php

@@ -340,9 +340,9 @@ class ConfigurationManager
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work!");
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address of the domain is set to an internal or reserved ip-address. This is not supported by the domain validation. (It was found to be set to '" . $dnsRecordIP . "'). Please set it to a public ip-address so that the domain validation can work or skip the domain validation!");
                 } else {
-                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
+                    error_log("Info: It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }
             }
 

php/templates/containers.twig

@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.3.0</h1>
+            <h1>Nextcloud AIO v10.4.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>

php/templates/includes/optional-containers.twig

@@ -145,7 +145,7 @@
     <input id="options-form-submit" type="submit" value="Save changes" />
     <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
-<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
+<p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true or is_x64_platform == false %}
     <script type="text/javascript" src="disable-clamav.js"></script>
 {% endif %}

readme.md

@@ -429,7 +429,7 @@ Be aware that this solution does not back up files and folders that are mounted
 ---
 
 #### What is getting backed up by AIO's backup solution?
-Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
+Backed up will get all important data of your Nextcloud AIO instance required to restore the instance, like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
 
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!

reverse-proxy.md

@@ -920,5 +920,6 @@ If something does not work, follow the steps below:
 1. If you use Cloudflare, you might need to skip the domain validation anyways since it is known that Cloudflare might block the validation attempts. In that case, see the last option below!
 1. If your reverse proxy is configured to use the host network (as recommended in the above docs) or running on the host, make sure that you've configured your firewall to open port 443 (and 80)!
 1. Check if you have a public IPv4- and public IPv6-address. If you only have a public IPv6-address (e.g. due to DS-Lite), make sure to enable IPv6 in Docker and your whole networking infrastructure (e.g. also by adding an AAAA DNS-entry to your domain)!
+1. [Enable Hairpin NAT in your router](https://github.com/nextcloud/all-in-one/discussions/5849) or [set up a local DNS server and add a custom dns-record](https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally) that allows the server to reach itself locally
 1. Try to configure everything from scratch - if it still does not work by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance.
 1. As last resort, you may disable the domain validation by adding `--env SKIP_DOMAIN_VALIDATION=true` to the docker run command. But only use this if you are completely sure that you've correctly configured everything!