only check for exit code 81

Signed-off-by: Simon L. <szaimen@e.mail.de>
aio-interface: handle SSH key authorization error explicitly in remote backup setup
2026-06-10 00:27:01 +00:00 · 2026-06-09 15:56:34 +02:00 · 2026-05-21 12:19:04 +02:00
106 changed files with 812 additions and 1265 deletions
@@ -31,7 +31,6 @@ updates:
    - "/Containers/collabora"
    - "/Containers/docker-socket-proxy"
    - "/Containers/domaincheck"
    - "/Containers/eurooffice"
    - "/Containers/fulltextsearch"
    - "/Containers/imaginary"
    - "/Containers/mastercontainer"
@@ -3,8 +3,3 @@
  -
  - Before sending a pull request that fixes a security issue please report it via our HackerOne page (https://hackerone.com/nextcloud) following our security policy (https://nextcloud.com/security/). This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
 -->
 <!-- Please check the below checkmarks if applicable -->
 - [ ] The PR was tested and verified that it works locally
 - [ ] The PR was completely or partially created with AI
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@89ae32b08ed1a541efecbab17912962a5e38981c # v5
+      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v5
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
@@ -32,7 +32,7 @@ jobs:
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version: 24.15.0
+          node-version: lts/*
      - name: Install dependencies
        run: cd php/tests && npm ci
@@ -17,7 +17,7 @@ jobs:
      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
        with:
-          node-version: 24.15.0
+          node-version: lts/*
      - name: Install dependencies
        run: cd php/tests && npm ci
@@ -47,14 +47,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
        uri strip_prefix /onlyoffice
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
-        }
+            header_up X-Forwarded-Proto https
    }
    # EuroOffice
    route /eurooffice/* {
        uri strip_prefix /eurooffice
        reverse_proxy {$EUROOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.hostport}/eurooffice
        }
    }
@@ -85,7 +78,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
    # TLS options
    tls {
        issuer acme {
-            profile tlsserver
+            profile shortlived
            # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
            # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
            disable_http_challenge
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.11.4-alpine AS caddy
+FROM caddy:2.11.3-alpine AS caddy
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.67-alpine3.23
@@ -103,7 +103,6 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Apache and Caddy for Nextcloud AIO" \
    org.opencontainers.image.description="Apache HTTP server with Caddy for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -25,7 +25,6 @@ USER root
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Borgbackup for Nextcloud AIO" \
    org.opencontainers.image.description="BorgBackup-based backup service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -18,6 +18,30 @@ get_expiration_time() {
    DURATION_HOUR=$((DURATION / 3600))
    DURATION_READABLE=$(printf "%02d hours %02d minutes %02d seconds" $DURATION_HOUR $DURATION_MIN $DURATION_SEC)
 }
 # Run "borg info" and handle the exit code.
 # If the exit code indicates a connection failure 
 # (81 = ConnectionClosedWithHint) and a remote repo is configured, the SSH
 # auth error signal file is created so the mastercontainer can show a
 # targeted error message.  Returns the original borg exit code.
 borg_info() {
    borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null
    local _exit=$?
    if [ -n "$BORG_REMOTE_REPO" ] && [ "$_exit" -eq 81 ]; then
        touch "$SSH_AUTH_ERROR_FILE"
    fi
    return $_exit
 }
 # Signal file written when an SSH authentication failure is detected so the
 # mastercontainer can show a targeted error without needing to scan container logs.
 # Borg exit code 81 (ConnectionClosedWithHint) indicate
 # connection failures that occur before the Borg protocol is established, which covers
 # SSH authentication errors and host-key verification failures.
 # These codes are available because BORG_EXIT_CODES=modern is set in start.sh.
 SSH_AUTH_ERROR_FILE="/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg_ssh_auth_error"
 # Start with a clean state for every run
 rm -f "$SSH_AUTH_ERROR_FILE"
 # Test if all volumes aren't empty
 VOLUME_DIRS="$(find /nextcloud_aio_volumes -mindepth 1 -maxdepth 1 -type d)"
@@ -127,7 +151,7 @@ if [ "$BORG_MODE" = backup ]; then
    fi
    # Initialize the repository if can't get info from target
-    if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+    if ! borg_info; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            if [ -n "$BORG_REMOTE_REPO" ]; then
@@ -588,7 +612,7 @@ fi
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg "$BORG_LOG_LEVEL_FLAG" info > /dev/null; then
+        if ! borg_info; then
            echo "Borg could not get info from the remote repo."
            echo "See the above borg info output for details."
            exit 1
@@ -29,6 +29,8 @@ else
 fi
 export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
 # Use specific exit codes (81 for ssh connection failures) instead of the legacy generic exit code 2
 export BORG_EXIT_CODES=modern
 if [ -n "$BORG_REMOTE_REPO" ]; then
    export BORG_REPO="$BORG_REMOTE_REPO"
@@ -43,7 +43,6 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="ClamAV for Nextcloud AIO" \
    org.opencontainers.image.description="ClamAV antivirus scanner for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -13,7 +13,6 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Collabora Online for Nextcloud AIO" \
    org.opencontainers.image.description="Collabora Online document editor from upstream for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:26.04.1.3.1
+FROM collabora/code:25.04.9.4.1
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
@@ -13,7 +13,6 @@ USER 1001
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Collabora for Nextcloud AIO" \
    org.opencontainers.image.description="Collabora CODE document editor for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.4.0-alpine
+FROM haproxy:3.3.10-alpine
 # hadolint ignore=DL3002
 USER root
@@ -20,7 +20,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Docker Socket Proxy for Nextcloud AIO" \
    org.opencontainers.image.description="HAProxy-based Docker socket proxy for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -19,7 +19,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Domain Check for Nextcloud AIO" \
    org.opencontainers.image.description="Domain validation service for Nextcloud All-in-One setup" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,17 +0,0 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/euro-office/documentserver:v9.3.1-beta.1
 # USER root is probably used
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="EuroOffice for Nextcloud AIO" \
    org.opencontainers.image.description="EuroOffice Document Server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.source="https://github.com/nextcloud/all-in-one" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md"
@@ -1,7 +0,0 @@
 #!/bin/bash
 if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
 nc -z 127.0.0.1 80 || exit 1
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/dockerfiles/blob/9.3/elasticsearch/Dockerfile
-FROM elasticsearch:9.4.2
+FROM elasticsearch:9.4.1
 USER root
@@ -21,7 +21,6 @@ USER 1000:0
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Full Text Search for Nextcloud AIO" \
    org.opencontainers.image.description="Elasticsearch-based full-text search for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -4,4 +4,4 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
-curl -fs -u "elastic:$FULLTEXTSEARCH_PASSWORD" "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
+curl -fs "http://127.0.0.1:9200/_cluster/health?filter_path=status" | grep -qE '"status":"(green|yellow)"' || exit 1
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.4-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
 ENV IMAGINARY_HASH=6a274b488759a896aff02f52afee6e50b5e3a3ee
@@ -45,7 +45,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Imaginary for Nextcloud AIO" \
    org.opencontainers.image.description="High-performance image processing service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,11 +1,11 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:29.5.2-cli AS docker
+FROM docker:29.5.1-cli AS docker
 ARG CADDY_REMOTE_HOST_HASH=e80a9931765a8dbcbb47db415863387f0df0e1b3
 # Caddy is a requirement
-FROM caddy:2.11.4-builder-alpine AS caddy
+FROM caddy:2.11.3-builder-alpine AS caddy
 RUN set -ex; \
    xcaddy build --with github.com/muety/caddy-remote-host@"$CADDY_REMOTE_HOST_HASH"; \
    /usr/bin/caddy list-modules
@@ -107,7 +107,6 @@ LABEL org.opencontainers.image.title="Nextcloud All-in-One Mastercontainer" \
    org.opencontainers.image.vendor="Nextcloud" \
    org.opencontainers.image.documentation="https://github.com/nextcloud/all-in-one/blob/main/readme.md" \
    wud.watch="false" \
    dockhand.update="false" \
    com.docker.compose.project="nextcloud-aio"
 # hadolint ignore=DL3002
@@ -8,7 +8,7 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=33.0.5
+ENV NEXTCLOUD_VERSION=33.0.3
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
@@ -286,7 +286,6 @@ CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Nextcloud for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud server with all required PHP extensions for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -2,5 +2,4 @@
 $CONFIG = array (
  'one-click-instance' => true,
  'one-click-instance.user-limit' => 100,
  'update_channel' => 'stable',
 );
@@ -1,4 +1,4 @@
 <?php
 $CONFIG = array (
-  'serverid' => hexdec(hash('xxh32', gethostname())) & 0x1FF,
+  'serverid' => hexdec(hash('xxh32', gethostname()) & 0x1FF,
 );
@@ -419,12 +419,41 @@ EOF
 # AIO update to latest start # Do not remove or change this line!
            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                if ! bash /upgrade-latest-major.sh; then
+                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                    echo "Upgrade to latest major version failed! Check the output above for details."
+                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
                if [ -n "${INSTALLED_AT}" ]; then
                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
                    # shellcheck disable=SC2001
                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
                fi
                php /var/www/html/updater/updater.phar --no-interaction --no-backup
                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                    echo "Installation of Nextcloud failed!"
                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
                    exit 1
                fi
                # shellcheck disable=SC2016
                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                INSTALLED_MAJOR="${installed_version%%.*}"
                IMAGE_MAJOR="${image_version%%.*}"
                # If a valid upgrade path, trigger the Nextcloud built-in Updater
                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
                        echo "Installation of Nextcloud failed!"
                        # TODO: Add a hint here about what to do / where to look / updater.log? 
                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
                        exit 1
                    fi
                    # shellcheck disable=SC2016
                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                fi
                php /var/www/html/occ config:system:set updatechecker --type=bool --value=true
                php /var/www/html/occ app:enable nextcloud-aio --force
                php /var/www/html/occ db:add-missing-columns
                php /var/www/html/occ db:add-missing-primary-keys
                yes | php /var/www/html/occ db:convert-filecache-bigint
            fi
 # AIO update to latest end # Do not remove or change this line!
@@ -867,58 +896,6 @@ else
    fi
 fi
 # EuroOffice
 if [ "$EUROOFFICE_ENABLED" = 'yes' ]; then
    # Determine EuroOffice port based on host pattern
    if echo "$EUROOFFICE_HOST" | grep -q "nextcloud-.*-eurooffice"; then
        EUROOFFICE_PORT=80
    else
        EUROOFFICE_PORT=443
    fi
    count=0
    while ! nc -z "$EUROOFFICE_HOST" "$EUROOFFICE_PORT" && [ "$count" -lt 90 ]; do
        echo "Waiting for EuroOffice to become available..."
        count=$((count+5))
        sleep 5
    done
    if [ "$count" -ge 90 ]; then
        bash /notify.sh "EuroOffice did not start in time!" "Skipping initialization and disabling eurooffice app."
        php /var/www/html/occ app:disable eurooffice
    else
        # Install or enable EuroOffice app as needed
        if ! [ -d "/var/www/html/custom_apps/eurooffice" ]; then
            php /var/www/html/occ app:install eurooffice
        elif [ "$(php /var/www/html/occ config:app:get eurooffice enabled)" != "yes" ]; then
            php /var/www/html/occ app:enable eurooffice
        elif [ "$SKIP_UPDATE" != 1 ]; then
            php /var/www/html/occ app:update eurooffice
        fi
        # Set EuroOffice configuration
        php /var/www/html/occ config:system:set eurooffice editors_check_interval --value="0" --type=integer 
        php /var/www/html/occ config:system:set eurooffice jwt_secret --value="$EUROOFFICE_SECRET"
        php /var/www/html/occ config:app:set eurooffice jwt_secret --value="$EUROOFFICE_SECRET"
        php /var/www/html/occ config:system:set eurooffice jwt_header --value="AuthorizationJwt"
        # Adjust the EuroOffice host if using internal pattern
        if echo "$EUROOFFICE_HOST" | grep -q "nextcloud-.*-eurooffice"; then
            EUROOFFICE_HOST="$NC_DOMAIN/eurooffice"
            export EUROOFFICE_HOST
        fi
        php /var/www/html/occ config:app:set eurooffice DocumentServerUrl --value="https://$EUROOFFICE_HOST"
    fi
 else
    # Remove EuroOffice app if disabled and removal is requested
    if [ "$REMOVE_DISABLED_APPS" = yes ] && \
       [ -d "/var/www/html/custom_apps/eurooffice" ] && \
       [ -n "$EUROOFFICE_SECRET" ] && \
       [ "$(php /var/www/html/occ config:system:get eurooffice jwt_secret)" = "$EUROOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove eurooffice
    fi
 fi
 # Talk
 if [ "$TALK_ENABLED" = 'yes' ]; then
    set -x
@@ -1,43 +0,0 @@
 #!/bin/bash
 PHP_CLI="php"
 if [[ "$EUID" = 0 ]]; then
    PHP_CLI="sudo -u www-data -E $PHP_CLI"
 fi
 # shellcheck disable=SC2016
 image_version="$($PHP_CLI -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 export IMAGE_MAJOR="${image_version%%.*}"
 $PHP_CLI /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 INSTALLED_AT="$($PHP_CLI /var/www/html/occ config:app:get core installedat)"
 if [ -n "${INSTALLED_AT}" ]; then
    # Set the installedat to 00 which will allow to skip staging and install the next major directly
    # shellcheck disable=SC2001
    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
    $PHP_CLI /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}"
 fi
 $PHP_CLI /var/www/html/updater/updater.phar --no-interaction --no-backup
 if ! $PHP_CLI /var/www/html/occ -V || $PHP_CLI /var/www/html/occ status | grep maintenance | grep -q 'true'; then
    echo "Installation of Nextcloud failed!"
    touch "$NEXTCLOUD_DATA_DIR/install.failed"
    exit 1
 fi
 # shellcheck disable=SC2016
 installed_version="$($PHP_CLI -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
 export INSTALLED_MAJOR="${installed_version%%.*}"
 # If a valid upgrade path, trigger the Nextcloud built-in Updater
 if ! $PHP_CLI -r "version_compare(getenv('INSTALLED_MAJOR'), getenv('IMAGE_MAJOR'), '>') || exit(1);"; then
    $PHP_CLI /var/www/html/updater/updater.phar --no-interaction --no-backup
    if ! $PHP_CLI /var/www/html/occ -V || $PHP_CLI /var/www/html/occ status | grep maintenance | grep -q 'true'; then
        echo "Installation of Nextcloud failed!"
        # TODO: Add a hint here about what to do / where to look / updater.log?
        touch "$NEXTCLOUD_DATA_DIR/install.failed"
        exit 1
    fi
 fi
 $PHP_CLI /var/www/html/occ config:system:set updatechecker --type=bool --value=true
 $PHP_CLI /var/www/html/occ app:enable nextcloud-aio --force
 $PHP_CLI /var/www/html/occ db:add-missing-columns
 $PHP_CLI /var/www/html/occ db:add-missing-primary-keys
 yes | $PHP_CLI /var/www/html/occ db:convert-filecache-bigint
@@ -23,7 +23,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Notify Push for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud notify_push high-performance backend for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -9,7 +9,6 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="OnlyOffice for Nextcloud AIO" \
    org.opencontainers.image.description="OnlyOffice Document Server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -49,7 +49,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="PostgreSQL for Nextcloud AIO" \
    org.opencontainers.image.description="PostgreSQL database for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -23,7 +23,6 @@ ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Redis for Nextcloud AIO" \
    org.opencontainers.image.description="Redis cache server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -67,7 +67,6 @@ CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.co
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Talk Recording for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud Talk recording service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.14.2-scratch AS nats
+FROM nats:2.14.1-scratch AS nats
 FROM eturnal/eturnal:1.12.2-alpine AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.1.1 AS signaling
 FROM alpine:3.23.4 AS janus
@@ -112,7 +112,6 @@ CMD ["supervisord", "-c", "/supervisord.conf"]
 HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Talk for Nextcloud AIO" \
    org.opencontainers.image.description="Nextcloud Talk with NATS, Janus, eturnal, and signaling server for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -4,13 +4,11 @@ if [ "$AIO_LOG_LEVEL" = 'debug' ]; then
    set -x
 fi
-nc -z 127.0.0.1 8081 || nc -z ::1 8081 || exit 1
+nc -z 127.0.0.1 8081 || exit 1
 nc -z 127.0.0.1 8188 || exit 1
 nc -z 127.0.0.1 4222 || exit 1
-nc -z 127.0.0.1 "$TALK_PORT" || nc -z ::1 "$TALK_PORT" || exit 1
+nc -z 127.0.0.1 "$TALK_PORT" || exit 1
 eturnalctl status || exit 1
 # Verify that the signaling server is actually serving requests, not just
 # listening on the TCP port (which nc -z above only tests for open port).
-# SC2102: [::1] is an IPv6 address literal in a URL, not a character-range glob.
+wget -q -O /dev/null http://127.0.0.1:8081/api/v1/stats || exit 1
 # shellcheck disable=SC2102
 wget -q -O /dev/null http://127.0.0.1:8081/api/v1/stats || wget -q -O /dev/null http://[::1]:8081/api/v1/stats || exit 1
@@ -75,13 +75,6 @@ if grep -q "1" /sys/module/ipv6/parameters/disable \
 || grep -q "1" /proc/sys/net/ipv6/conf/default/disable_ipv6; then
    IP_BINDING="0.0.0.0"
 fi
 # Build a listen address suitable for the signaling server's "ip:port" format.
 # IPv6 needs bracket notation: [::]:8081; IPv4 keeps the plain form: 0.0.0.0:8081
 if [ "$IP_BINDING" = "::" ]; then
    SIGNALING_LISTEN="[::]:8081"
 else
    SIGNALING_LISTEN="$IP_BINDING:8081"
 fi
 if [ "$AIO_LOG_LEVEL" != 'debug' ]; then
    set +x
 fi
@@ -125,7 +118,7 @@ fi
 # Signaling
 cat << SIGNALING_CONF > "/conf/signaling.conf"
 [http]
-listen = ${SIGNALING_LISTEN}
+listen = 0.0.0.0:8081
 readtimeout = 15
 writetimeout = 30
@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.26.4-alpine3.23 AS go
+FROM golang:1.26.3-alpine3.23 AS go
-ENV WATCHTOWER_COMMIT_HASH=9d0048403a7242943084bede951f6f966f7691ba	
+ENV WATCHTOWER_COMMIT_HASH=652c89577076f6bc6f2af4465217589641216ee3	
 RUN set -ex; \
    apk upgrade --no-cache -a; \
    apk add --no-cache \
        build-base; \
-    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.17.2
+    go install github.com/nicholas-fedor/watchtower@$WATCHTOWER_COMMIT_HASH # v1.16.1
 FROM alpine:3.23.4
@@ -27,7 +27,6 @@ ENV AIO_LOG_LEVEL="warn"
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Watchtower for Nextcloud AIO" \
    org.opencontainers.image.description="Watchtower auto-update service for Nextcloud All-in-One containers" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/nextcloud/whiteboard/blob/main/Dockerfile
-FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.9
+FROM ghcr.io/nextcloud-releases/whiteboard:v1.5.8
 USER root
 RUN set -ex; \
@@ -24,7 +24,6 @@ ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.enable="false" \
    wud.watch="false" \
    dockhand.update="false" \
    org.opencontainers.image.title="Whiteboard for Nextcloud AIO" \
    org.opencontainers.image.description="Collaborative whiteboard service for Nextcloud All-in-One" \
    org.opencontainers.image.url="https://github.com/nextcloud/all-in-one" \
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="33" max-version="34"/>
+		<nextcloud min-version="32" max-version="33"/>
 	</dependencies>
 	<settings>
@@ -1,5 +1,5 @@
 ## Borgbackup Viewer
-This container allows to view the local borg backups repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
+This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
@@ -14,3 +14,4 @@ https://github.com/szaimen/aio-borgbackup-viewer
 ### Maintainer
 https://github.com/szaimen
@@ -1,13 +1,5 @@
 ## Caddy with geoblocking
-This container bundles [caddy](https://caddyserver.com/) and auto-configures it for you as a reverse proxy. 
+This container bundles caddy and auto-configures it for you. It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
 It also covers [vaultwarden](https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden) by listening on `bw.$NC_DOMAIN`, if installed. 
 It also covers [stalwart](https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart) by listening on `mail.$NC_DOMAIN`, if installed. 
 It also covers [jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) by listening on `media.$NC_DOMAIN`, if installed. 
 It also covers [lldap](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) by listening on `ldap.$NC_DOMAIN`, if installed. 
 It also covers [nocodb](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nocodb) by listening on `tables.$NC_DOMAIN`, if installed. 
 It also covers [seerr](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr) by listening on `requests.$NC_DOMAIN`, if installed. 
 It also covers [nextcloud-exporter](https://github.com/nextcloud/all-in-one/tree/main/community-containers/nextcloud-exporter) by listening on `metrics.$NC_DOMAIN`, if installed. 
 It also covers [LocalAI](https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai) by listening on `ai.$NC_DOMAIN`, if installed.
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## calcardbackup  
-This container packages [calcardbackup](https://codeberg.org/BernieO/calcardbackup), a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
+This container packages calcardbackup which is a tool that exports calendars and addressbooks from Nextcloud to .ics and .vcf files and saves them to a compressed file.
 ### Notes  
 - Backups will be created at 00:00 UTC every day. Make sure that this does not conflict with the configured daily backups inside AIO.
@@ -12,3 +12,4 @@ https://github.com/waja/docker-calcardbackup
 ### Maintainer
 https://github.com/pailloM
@@ -1,11 +1,11 @@
 ## Container-Management
-This container allows to manage other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
+This container allows to manage insides of other containers via a GUI inside a Web session by allowing to run docker commands from inside this container.
 ### Notes
 - After adding and starting the container, you need to visit `https://ip.address.of.this.server:5804` in order to log in with the user `container-management` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
 - Then, you should see a terminal. There you can use any docker command. ⚠️ Be very carefully while doing that as can break your instance!
- There are also some pre-made scripts that make configuring some community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
+- There are also some pre-made scripts that make configuring some of the community containers easier. For example scripts for [LLDAP](https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap) and [Facerecognition](https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition).
- ⚠️ After you are done doing your operations, remove the container from the stack for better security: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
+- ⚠️ After you are done doing your operations, remove the container for better security again from the stack: https://github.com/nextcloud/all-in-one/tree/main/community-containers#how-to-remove-containers-from-aios-stack
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 ### Repository
@@ -1,8 +1,8 @@
 ## DLNA server
-This container bundles a DLNA multimedia streaming server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
+This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
 ### Notes
- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on public servers.
+- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
 - If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
@@ -11,3 +11,4 @@ https://github.com/thanek/nextcloud-dlna
 ### Maintainer
 https://github.com/thanek
@@ -1,5 +1,5 @@
 ## Facerecognition
-This container bundles a basic facial recognition system and auto-configures it for you.
+This container bundles the external model of facerecognition and auto-configures it for you.
 ### Notes
 - This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
@@ -1,6 +1,5 @@
 ## Fail2ban
-This container bundles [fail2ban](https://github.com/fail2ban/fail2ban) and auto-configures it for you in order to block ip-addresses automatically.
+This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
 It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin, and https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyseerr, if installed.
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
@@ -1,5 +1,5 @@
 ## Glances
-This container starts [Glances](https://nicolargo.github.io/glances/), a web-based system monitoring dashboard, and auto-configures it for you.
+This container starts Glances, a web-based info-board, and auto-configures it for you.
 > [!CAUTION]
 > This container mounts the docker-socket from the host-system.
@@ -1,5 +1,5 @@
 ## Home Assistant
-This container bundles [Home Assistant](https://www.home-assistant.io/) and auto-configures it for you.
+This container bundles Home Assistant and auto-configures it for you.
 ### Notes
 - This container should only be run in home networks since Home Assistant is designed for local home automation.
@@ -1,5 +1,5 @@
 ## Jellyfin
-This container bundles [Jellyfin](https://jellyfin.org/) and auto-configures it for you.
+This container bundles Jellyfin and auto-configures it for you.
 ### Notes
 - This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Seerr
-This container bundles [Seerr](https://seerr.dev/) request management and media discovery tool and auto-configures it for you.
+This container bundles Seerr and auto-configures it for you.
 ### Notes
 - **Migration from Jellyseerr**: Jellyseer previously ran as the root user. With the migration to Seerr, the container now runs rootless with userid 1000, meaning that if you previously used Jellyseerr, Seerr will not be able to access the config files generated by the old Jellyseerr container. To migrate, execute the following steps: 1. stop all containers using the AIO-interface, 2. run `sudo docker run --rm -v nextcloud_aio_jellyseerr:/data alpine chown -R 1000:1000 /data`
@@ -1,5 +1,5 @@
 ## LanguageTool for Nextcloud Office
-This container bundles [LanguageTool](https://github.com/languagetool-org/languagetool) for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
+This container bundles a LanguageTool for Nextcloud Office which adds spell checking functionality to Nextcloud Office.
 ### Notes
 - Make sure to have Nextcloud Office enabled via the AIO interface
@@ -1,5 +1,5 @@
 ## LibreTranslate
-This container bundles [LibreTranslate](https://github.com/LibreTranslate/LibreTranslate) and auto-configures it for you.
+This container bundles LibreTranslate and auto-configures it for you.
 > [!WARNING]
 > The LibreTranslate container and app is deprecated!
@@ -1,5 +1,5 @@
 ## Light LDAP server
-This container bundles an [LLDAP](https://github.com/lldap/lldap) LDAP server and auto-configures your Nextcloud instance for you.
+This container bundles LLDAP server and auto-configures your Nextcloud instance for you.
 ### Notes
 - In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
@@ -1,5 +1,5 @@
 ## Local AI
-This container bundles [Local AI](https://localai.io/) and auto-configures it for you. It support hardware acceleration with Vulkan.
+This container bundles Local AI and auto-configures it for you. It support hardware acceleration with Vulkan.
 ### Notes
 Documentation is available on the container repository. This documentation is regularly updated and is intended to be as simple and detailed as possible. Thanks for all your feedback!
@@ -1,5 +1,5 @@
 ## MakeMKV
-This container bundles the [MakeMKV](https://www.makemkv.com/) video converter and auto-configures it for you.
+This container bundles MakeMKV and auto-configures it for you.
 ### Notes
 - This container should only be run in home networks
@@ -1,5 +1,5 @@
 ## Minio
-This container bundles [minio](https://github.com/minio/minio) s3 storage and auto-configures it for you.
+This container bundles minio s3 storage and auto-configures it for you.
 > [!CAUTION]
 > The Minio upstream project is no longer maintained. The container should still work in its current form...
@@ -14,7 +14,7 @@
 > - See more here https://github.com/nextcloud/tables/issues/103 
 ## NocoDb server
-This container bundles [NocoDb](https://github.com/nocodb/nocodb), an online no-code database solution, without synchronization with Nextcloud.
+This container bundles NocoDb without synchronization with Nextcloud.
 This is an alternative of **Airtable**.
@@ -1,5 +1,5 @@
 ## NPMplus
-This container contains a fork of [Nginx Proxy Manager](https://nginxproxymanager.com/), which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
+This container contains a fork of the Nginx Proxy Manager, which is a WebUI for nginx. It will also automatically create a config and cert for AIO.
 ### Notes
 - This container is incompatible with the [caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Pi-hole
-This container bundles the [pi-hole](https://pi-hole.net/) ad blocker and auto-configures it for you.
+This container bundles pi-hole and auto-configures it for you.
 ### Notes
 - You should not run this container on a public VPS! It is only intended to run in home networks!
@@ -1,5 +1,5 @@
 ## Plex
-This container bundles the [Plex Media Server](https://www.plex.tv/en-gb/personal-media-server/) and auto-configures it for you.
+This container bundles Plex and auto-configures it for you.
 ### Notes
 - This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
@@ -1,5 +1,5 @@
 ## Scrutiny
-This container bundles [Scrutiny](https://github.com/analogj/scrutiny), a web frontend for SMART stats, and auto-configures it for you.
+This container bundles Scrutiny which is a frontend for SMART stats and auto-configures it for you.
 ### Notes
 - This container should only be run in home networks
@@ -4,7 +4,7 @@
 > Do not use this feature as a main mail server or without a redundancy system and without knowledge.
 ## Stalwart mail server
-This container bundles the [Stalwart](https://stalw.art/) mail server and auto-configures it for you.
+This container bundles stalwart mail server and auto-configures it for you.
 ### Notes
 Documentation is available on the container repository.
@@ -1,5 +1,5 @@
 ## Vaultwarden
-This container bundles the [VaultWarden](https://www.vaultwarden.net/) password manager and auto-configures it for you.
+This container bundles vaultwarden and auto-configures it for you.
 ### Notes
 - You need to configure a reverse proxy in order to run this container since vaultwarden needs a dedicated (sub)domain! For that, you might have a look at https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy or follow https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md and https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples. You need to point the reverse proxy at port 8812 of this server.
@@ -1,37 +1,37 @@
-# Docker rootless
+# Docker rootless
-
+
-You can run AIO with docker rootless by following the steps below.
+You can run AIO with docker rootless by following the steps below.
-
+
-0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
+0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
-1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
+1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
-1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
+1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
-1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
+1. Do not forget to set the mentioned environmental variables `PATH` and `DOCKER_HOST` and in best case add them to your `~/.bashrc` file as shown!
-1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
+1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
-1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
+1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/tips/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`). If you require the correct source IP you must expose them via `/etc/sysctl.conf`, [see note below](#note-regarding-docker-network-driver).
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly). When you are using Portainer to deploy AIO, the variable `$XDG_RUNTIME_DIR` is not available. In this case, it is necessary to manually add the path (e.g. `/run/user/1000/docker.sock`) to the Docker compose file to replace the `$XDG_RUNTIME_DIR` variable. If you are not sure how to get the path, you can run on the host: `echo $XDG_RUNTIME_DIR`.
-1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
-1. ⚠️ **Important:** Please read through all notes below!
+1. ⚠️ **Important:** Please read through all notes below!
-
+
-### Note regarding sudo in the documentation
+### Note regarding sudo in the documentation
-Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
+Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
-
+
-### Note regarding permissions
+### Note regarding permissions
-All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir via NEXTCLOUD_DATADIR. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
-
+
-
+
-### Note regarding docker network driver
+### Note regarding docker network driver
-By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
+By default rootless docker uses the `slirp4netns` IP driver and the `builtin` port driver. As mentioned in [the documentation](https://docs.docker.com/engine/security/rootless/#networking-errors), this combination doesn't provide "Source IP propagation". This means that Apache and Nextcloud will see all connections as coming from the docker gateway (e.g 172.19.0.1), which can lead to the Nextcloud brute force protection blocking all connection attempts. To expose the correct source IP, you will need to configure docker to also use `slirp4netns` as the port driver (see also [this guide](https://rootlesscontaine.rs/getting-started/docker/#changing-the-port-forwarder)).
-As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
+As stated in the documentation, this change will likely lead to decreased network throughput. You should test this by trying to transfer a large file after completing your setup and revert back to the `builtin` port driver if the throughput is too slow.
-* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
+* Add `net.ipv4.ip_unprivileged_port_start=80` to `/etc/sysctl.conf`. Editing this file requires root privileges. (using capabilities doesn't work here; see [this issue](https://github.com/rootless-containers/slirp4netns/issues/251#issuecomment-761415404)).
-* Run `sudo sysctl --system` to propagate the change.
+* Run `sudo sysctl --system` to propagate the change.
-* Create `~/.config/systemd/user/docker.service.d/override.conf`
+* Create `~/.config/systemd/user/docker.service.d/override.conf`
-  with the following content:
+  with the following content:
-  ```
+  ```
-  [Service]
+  [Service]
-  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns"
-  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
+  Environment="DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
-  ```
+  ```
-* Restart the docker daemon
+* Restart the docker daemon
-  ```
+  ```
-  systemctl --user restart docker
+  systemctl --user restart docker
-  ```
+  ```
@@ -1,40 +1,40 @@
-# Local instance
+# Local instance
-It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
+It is possible due to several reasons that you do not want or cannot open Nextcloud to the public internet. Perhaps you were hoping to access AIO directly from an `ip.add.r.ess` (unsupported) or without a valid domain.  However, AIO requires a valid certificate to work correctly. Below is discussed how you can achieve both: Having a valid certificate for Nextcloud and only using it locally.
-
+
-### Content
+### Content
- [1. Tailscale](#1-tailscale)
+- [1. Tailscale](#1-tailscale)
- [2. Pangolin](#2-pangolin)
+- [2. Pangolin](#2-pangolin)
- [3. The normal way](#3-the-normal-way)
+- [3. The normal way](#3-the-normal-way)
- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
+- [4. Use the ACME DNS-challenge](#4-use-the-acme-dns-challenge)
- [5. Use Cloudflare](#5-use-cloudflare)
+- [5. Use Cloudflare](#5-use-cloudflare)
- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
+- [6. Buy a certificate and use that](#6-buy-a-certificate-and-use-that)
-
+
-## 1. Tailscale
+## 1. Tailscale
-This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
+This is the recommended way. For a reverse proxy example guide for Tailscale, see this guide by [@Perseus333](https://github.com/Perseus333): https://github.com/nextcloud/all-in-one/discussions/6817
-
+
-## 2. Pangolin
+## 2. Pangolin
-[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
+[Pangolin](https://pangolin.net/) is an open-source, WireGuard-based remote access platform similar in concept to Tailscale. It uses the **Newt** connector to create outbound-only encrypted tunnels — no inbound ports need to be opened on your firewall. Pangolin handles TLS automatically, providing a valid certificate for your Nextcloud domain.
-
+
-You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
+You can use either [Pangolin Cloud](https://app.pangolin.net/) (free tier available) or [self-host your own Pangolin server](https://docs.pangolin.net/self-host/quick-install) on a VPS. For private/local-only access, self-hosting Pangolin on a machine within your local network means that Nextcloud never needs to be exposed to the public internet.
-
+
-For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
+For the reverse proxy configuration details and a step-by-step setup guide, see the [Pangolin section in the reverse proxy documentation](./reverse-proxy.md#pangolin).
-
+
-## 3. The normal way
+## 3. The normal way
-The normal way is the following:
+The normal way is the following:
-1. Set up your domain correctly to point to your home network
+1. Set up your domain correctly to point to your home network
-1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
+1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
-1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
-1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Enter the ip-address of your local dns-server in the daemon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
-1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
+1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
-
+
-**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
+**Hint:** You may have a look at [this video](https://youtu.be/zk-y2wVkY4c) for a more complete but possibly outdated example.
-
+
-## 4. Use the ACME DNS-challenge
+## 4. Use the ACME DNS-challenge
-You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
+You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up using an external caddy reverse proxy: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge
-
+
-## 5. Use Cloudflare
+## 5. Use Cloudflare
-If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
+If you do not have any control over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.
-
+
-## 6. Buy a certificate and use that
+## 6. Buy a certificate and use that
-If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
+If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
-
+
@@ -1,122 +1,122 @@
-# Manual upgrade
+# Manual upgrade
-
+
-If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
+If you do not update Nextcloud AIO for a long time (6+ months), when you eventually update in the AIO interface you will find Nextcloud no longer works. This is due to incompatible PHP versions within the nextcloud container.
-There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
+There is unfortunately no way to fix this from a maintainer POV if you refrain from upgrading for so long.
-
+
-The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
+The only way to fix this on your side is upgrading regularly (e.g. by enabling daily backups which will also automatically upgrade all containers) and following the steps below to get back to a normal state:
-
+
---
+---
-
+
-## Method 1 using `assaflavie/runlike`
+## Method 1 using `assaflavie/runlike`
-
+
-> [!Warning]
+> [!Warning]
-> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10
+> Please note that this method is apparently currently broken. See https://help.nextcloud.com/t/manual-upgrade-keeps-failing/217164/10
-> So please refer to method 2 using Portainer.
+> So please refer to method 2 using Portainer.
-
+
-1. Start all containers from the AIO interface 
+1. Start all containers from the AIO interface 
-    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
+    - Now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem
-    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
+    - #### Do **not** click on `Stop containers` because you will need them running going forward, see below
-2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
+2. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. 
-    - There you will find information about the max. supported PHP version
+    - There you will find information about the max. supported PHP version
-    - **Make a mental note of this**
+    - **Make a mental note of this**
-3. Stop the Nextcloud container and the Apache container by running 
+3. Stop the Nextcloud container and the Apache container by running 
-    ```bash
+    ```bash
-        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
+        sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache
-    ```
+    ```
-4. Run the following commands in order to reverse engineer the Nextcloud container:
+4. Run the following commands in order to reverse engineer the Nextcloud container:
-    ```bash
+    ```bash
-        sudo docker pull assaflavie/runlike
+        sudo docker pull assaflavie/runlike
-        echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
+        echo '#!/bin/bash' > /tmp/nextcloud-aio-nextcloud
-        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock:ro assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
+        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
-        sudo chown root:root /tmp/nextcloud-aio-nextcloud
+        sudo chown root:root /tmp/nextcloud-aio-nextcloud
-    ```
+    ```
-5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
+5. Now open `/tmp/nextcloud-aio-nextcloud` with a text editor, and edit the container tag:
-
+
-
+
-| To change                              | Replace with                                        |
+| To change                              | Replace with                                        |
-|----------------------------------------|-----------------------------------------------------|
+|----------------------------------------|-----------------------------------------------------|
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
-| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
-
+
-
+
-
+
- - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
+ - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+ - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
- - Using nano and the arrow keys to navigate:
+ - Using nano and the arrow keys to navigate:
-  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
+  - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
-6. Next, stop and remove the current container: 
+6. Next, stop and remove the current container: 
-    ```bash
+    ```bash
-        sudo docker stop nextcloud-aio-nextcloud
+        sudo docker stop nextcloud-aio-nextcloud
-        sudo docker rm nextcloud-aio-nextcloud
+        sudo docker rm nextcloud-aio-nextcloud
-    ```
+    ```
-7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
+7. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
-**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
+**Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
-8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
+8. After the Nextcloud container is started (you can tell by looking at the logs), simply restart the container again with `sudo docker restart nextcloud-aio-nextcloud` until it does not install a new Nextcloud update anymore upon the container startup.
-9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
+9. Now, you should be able to use the AIO interface again by simply stopping the AIO containers and starting them again which should finally bring up your instance again.
-10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
+10. If not and if you get the same error again, you may repeat the process starting from the beginning again until your Nextcloud version is finally up-to-date.
-11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
+11. Now, if everything is finally running as usual again, it is recommended to create a backup in order to save the current state. Consider enabling daily backups if doing regular upgrades is a hassle for you. 
-
+
---
+---
-
+
-## Method 2 using Portainer
+## Method 2 using Portainer
-#### *Approach using portainer if method 1 does not work for you*
+#### *Approach using portainer if method 1 does not work for you*
-
+
-Prerequisite: have all containers from AIO interface running.
+Prerequisite: have all containers from AIO interface running.
-
+
-##### 1. Install portainer if not installed:
+##### 1. Install portainer if not installed:
-```bash
+```bash
-docker volume create portainer_data
+docker volume create portainer_data
-docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro -v portainer_data:/data portainer/portainer-ce:latest
+docker run -d -p 8000:8000 -p 9443:9443 --name portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
-```
+```
- If you have a reverse proxy
+- If you have a reverse proxy
-    - you can setup and navigate using a domain name.
+    - you can setup and navigate using a domain name.
- For the **standard** AIO install
+- For the **standard** AIO install
-    - Open port 9443 on your firewall
+    - Open port 9443 on your firewall
-    - navigate to `https://<server-ip>:9443`
+    - navigate to `https://<server-ip>:9443`
- Accept the insecure self-signed certificate and set an admin password
+- Accept the insecure self-signed certificate and set an admin password
- If prompted to add an environment
+- If prompted to add an environment
-    - add local
+    - add local
-
+
-##### 2. Within the local portainer environment navigate to the **containers** tab 
+##### 2. Within the local portainer environment navigate to the **containers** tab 
- Here you should see all the various containers running
+- Here you should see all the various containers running
-
+
-##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
+##### 3. Now we need to stop the `nextcloud-aio-nextcloud` and `nextcloud-aio-apache` containers
-
+
-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
+-  This can be done by selecting the checkbox's next to the containers' name and clicking the **Stop** button at the top
-    - or you can click into individual containers and stop them there
+    - or you can click into individual containers and stop them there
-
+
-##### 4. Find the version of PHP compatible with the running nextcloud container
+##### 4. Find the version of PHP compatible with the running nextcloud container
- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
+- navigate to ```nextcloud-aio-nextcloud``` and click on ```logs```, you should see something along the lines of:
-```logs
+```logs
-This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
+This version of nextcloud is not compatible with >=php 8.2, you are currently running php 8.2.18
-```
+```
-Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
+Make **note** of the version which is compatible, rounding down to 1 digit after the dot. 
- - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
+ - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
-
+
-##### 5. Find the correct container version
+##### 5. Find the correct container version
-In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
+However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
-
+
-##### 6. Replace the container
+##### 6. Replace the container
- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
+- Navigate to the ```nextcloud-aio-nextcloud``` container within portainer
- Click ```Duplicate/Edit```
+- Click ```Duplicate/Edit```
- Within image, change this to the correct version from Step 5
+- Within image, change this to the correct version from Step 5
- Click ```Deploy the container```
+- Click ```Deploy the container```
-    - if you are prompted to force repull the image click the slider and press pull image
+    - if you are prompted to force repull the image click the slider and press pull image
-
+
-*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
+*Navigate to the nextcloud-aio-nextcloud logs and you will see the container updating*
-
+
-Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
+Once you see no more activities in the logs or a message like ```NOTICE: ready to handle connections```, we've done it!
-
+
-#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
+#### Now you can handle everything through the AIO interface and stop and restart the containers normally.
-
+
---
+---
-
+
-##### 7. Last Step is removing portainer if you don't want to keep it
+##### 7. Last Step is removing portainer if you don't want to keep it
-
+
-```bash
+```bash
-docker stop portainer
+docker stop portainer
-docker rm portainer
+docker rm portainer
-docker volume rm portainer_data
+docker volume rm portainer_data
-```
+```
- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
+- Make sure you close port 9443 on your firewall and delete any necessary reverse proxy hosts.
@@ -1,228 +1,228 @@
-# Multiple AIO instances
+# Multiple AIO instances
-It is possible to run multiple instances of AIO on one server.
+It is possible to run multiple instances of AIO on one server.
-
+
-There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
+There are two ways to achieve this: The normal way is creating multiple VMs, installing AIO in [reverse proxy mode](./reverse-proxy.md) in each of them and having one reverse proxy in front of them that points to each VM (you also need to [use a different `TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each of them). The second and more advanced way is creating multiple users on the server and using docker rootless for each of them in order to install multiple instances on the same server. 
-
+
-
+
-## Run multiple AIO instances on the same server with docker rootless
+## Run multiple AIO instances on the same server with docker rootless
-1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
+1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
-1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
+1. Log in as each of the users by opening a new SSH connection as the user and install docker rootless for each of them by following step 0-1 and 3-4 of the [docker rootless documentation](./docker-rootless.md) (you can skip step 2 in this case).
-1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+1. Then install AIO in reverse proxy mode by using the command that is described in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
-**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
+**⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
-1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
+1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
-1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
+1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
-1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
+1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
-1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
+1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
-1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly!
+1. Please also do not forget to open/forward each chosen `TALK_PORT` UDP and TCP in your firewall/router as otherwise Talk will not work correctly!
-
+
-Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
+Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!
-
+
-
+
-## Run multiple AIO instances on the same server inside their own virtual machines
+## Run multiple AIO instances on the same server inside their own virtual machines
-This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root.
+This guide will walk you through creating and configuring two (or more) Debian-based VMs (with "reverse proxy mode" Nextcloud AIO installed in each VM), behind one Caddy reverse proxy, all running on one host physical machine (like a laptop or desktop PC). It's highly recommend to follow the steps in order. Steps 1 through 4 will need to be repeated. Steps 5 through 8 only need to be completed once. All commands are expected to be run as root.
-
+
-<details><summary><strong>PLEASE READ: A few expectations about your network</strong></summary>
+<details><summary><strong>PLEASE READ: A few expectations about your network</strong></summary>
-This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of <a href="https://nextcloud.com/providers/">Nextcloud's trusted providers.</a>
+This guide assumes that you have forwarded ports 443 and 8443 to your host physical machine via your router's configuration page, and either set up Dynamic DNS or obtained a static outbound IP address from your ISP. If this is not the case, or if you are brand-new to networking, you probably should not proceed with this guide, unless you are just using it for educational purposes. Proper network setup and security is critical when it comes to keeping your data safe. You may consider hosting using a VPS instead, or choosing one of <a href="https://nextcloud.com/providers/">Nextcloud's trusted providers.</a>
-</details>
+</details>
-
+
-<details><summary><strong>A note for VPS users</strong></summary>
+<details><summary><strong>A note for VPS users</strong></summary>
-If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along.
+If you want to do this on a VPS, and your VPS is KVM-based and provides a static IP address, you can likely benefit from this guide too! Simply replace the words "host physical machine" with "VPS" and follow along.
-</details>
+</details>
-
+
-**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use.
+**Before starting:** Make sure your host physical machine has enough resources. A host machine with 8GB RAM and 100GB storage is sufficient for running two fairly minimal VMs, with 2GB RAM and 32GB storage allocated to each VM. This guide assumes you have these resources at the minimum. This is fine for just testing the setup, but you will probably want to allocate more resources to your VMs if you plan to use this for day-to-day use.
-If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation.
+If your host machine has more than 8GB memory available, and you plan to enable any of the optional containers (Nextcloud Office, Talk, Imaginary, etc.) in any of your instances, then you should definitely allocate more memory to the VM hosting that instance. In other words, before turning on any extra features inside a particular AIO interface, make sure you've first allocated enough resources to the VM that the instance is running inside. If in doubt, the AIO interface itself gives great recommendations for extra CPU and RAM allocation.
-
+
-**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**):
+**Additional prerequisites:** Your host physical machine needs to have virtualization enabled in it's UEFI/BIOS. It also needs a few tools installed in order to create VMs. Assuming your host machine is a bare-bones Ubuntu or Debian Linux server without a desktop environment installed, the easiest way to create VMs is to install *QEMU*, *virsh*, *virt-install*, and a few extra packages to support UEFI booting and network config ([more info](https://wiki.debian.org/KVM)). You only need to do this once. To do this, run this command (**on the host physical machine**):
-<!--
+<!--
-```shell
+```shell
-# For host machines running Ubuntu Server:
+# For host machines running Ubuntu Server:
-apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils
+apt install --no-install-recommends qemu-system libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils
-```
+```
-```shell
+```shell
-# For host machines running Debian:
+# For host machines running Debian:
-apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
-```
+```
-->
+-->
-```shell
+```shell
-# For host machines running Ubuntu Server or Debian:
+# For host machines running Ubuntu Server or Debian:
-apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
+apt install --no-install-recommends qemu-system qemu-utils libvirt-clients libvirt-daemon-system virtinst ovmf bridge-utils dnsmasq-base
-```
+```
-
+
-**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1).
+**Let's begin!** This guide assumes that you have two domains where you would like to host two individual AIO instances (one instance per domain). Let's call these domains `example1.com` and `example2.com`. Therefore, we'll create two VMs named `example1-com` and `example2-com` (These are the VM names we'll use below in step 1).
-
+
-**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.**
+**Once you're ready, follow steps 1-4 below to set up your VMs. You will configure them one at a time.**
-
+
-1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it.
+1. Choose a name for your VM. A good choice is to name each VM the same as the domain name that will be used to access it.
-2. Choose the distribution you'd like to install within the VM:
+2. Choose the distribution you'd like to install within the VM:
-   <details><summary><strong>Ubuntu Server 22.04.4 LTS</strong></summary>
+   <details><summary><strong>Ubuntu Server 22.04.4 LTS</strong></summary>
-       <h4>Downloading the .ISO image</h4>
+       <h4>Downloading the .ISO image</h4>
-       You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image.
+       You must first download an .ISO image to your host machine, and then provide virt-install with the path to that image.
-       <!-- This step is required because Ubuntu no longer hosts their "Legacy Ubuntu Server Installer" images, meaning we can no longer pass a URL to virt-install to use as a location. -->
+       <!-- This step is required because Ubuntu no longer hosts their "Legacy Ubuntu Server Installer" images, meaning we can no longer pass a URL to virt-install to use as a location. -->
-       <pre><code># Skip this part if you've already downloaded this image
+       <pre><code># Skip this part if you've already downloaded this image
-   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
+   curl -o /tmp/ubuntu-22.04.4-live-server-amd64.iso https://releases.ubuntu.com/jammy/ubuntu-22.04.4-live-server-amd64.iso
-   </code></pre>
+   </code></pre>
-       <em>Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail.</em>
+       <em>Note: You may choose a different place to store the .ISO file, but it needs to be somewhere accessible by QEMU. "/tmp" and "/home" work well, but choosing a location like "/root" will cause the next command to fail.</em>
-       <h4>Creating the VM</h4>
+       <h4>Creating the VM</h4>
-       Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]):
+       Now create the Ubuntu Server VM (Don't forget to replace [VM_NAME]):
-       <pre><code>virt-install \
+       <pre><code>virt-install \
-   --name [VM_NAME] \
+   --name [VM_NAME] \
-   --virt-type kvm \
+   --virt-type kvm \
-   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
+   --location /tmp/ubuntu-22.04.4-live-server-amd64.iso,kernel=casper/vmlinuz,initrd=casper/initrd \
-   --os-variant ubuntujammy \
+   --os-variant ubuntujammy \
-   --disk size=32 \
+   --disk size=32 \
-   --memory 2048 \
+   --memory 2048 \
-   --graphics none \
+   --graphics none \
-   --console pty,target_type=serial \
+   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
+   --extra-args "console=ttyS0" \
-   --autostart \
+   --autostart \
-   --boot uefi
+   --boot uefi
-   </code></pre>
+   </code></pre>
-       <h4>Using a different version of Ubuntu Server</h4>
+       <h4>Using a different version of Ubuntu Server</h4>
-       To use a different Ubuntu Server release, visit <a href="https://releases.ubuntu.com">this page</a> and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly.
+       To use a different Ubuntu Server release, visit <a href="https://releases.ubuntu.com">this page</a> and find the version you want. You will need to adjust the filename and URL for the curl command, and the location and os-variant for the virt-install command, accordingly.
-   </details>
+   </details>
-   <details><summary><strong>Debian 11</strong></summary>
+   <details><summary><strong>Debian 11</strong></summary>
-       <h4>Creating the VM</h4>
+       <h4>Creating the VM</h4>
-       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
-       <pre><code>virt-install \
+       <pre><code>virt-install \
-   --name [VM_NAME] \
+   --name [VM_NAME] \
-   --virt-type kvm \
+   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
+   --location http://deb.debian.org/debian/dists/bullseye/main/installer-amd64/ \
-   --os-variant debian11 \
+   --os-variant debian11 \
-   --disk size=32 \
+   --disk size=32 \
-   --memory 2048 \
+   --memory 2048 \
-   --graphics none \
+   --graphics none \
-   --console pty,target_type=serial \
+   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
+   --extra-args "console=ttyS0" \
-   --autostart \
+   --autostart \
-   --boot uefi
+   --boot uefi
-   </code></pre>
+   </code></pre>
-   </details>
+   </details>
-   <details><summary><strong>Debian 12</strong></summary>
+   <details><summary><strong>Debian 12</strong></summary>
-       <h4>Creating the VM</h4>
+       <h4>Creating the VM</h4>
-       Create the Debian VM (Don't forget to replace [VM_NAME]):
+       Create the Debian VM (Don't forget to replace [VM_NAME]):
-       <pre><code># If the os-variant "debian12" is unknown, try "debiantesting" instead
+       <pre><code># If the os-variant "debian12" is unknown, try "debiantesting" instead
-   virt-install \
+   virt-install \
-   --name [VM_NAME] \
+   --name [VM_NAME] \
-   --virt-type kvm \
+   --virt-type kvm \
-   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
+   --location http://deb.debian.org/debian/dists/bookworm/main/installer-amd64/ \
-   --os-variant debian12 \
+   --os-variant debian12 \
-   --disk size=32 \
+   --disk size=32 \
-   --memory 2048 \
+   --memory 2048 \
-   --graphics none \
+   --graphics none \
-   --console pty,target_type=serial \
+   --console pty,target_type=serial \
-   --extra-args "console=ttyS0" \
+   --extra-args "console=ttyS0" \
-   --autostart \
+   --autostart \
-   --boot uefi
+   --boot uefi
-   </code></pre>
+   </code></pre>
-   </details>
+   </details>
-   <!--To learn more about virt-install or automating this process, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_installation_overview-creating_guests_with_virt_install">this guide</a>.-->
+   <!--To learn more about virt-install or automating this process, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-guest_virtual_machine_installation_overview-creating_guests_with_virt_install">this guide</a>.-->
-3. Navigate through the text-based installer. Most options can remain as default, but here are some tips:
+3. Navigate through the text-based installer. Most options can remain as default, but here are some tips:
-   <details><summary><strong>For the Ubuntu Server installer</strong></summary>
+   <details><summary><strong>For the Ubuntu Server installer</strong></summary>
-   When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do <strong>not</strong> want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return.
+   When asked about the "type of installation", you can leave the default "Ubuntu Server" without third-party drivers. You can leave the HTTP proxy information blank. In the "Profile Configuration" section, you can set "Your servers name" (hostname) to the same value as the name you gave to your VM (for example, "example1-com"). The installer will only let you create a non-root user. Note down the password you use here! You may skip enabling Ubuntu Pro. You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. You'll eventually be given the option to install additional software. Although "Nextcloud" is listed here, you almost certainly do <strong>not</strong> want to select this option, since you are setting up Nextcloud AIO. You'll be asked about installing "SSH server", this is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Finally, disregard the "[FAILED] Failed unmounting /cdrom." message, and press return.
-   </details>
+   </details>
-   <details><summary><strong>For the Debian installer</strong></summary>
+   <details><summary><strong>For the Debian installer</strong></summary>
-   When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device.
+   When asked, you can set the hostname to the same value as the name you gave to your VM (for example, "example1-com"). You can leave the domain name and HTTP proxy information blank. Allow the installer to create both a root and a non-root user. Note down the password(s) you use here! You can allow the partitioner to use the entire disk, this only uses the virtual disk that you defined above in step 2. When tasksel (Software selection) runs and asks if you want to install additional software, use spacebar and your arrow keys to un-check the "Debian desktop environment" and "GNOME" options. The "SSH server" option is entirely optional (This lets you easily SSH into the VM in the future in case you have to perform any maintenance, but even if you do not install an SSH server, you can still log in using the "virsh console" command). Make sure "standard system utilities" is also checked. Hit tab to select "Continue". Finally, disregard the warning about GRUB, allow it to install to your "primary drive" (again, it's only virtual, and this only applies to the VM- this will not affect the boot configuration of your host physical machine) and select "/dev/vda" for the bootable device.
-   </details>
+   </details>
-4. Configure your new VM:
+4. Configure your new VM:
-
+
-   After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges.
+   After it has finished installing, the VM will have rebooted and presented you with a login prompt. For Debian, just use `root` as the username, and enter the password you chose during the installation process. Ubuntu restricts root account access, so you'll need to first login with your non-root user, and then run `sudo su -` to elevate your privileges.
-
+
-   We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them.
+   We will now run a few commands to install docker and AIO in reverse proxy mode! As with any other commands, carefully read and try your best to understand them before running them.
-
+
-   **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.**
+   **Each time you reach this step and run the `docker run` command below, you'll need to increment the `TALK_PORT` value. For example: 3478, 3479, etc... You may use other values as long as they don't conflict, and make sure they are [greater than 1024](https://github.com/nextcloud/all-in-one/discussions/2517). Be sure to note down the Talk port number you've assigned to this VM/AIO instance. You will need it later if you decide to enable Nextcloud Talk.**
-
+
-   Run these commands (**on the VM**):
+   Run these commands (**on the VM**):
-   ```shell
+   ```shell
-   apt install -y curl
+   apt install -y curl
-   
+   
-   curl -fsSL https://get.docker.com | sh
+   curl -fsSL https://get.docker.com | sh
-
+
-   # Make sure you increment the TALK_PORT value every time you run this!
+   # Make sure you increment the TALK_PORT value every time you run this!
-   docker run \
+   docker run \
-   --init \
+   --init \
-   --sig-proxy=false \
+   --sig-proxy=false \
-   --name nextcloud-aio-mastercontainer \
+   --name nextcloud-aio-mastercontainer \
-   --restart always \
+   --restart always \
-   --publish 8080:8080 \
+   --publish 8080:8080 \
-   --env APACHE_PORT=11000 \
+   --env APACHE_PORT=11000 \
-   --env APACHE_IP_BINDING=0.0.0.0 \
+   --env APACHE_IP_BINDING=0.0.0.0 \
-   --env TALK_PORT=3478 \
+   --env TALK_PORT=3478 \
-   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+   --volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
-   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
+   --volume /var/run/docker.sock:/var/run/docker.sock:ro \
-   ghcr.io/nextcloud-releases/all-in-one:latest
+   ghcr.io/nextcloud-releases/all-in-one:latest
-   ```
+   ```
-   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
+   The last command may take a few minutes. When it's finished, you should see a success message, saying "Initial startup of Nextcloud All-in-One complete!". Now exit the console session with `Ctrl + [c]`. This concludes the setup for this particular VM.
-
+
-   
+   
-   ---
+   ---
-6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)*
+6. Go ahead and run through steps 1-4 again in order to set up your second VM. When you're finished, proceed down to step 6. *(Note: If you downloaded the Ubuntu .ISO image and no longer need it, you may delete it now.)*
-7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**):
+7. Almost done! All that's left is configuring your reverse proxy. To do this, you first need to [install it](https://caddyserver.com/docs/install#debian-ubuntu-raspbian). Run (**on the host physical machine**):
-   ```shell
+   ```shell
-   apt update -y
+   apt update -y
-   apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
+   apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
-   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
-   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
+   curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
-   apt update -y
+   apt update -y
-   apt install -y caddy
+   apt install -y caddy
-   ```
+   ```
-   These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source.
+   These commands will ensure that your system is up-to-date and install the latest stable version of Caddy via it's official binary source.
-8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**):
+8. To configure Caddy, you need to know the IP address assigned to each VM. Run (**on the host physical machine**):
-    ```shell
+    ```shell
-    virsh net-dhcp-leases default
+    virsh net-dhcp-leases default
-    ```
+    ```
-    This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname.
+    This will show you the VMs you set up, and the IP address corresponding to each of them. Note down each IP and corresponding hostname.
-    Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor:
+    Finally, you will configure Caddy using this information. Open the default Caddyfile with a text editor:
-    ```shell
+    ```shell
-    nano /etc/caddy/Caddyfile
+    nano /etc/caddy/Caddyfile
-    ```
+    ```
-    Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`.
+    Replace everything in this file with the following configuration. Don't forget to edit this sample configuration and substitute in your own domain names and IP addresses. `[DOMAIN_NAME_*]` should be a domain name like `example1.com`, and `[IP_ADDRESS_*]` should be a local IPv4 address like `192.168.122.225`.
-    ```shell
+    ```shell
-    # Virtual machine #1 - "example1-com"
+    # Virtual machine #1 - "example1-com"
-    https://[DOMAIN_NAME_1]:8443 {
+    https://[DOMAIN_NAME_1]:8443 {
-        reverse_proxy https://[IP_ADDRESS_1]:8080 {
+        reverse_proxy https://[IP_ADDRESS_1]:8080 {
-            header_up Host {host}
+            header_up Host {host}
-            transport http {
+            transport http {
-                tls_insecure_skip_verify
+                tls_insecure_skip_verify
-            }
+            }
-        }
+        }
-    }
+    }
-    https://[DOMAIN_NAME_1]:443 {
+    https://[DOMAIN_NAME_1]:443 {
-        reverse_proxy [IP_ADDRESS_1]:11000
+        reverse_proxy [IP_ADDRESS_1]:11000
-    }
+    }
-    
+    
-    # Virtual machine #2 - "example2-com"
+    # Virtual machine #2 - "example2-com"
-    https://[DOMAIN_NAME_2]:8443 {
+    https://[DOMAIN_NAME_2]:8443 {
-        reverse_proxy https://[IP_ADDRESS_2]:8080 {
+        reverse_proxy https://[IP_ADDRESS_2]:8080 {
-            header_up Host {host}
+            header_up Host {host}
-            transport http {
+            transport http {
-                tls_insecure_skip_verify
+                tls_insecure_skip_verify
-            }
+            }
-        }
+        }
-    }
+    }
-    https://[DOMAIN_NAME_2]:443 {
+    https://[DOMAIN_NAME_2]:443 {
-        reverse_proxy [IP_ADDRESS_2]:11000
+        reverse_proxy [IP_ADDRESS_2]:11000
-    }
+    }
-
+
-    # (Add more configurations here if you set up more than two VMs!)
+    # (Add more configurations here if you set up more than two VMs!)
-    ```
+    ```
-    After making this change, you'll need to restart Caddy:
+    After making this change, you'll need to restart Caddy:
-   ```shell
+   ```shell
-   systemctl restart caddy
+   systemctl restart caddy
-   ```
+   ```
-9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy!
+9. That's it! Now, all that's left is to set up your instances through the AIO interface as usual by visiting `https://example1.com:8443` and `https://example2.com:8443` in a browser. Once you're finished going through each setup, you can access your new instances simply through their domain names. You can host as many instances with as many domain names as you want this way, as long as you have enough system resources. Enjoy!
-    
+    
-    <details><summary><strong>A few extra tips for managing this setup</strong></summary>
+    <details><summary><strong>A few extra tips for managing this setup</strong></summary>
-        <ul>
+        <ul>
-            <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
+            <li>You can easily connect to a VM to perform maintenance using this command (<strong>on the host physical machine</strong>): <pre><code>virsh console --domain [VM_NAME]</code></pre></li>
-            <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
+            <li>If you chose to install an SSH Server, you can SSH in using this command (<strong>on the host physical machine</strong>): <pre><code>ssh [NONROOT_USER]@[IP_ADDRESS] # By default, OpenSSH does not allow logging in as root</code></pre></li>
-            <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
+            <li>If you mess up the configuration of a VM, you may wish to completely delete it and start fresh with a new one. <strong>THIS WILL DELETE ALL DATA ASSOCIATED WITH THE VM INCLUDING ANYTHING IN YOUR AIO DATADIR!</strong> If you are sure you would like to do this, run (<strong>on the host physical machine</strong>): <pre><code>virsh destroy --domain [VM_NAME] ; virsh undefine --nvram --domain [VM_NAME] && rm -rfi /var/lib/libvirt/images/[VM_NAME].qcow2</code></pre></li>
-            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
+            <li>Using Nextcloud Talk will require some extra configuration. Back when you set up your VMs, they were (by default) configured with NAT, meaning they are in their own subnet. The VMs must each instead be bridged, so that your router may directly "see" them (as if they were real, physical devices on your network), and each AIO instance inside each VM must be configured with a different Talk port (like 3478, 3479, etc.). You should have already set these port numbers (back when you first configured the VM in step 4 above), but if you still need to set (or want to change) these values, you can remove the mastercontainer and re-run the initial "docker run" command with a modified Talk port <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port">like so</a>. Then, the Talk port for EACH instance needs to be forwarded in your router's settings DIRECTLY to the VM hosting the instance (completely bypassing your host physical machine/reverse proxy). And finally, inside an admin-privileged account (such as the default "admin" account) in each instance, you must visit <strong>https://[DOMAIN_NAME]/settings/admin/talk</strong> then find the STUN/TURN Settings, and from there set the proper values. If this is too complicated, it may be easier to use public STUN/TURN servers, but I have not tested any of this, rather I'm just sharing what I have found so far (more info available <a href="https://github.com/nextcloud/all-in-one/discussions/2517">here</a>). If you have figured this out or if any of this information is incorrect, please edit this section!</li>
-            <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
+            <li>Configuring daily automatic backups is a bit more involved with this setup. But for the occasional manual borg backup, you can connect a physical SSD/HDD via a cheap USB SATA adapter/dock to a free USB port on your host physical machine, and then use these commands to pass the disk through to a VM of your choosing (<strong>on the host physical machine and on the VM</strong>): <pre><code>virsh attach-device --live --domain [VM_NAME] --file [USB_DEVICE_DEFINITION.xml]
-   virsh console --domain [VM_NAME]
+   virsh console --domain [VM_NAME]
-   # (Login to the VM with root privileges)
+   # (Login to the VM with root privileges)
-   mkdir -p /mnt/[MOUNT_NAME]
+   mkdir -p /mnt/[MOUNT_NAME]
-   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]</code></pre></li>
+   mount /dev/disk/by-label/[DISK_NAME] /mnt/[MOUNT_NAME]</code></pre></li>
-            To create the XML device definition file, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh">this short guide</a>. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup.
+            To create the XML device definition file, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/virtualization_administration_guide/sect-managing_guest_virtual_machines_with_virsh-attaching_and_updating_a_device_with_virsh">this short guide</a>. An SSD/HDD is recommended, but nothing is stopping you from using something as simple as a flash drive for testing if you really want. Finally, to actually perform a manual backup, make sure your disk is properly mounted and then simply use the AIO interface to perform the backup.
-            <li>If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)</li>
+            <li>If you want to shave off around 8-10 seconds of total boot time when you reboot your host physical machine, a simple trick is to lower the GRUB_TIMEOUT from the default five seconds to one second, on both the host physical machine and each of the VMs. You can also remove the delay, but it's generally safer to leave at least one second. (Always be extremely careful when editing GRUB config, especially on the host physical machine, as an incorrect configuration can prevent your device from booting!)</li>
-        </ul>
+        </ul>
-    </details>
+    </details>
@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 13.1.0
+version: 13.0.4
 apiVersion: v2
 keywords:
  - latest
@@ -49,6 +49,8 @@ spec:
              value: "{{ .Values.APACHE_PORT }}"
            - name: COLLABORA_HOST
              value: nextcloud-aio-collabora
            - name: HARP_HOST
              value: nextcloud-aio-harp
            - name: NC_DOMAIN
              value: "{{ .Values.NC_DOMAIN }}"
            - name: NEXTCLOUD_HOST
@@ -63,7 +65,7 @@ spec:
              value: "{{ .Values.TIMEZONE }}"
            - name: WHITEBOARD_HOST
              value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-apache:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -36,7 +36,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
          command:
            - mkdir
            - "-p"
@@ -61,7 +61,7 @@ spec:
              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-clamav:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -38,9 +38,9 @@ spec:
            - name: server_name
              value: "{{ .Values.NC_DOMAIN }}"
          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
-          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:20260515_145717
          {{- else }}
-          image: ghcr.io/nextcloud-releases/aio-collabora:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-collabora:20260515_145717
          {{- end }}
          readinessProbe:
            exec:
@@ -35,7 +35,7 @@ spec:
        {{- end }}
      initContainers:
        - name: init-subpath
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
          command:
            - mkdir
            - "-p"
@@ -66,7 +66,7 @@ spec:
              value: nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
          command:
            - chmod
            - "777"
@@ -60,7 +60,7 @@ spec:
              value: basic
            - name: xpack.security.enabled
              value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -40,7 +40,7 @@ spec:
              value: "{{ .Values.IMAGINARY_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
          command:
            - chmod
            - "777"
@@ -192,7 +192,7 @@ spec:
              value: "{{ .Values.WHITEBOARD_ENABLED }}"
            - name: WHITEBOARD_SECRET
              value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20260515_145717
          {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
          securityContext:
            # The items below only work in container context
@@ -41,7 +41,7 @@ spec:
              value: nextcloud-aio-nextcloud
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -24,7 +24,7 @@ spec:
    spec:
      initContainers:
        - name: init-volumes
-          image: ghcr.io/nextcloud-releases/aio-alpine:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-alpine:20260515_145717
          command:
            - chmod
            - "777"
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.AIO_LOG_LEVEL }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -41,7 +41,7 @@ spec:
              value: "{{ .Values.REDIS_PASSWORD }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-redis:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -56,7 +56,7 @@ spec:
              value: "{{ .Values.TURN_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-talk:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -46,7 +46,7 @@ spec:
              value: "{{ .Values.RECORDING_SECRET }}"
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -52,7 +52,7 @@ spec:
              value: redis
            - name: TZ
              value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260527_140826
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20260515_145717
          readinessProbe:
            exec:
              command:
@@ -133,7 +133,7 @@ for variable in "${DEPLOYMENTS[@]}"; do
            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
-        elif echo "$variable" | grep -q "fulltextsearch" || echo "$variable" | grep -q "onlyoffice" || echo "$variable" | grep -q "eurooffice" || echo "$variable" | grep -q "collabora"; then
+        elif echo "$variable" | grep -q "fulltextsearch" || echo "$variable" | grep -q "onlyoffice" || echo "$variable" | grep -q "collabora"; then
            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
        fi
        volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
@@ -499,7 +499,7 @@ cat << EOL > /tmp/security.conf
              {{- end }}
 EOL
 # shellcheck disable=SC1083
-find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -not -name '*eurooffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \;
+find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i "/^          securityContext:$/r /tmp/security.conf" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{} \;
@@ -64,26 +64,25 @@
        },
        {
            "name": "guzzlehttp/guzzle",
-            "version": "7.11.0",
+            "version": "7.10.2",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b"
+                "reference": "aed36fd5fb4844f284252a999d9abf35d3a9a1ae"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/c987f8ce84b8434fa430795eca0f3430663da72b",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/aed36fd5fb4844f284252a999d9abf35d3a9a1ae",
-                "reference": "c987f8ce84b8434fa430795eca0f3430663da72b",
+                "reference": "aed36fd5fb4844f284252a999d9abf35d3a9a1ae",
                "shasum": ""
            },
            "require": {
                "ext-json": "*",
-                "guzzlehttp/promises": "^2.5",
+                "guzzlehttp/promises": "^2.3",
-                "guzzlehttp/psr7": "^2.11",
+                "guzzlehttp/psr7": "^2.8",
                "php": "^7.2.5 || ^8.0",
                "psr/http-client": "^1.0",
-                "symfony/deprecation-contracts": "^2.5 || ^3.0",
+                "symfony/deprecation-contracts": "^2.2 || ^3.0"
                "symfony/polyfill-php80": "^1.24"
            },
            "provide": {
                "psr/http-client-implementation": "1.0"
@@ -92,7 +91,7 @@
                "bamarni/composer-bin-plugin": "^1.8.2",
                "ext-curl": "*",
                "guzzle/client-integration-tests": "3.0.2",
-                "guzzlehttp/test-server": "^0.4",
+                "guzzlehttp/test-server": "^0.3.2",
                "php-http/message-factory": "^1.1",
                "phpunit/phpunit": "^8.5.52 || ^9.6.34",
                "psr/log": "^1.1 || ^2.0 || ^3.0"
@@ -172,7 +171,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.11.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.10.2"
            },
            "funding": [
                {
@@ -188,25 +187,24 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-06-02T12:40:51+00:00"
+            "time": "2026-05-20T11:58:52+00:00"
        },
        {
            "name": "guzzlehttp/promises",
-            "version": "2.5.0",
+            "version": "2.3.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/promises.git",
-                "reference": "4360e982f87f5f258bf872d094647791db2f4c8e"
+                "reference": "d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/4360e982f87f5f258bf872d094647791db2f4c8e",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e",
-                "reference": "4360e982f87f5f258bf872d094647791db2f4c8e",
+                "reference": "d2d8dfae4757f384d630fdffc2d8d6618d8f4c5e",
                "shasum": ""
            },
            "require": {
-                "php": "^7.2.5 || ^8.0",
+                "php": "^7.2.5 || ^8.0"
                "symfony/deprecation-contracts": "^2.5 || ^3.0"
            },
            "require-dev": {
                "bamarni/composer-bin-plugin": "^1.8.2",
@@ -256,7 +254,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/2.5.0"
+                "source": "https://github.com/guzzle/promises/tree/2.3.1"
            },
            "funding": [
                {
@@ -272,29 +270,27 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-06-02T12:23:43+00:00"
+            "time": "2026-05-19T18:30:48+00:00"
        },
        {
            "name": "guzzlehttp/psr7",
-            "version": "2.11.0",
+            "version": "2.10.1",
            "source": {
                "type": "git",
                "url": "https://github.com/guzzle/psr7.git",
-                "reference": "bbb5e61349fa5cb822b3e87842b951088b76b81f"
+                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/bbb5e61349fa5cb822b3e87842b951088b76b81f",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/73ab136360b5dfd858006eae9795e8fe43c80361",
-                "reference": "bbb5e61349fa5cb822b3e87842b951088b76b81f",
+                "reference": "73ab136360b5dfd858006eae9795e8fe43c80361",
                "shasum": ""
            },
            "require": {
                "php": "^7.2.5 || ^8.0",
                "psr/http-factory": "^1.0",
                "psr/http-message": "^1.1 || ^2.0",
-                "ralouphie/getallheaders": "^3.0",
+                "ralouphie/getallheaders": "^3.0"
                "symfony/deprecation-contracts": "^2.5 || ^3.0",
                "symfony/polyfill-php80": "^1.24"
            },
            "provide": {
                "psr/http-factory-implementation": "1.0",
@@ -375,7 +371,7 @@
            ],
            "support": {
                "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.11.0"
+                "source": "https://github.com/guzzle/psr7/tree/2.10.1"
            },
            "funding": [
                {
@@ -391,7 +387,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-06-02T12:30:48+00:00"
+            "time": "2026-05-20T09:27:36+00:00"
        },
        {
            "name": "http-interop/http-factory-guzzle",
@@ -1289,16 +1285,16 @@
        },
        {
            "name": "slim/slim",
-            "version": "4.15.2",
+            "version": "4.15.1",
            "source": {
                "type": "git",
                "url": "https://github.com/slimphp/Slim.git",
-                "reference": "e12cb05ca2a14e8f459d019e87a31dc915b80470"
+                "reference": "887893516557506f254d950425ce7f5387a26970"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/e12cb05ca2a14e8f459d019e87a31dc915b80470",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/887893516557506f254d950425ce7f5387a26970",
-                "reference": "e12cb05ca2a14e8f459d019e87a31dc915b80470",
+                "reference": "887893516557506f254d950425ce7f5387a26970",
                "shasum": ""
            },
            "require": {
@@ -1401,7 +1397,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-22T08:00:12+00:00"
+            "time": "2025-11-21T12:23:44+00:00"
        },
        {
            "name": "slim/twig-view",
@@ -1624,16 +1620,16 @@
        },
        {
            "name": "symfony/polyfill-mbstring",
-            "version": "v1.38.1",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92"
+                "reference": "6a21eb99c6973357967f6ce3708cd55a6bec6315"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/14c5439eec4ccff081ac14eca2dc57feb2a66d92",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6a21eb99c6973357967f6ce3708cd55a6bec6315",
-                "reference": "14c5439eec4ccff081ac14eca2dc57feb2a66d92",
+                "reference": "6a21eb99c6973357967f6ce3708cd55a6bec6315",
                "shasum": ""
            },
            "require": {
@@ -1685,7 +1681,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.38.1"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.37.0"
            },
            "funding": [
                {
@@ -1705,104 +1701,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-26T12:51:13+00:00"
+            "time": "2026-04-10T17:25:58+00:00"
        },
        {
            "name": "symfony/polyfill-php80",
            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php80.git",
                "reference": "dfb55726c3a76ea3b6459fcfda1ec2d80a682411"
            },
            "dist": {
                "type": "zip",
                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/dfb55726c3a76ea3b6459fcfda1ec2d80a682411",
                "reference": "dfb55726c3a76ea3b6459fcfda1ec2d80a682411",
                "shasum": ""
            },
            "require": {
                "php": ">=7.2"
            },
            "type": "library",
            "extra": {
                "thanks": {
                    "url": "https://github.com/symfony/polyfill",
                    "name": "symfony/polyfill"
                }
            },
            "autoload": {
                "files": [
                    "bootstrap.php"
                ],
                "psr-4": {
                    "Symfony\\Polyfill\\Php80\\": ""
                },
                "classmap": [
                    "Resources/stubs"
                ]
            },
            "notification-url": "https://packagist.org/downloads/",
            "license": [
                "MIT"
            ],
            "authors": [
                {
                    "name": "Ion Bazan",
                    "email": "ion.bazan@gmail.com"
                },
                {
                    "name": "Nicolas Grekas",
                    "email": "p@tchwork.com"
                },
                {
                    "name": "Symfony Community",
                    "homepage": "https://symfony.com/contributors"
                }
            ],
            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
            "homepage": "https://symfony.com",
            "keywords": [
                "compatibility",
                "polyfill",
                "portable",
                "shim"
            ],
            "support": {
                "source": "https://github.com/symfony/polyfill-php80/tree/v1.37.0"
            },
            "funding": [
                {
                    "url": "https://symfony.com/sponsor",
                    "type": "custom"
                },
                {
                    "url": "https://github.com/fabpot",
                    "type": "github"
                },
                {
                    "url": "https://github.com/nicolas-grekas",
                    "type": "github"
                },
                {
                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
                    "type": "tidelift"
                }
            ],
            "time": "2026-04-10T16:19:22+00:00"
        },
        {
            "name": "symfony/polyfill-php81",
-            "version": "v1.38.1",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "6bfb9c766cacffbc8e118cb87217d08ed84e5cd7"
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/6bfb9c766cacffbc8e118cb87217d08ed84e5cd7",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
-                "reference": "6bfb9c766cacffbc8e118cb87217d08ed84e5cd7",
+                "reference": "4a4cfc2d253c21a5ad0e53071df248ed48c6ce5c",
                "shasum": ""
            },
            "require": {
@@ -1849,7 +1761,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.38.1"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.37.0"
            },
            "funding": [
                {
@@ -1869,20 +1781,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-26T12:45:58+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
        },
        {
            "name": "twig/twig",
-            "version": "v3.27.1",
+            "version": "v3.26.0",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "ae2071bffb38f04847fc0864d730c94b9cb8ab74"
+                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/ae2071bffb38f04847fc0864d730c94b9cb8ab74",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
-                "reference": "ae2071bffb38f04847fc0864d730c94b9cb8ab74",
+                "reference": "1fcae487b180d78e6351f4e0afa91f9eab96a2bc",
                "shasum": ""
            },
            "require": {
@@ -1937,7 +1849,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.27.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.26.0"
            },
            "funding": [
                {
@@ -1949,7 +1861,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-30T17:09:26+00:00"
+            "time": "2026-05-20T07:31:59+00:00"
        }
    ],
    "packages-dev": [
@@ -2478,16 +2390,16 @@
        },
        {
            "name": "amphp/process",
-            "version": "v2.1.0",
+            "version": "v2.0.3",
            "source": {
                "type": "git",
                "url": "https://github.com/amphp/process.git",
-                "reference": "583959df17d00304ad7b0b32285373f985935643"
+                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/amphp/process/zipball/583959df17d00304ad7b0b32285373f985935643",
+                "url": "https://api.github.com/repos/amphp/process/zipball/52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
-                "reference": "583959df17d00304ad7b0b32285373f985935643",
+                "reference": "52e08c09dec7511d5fbc1fb00d3e4e79fc77d58d",
                "shasum": ""
            },
            "require": {
@@ -2501,7 +2413,7 @@
                "amphp/php-cs-fixer-config": "^2",
                "amphp/phpunit-util": "^3",
                "phpunit/phpunit": "^9",
-                "psalm/phar": "6.16.1"
+                "psalm/phar": "^5.4"
            },
            "type": "library",
            "autoload": {
@@ -2534,7 +2446,7 @@
            "homepage": "https://amphp.org/process",
            "support": {
                "issues": "https://github.com/amphp/process/issues",
-                "source": "https://github.com/amphp/process/tree/v2.1.0"
+                "source": "https://github.com/amphp/process/tree/v2.0.3"
            },
            "funding": [
                {
@@ -2542,7 +2454,7 @@
                    "type": "github"
                }
            ],
-            "time": "2026-05-31T15:11:55+00:00"
+            "time": "2024-04-19T03:13:44+00:00"
        },
        {
            "name": "amphp/serialization",
@@ -4141,16 +4053,16 @@
        },
        {
            "name": "symfony/console",
-            "version": "v6.4.41",
+            "version": "v6.4.39",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/console.git",
-                "reference": "d21b17ed158e79180fac3895ff751707970eeb57"
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/console/zipball/d21b17ed158e79180fac3895ff751707970eeb57",
+                "url": "https://api.github.com/repos/symfony/console/zipball/c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
-                "reference": "d21b17ed158e79180fac3895ff751707970eeb57",
+                "reference": "c132f1215fe4aa45b70173cc00ce9a755dd31ec5",
                "shasum": ""
            },
            "require": {
@@ -4215,7 +4127,7 @@
                "terminal"
            ],
            "support": {
-                "source": "https://github.com/symfony/console/tree/v6.4.41"
+                "source": "https://github.com/symfony/console/tree/v6.4.39"
            },
            "funding": [
                {
@@ -4235,25 +4147,24 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-24T08:48:41+00:00"
+            "time": "2026-05-12T06:50:03+00:00"
        },
        {
            "name": "symfony/filesystem",
-            "version": "v8.1.0",
+            "version": "v8.0.11",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/filesystem.git",
-                "reference": "99aec13b82b4967ec5088222c4a3ecca955949c2"
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/filesystem/zipball/99aec13b82b4967ec5088222c4a3ecca955949c2",
+                "url": "https://api.github.com/repos/symfony/filesystem/zipball/224db910898ce1317b892a9a1338f1f8f17eb7c7",
-                "reference": "99aec13b82b4967ec5088222c4a3ecca955949c2",
+                "reference": "224db910898ce1317b892a9a1338f1f8f17eb7c7",
                "shasum": ""
            },
            "require": {
-                "php": ">=8.4.1",
+                "php": ">=8.4",
                "symfony/deprecation-contracts": "^2.5|^3",
                "symfony/polyfill-ctype": "~1.8",
                "symfony/polyfill-mbstring": "~1.8"
            },
@@ -4286,7 +4197,7 @@
            "description": "Provides basic utilities for the filesystem",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/filesystem/tree/v8.1.0"
+                "source": "https://github.com/symfony/filesystem/tree/v8.0.11"
            },
            "funding": [
                {
@@ -4306,7 +4217,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-29T05:06:50+00:00"
+            "time": "2026-05-11T16:39:47+00:00"
        },
        {
            "name": "symfony/finder",
@@ -4378,16 +4289,16 @@
        },
        {
            "name": "symfony/polyfill-intl-grapheme",
-            "version": "v1.38.1",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-grapheme.git",
-                "reference": "e9247d281d694a5120554d9afaf54e070e88a603"
+                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/e9247d281d694a5120554d9afaf54e070e88a603",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/4864388bfbd3001ce88e234fab652acd91fdc57e",
-                "reference": "e9247d281d694a5120554d9afaf54e070e88a603",
+                "reference": "4864388bfbd3001ce88e234fab652acd91fdc57e",
                "shasum": ""
            },
            "require": {
@@ -4436,7 +4347,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.38.1"
+                "source": "https://github.com/symfony/polyfill-intl-grapheme/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4456,20 +4367,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-26T05:58:03+00:00"
+            "time": "2026-04-26T13:13:48+00:00"
        },
        {
            "name": "symfony/polyfill-intl-normalizer",
-            "version": "v1.38.0",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-intl-normalizer.git",
-                "reference": "2d446c214bdbe5b71bde5011b060a05fece3ae6b"
+                "reference": "3833d7255cc303546435cb650316bff708a1c75c"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/2d446c214bdbe5b71bde5011b060a05fece3ae6b",
+                "url": "https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c",
-                "reference": "2d446c214bdbe5b71bde5011b060a05fece3ae6b",
+                "reference": "3833d7255cc303546435cb650316bff708a1c75c",
                "shasum": ""
            },
            "require": {
@@ -4521,7 +4432,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.38.0"
+                "source": "https://github.com/symfony/polyfill-intl-normalizer/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4541,20 +4452,20 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-25T13:48:31+00:00"
+            "time": "2024-09-09T11:45:10+00:00"
        },
        {
            "name": "symfony/polyfill-php84",
-            "version": "v1.38.1",
+            "version": "v1.37.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/polyfill-php84.git",
-                "reference": "f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa"
+                "reference": "88486db2c389b290bf87ff1de7ebc1e13e42bb06"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa",
+                "url": "https://api.github.com/repos/symfony/polyfill-php84/zipball/88486db2c389b290bf87ff1de7ebc1e13e42bb06",
-                "reference": "f4e1dfaee5b74aba5964fe1fd4dfc7ba5e3085fa",
+                "reference": "88486db2c389b290bf87ff1de7ebc1e13e42bb06",
                "shasum": ""
            },
            "require": {
@@ -4601,7 +4512,7 @@
                "shim"
            ],
            "support": {
-                "source": "https://github.com/symfony/polyfill-php84/tree/v1.38.1"
+                "source": "https://github.com/symfony/polyfill-php84/tree/v1.37.0"
            },
            "funding": [
                {
@@ -4621,7 +4532,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-26T12:51:13+00:00"
+            "time": "2026-04-10T18:47:49+00:00"
        },
        {
            "name": "symfony/service-contracts",
@@ -4712,16 +4623,16 @@
        },
        {
            "name": "symfony/string",
-            "version": "v7.4.13",
+            "version": "v7.4.11",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/string.git",
-                "reference": "961683010db3b27ec6ebcd7308e6e1ee8fa7ffde"
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/string/zipball/961683010db3b27ec6ebcd7308e6e1ee8fa7ffde",
+                "url": "https://api.github.com/repos/symfony/string/zipball/965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
-                "reference": "961683010db3b27ec6ebcd7308e6e1ee8fa7ffde",
+                "reference": "965f7306a43383d02c6aca1e3f3bd2f0ea5dee15",
                "shasum": ""
            },
            "require": {
@@ -4779,7 +4690,7 @@
                "utf8"
            ],
            "support": {
-                "source": "https://github.com/symfony/string/tree/v7.4.13"
+                "source": "https://github.com/symfony/string/tree/v7.4.11"
            },
            "funding": [
                {
@@ -4799,7 +4710,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2026-05-23T15:23:29+00:00"
+            "time": "2026-05-13T12:04:42+00:00"
        },
        {
            "name": "vimeo/psalm",
@@ -6,7 +6,6 @@
      "documentation": "https://github.com/nextcloud/all-in-one/discussions/2105",
      "depends_on": [
        "nextcloud-aio-onlyoffice",
        "nextcloud-aio-eurooffice",
        "nextcloud-aio-collabora",
        "nextcloud-aio-talk",
        "nextcloud-aio-notify-push",
@@ -48,7 +47,6 @@
        "APACHE_PORT=%APACHE_PORT%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
        "EUROOFFICE_HOST=nextcloud-aio-eurooffice",
        "TZ=%TIMEZONE%",
        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
@@ -225,7 +223,6 @@
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
        "ONLYOFFICE_SECRET=%ONLYOFFICE_SECRET%",
        "EUROOFFICE_SECRET=%EUROOFFICE_SECRET%",
        "AIO_URL=%AIO_URL%",
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "NC_AIO_VERSION=v%AIO_VERSION%",
@@ -233,12 +230,10 @@
        "CLAMAV_ENABLED=%CLAMAV_ENABLED%",
        "CLAMAV_HOST=nextcloud-aio-clamav",
        "ONLYOFFICE_ENABLED=%ONLYOFFICE_ENABLED%",
        "EUROOFFICE_ENABLED=%EUROOFFICE_ENABLED%",
        "COLLABORA_ENABLED=%COLLABORA_ENABLED%",
        "COLLABORA_HOST=nextcloud-aio-collabora",
        "TALK_ENABLED=%TALK_ENABLED%",
        "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
        "EUROOFFICE_HOST=nextcloud-aio-eurooffice",
        "UPDATE_NEXTCLOUD_APPS=%UPDATE_NEXTCLOUD_APPS%",
        "TZ=%TIMEZONE%",
        "TALK_PORT=%TALK_PORT%",
@@ -362,7 +357,6 @@
      "secrets": [
        "REDIS_PASSWORD",
        "ONLYOFFICE_SECRET",
        "EUROOFFICE_SECRET",
        "RECORDING_SECRET"
      ],
      "restart": "unless-stopped",
@@ -764,50 +758,6 @@
        "NET_RAW"
      ]
    },
    {
      "container_name": "nextcloud-aio-eurooffice",
      "image_tag": "%AIO_CHANNEL%",
      "display_name": "EuroOffice",
      "image": "ghcr.io/nextcloud-releases/aio-eurooffice",
      "init": true,
      "healthcheck": {
        "start_period": "60s",
        "test": "/healthcheck.sh",
        "interval": "30s",
        "timeout": "30s",
        "start_interval": "5s",
        "retries": 9
      },
      "expose": [
        "80"
      ],
      "internal_port": "80",
      "environment": [
        "AIO_LOG_LEVEL=%AIO_LOG_LEVEL%",
        "LOG_LEVEL=%AIO_LOG_LEVEL%",
        "TZ=%TIMEZONE%",
        "JWT_ENABLED=true",
        "JWT_HEADER=AuthorizationJwt",
        "JWT_SECRET=%EUROOFFICE_SECRET%"
      ],
      "volumes": [
        {
          "source": "nextcloud_aio_eurooffice",
          "destination": "/var/lib/euro-office",
          "writeable": true
        }
      ],
      "secrets": [
        "EUROOFFICE_SECRET"
      ],
      "restart": "unless-stopped",
      "profiles": [
        "eurooffice"
      ],
      "cap_drop": [
        "NET_RAW"
      ]
    },
    {
      "container_name": "nextcloud-aio-imaginary",
      "image_tag": "%AIO_CHANNEL%",
@@ -878,13 +828,11 @@
        "discovery.type=single-node",
        "http.port=9200",
        "xpack.license.self_generated.type=basic",
-        "xpack.security.enabled=true",
+        "xpack.security.enabled=false",
        "xpack.security.http.ssl.enabled=false",
        "xpack.security.transport.ssl.enabled=false",
        "indices.fielddata.cache.size=20%",
        "indices.memory.index_buffer_size=20%",
        "thread_pool.write.queue_size=1000",
-        "ELASTIC_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
+        "FULLTEXTSEARCH_PASSWORD=%FULLTEXTSEARCH_PASSWORD%"
      ],
      "volumes": [
        {
@@ -1,14 +0,0 @@
 "use strict";
 // Apply the saved theme immediately to avoid a flash of the wrong theme.
 try { document.documentElement.setAttribute('data-theme', localStorage.getItem('theme') ?? ''); } catch (e) {}
 // React when the user toggles the theme on the parent page while this page is
 // open in an iframe.  localStorage.setItem() fires a 'storage' event on every
 // other window / frame that shares the same origin, so we can keep in sync
 // without the parent having to know about us.
 window.addEventListener('storage', (e) => {
    if (e.key === 'theme') {
        document.documentElement.setAttribute('data-theme', e.newValue ?? '');
    }
 });
@@ -22,11 +22,9 @@ document.addEventListener("DOMContentLoaded", function () {
    // Office suite radio buttons
    const collaboraRadio = document.getElementById('office-collabora');
    const onlyofficeRadio = document.getElementById('office-onlyoffice');
    const euroofficeRadio = document.getElementById('office-eurooffice');
    const noneRadio = document.getElementById('office-none');
    const collaboraHidden = document.getElementById('collabora');
    const onlyofficeHidden = document.getElementById('onlyoffice');
    const euroofficeHidden = document.getElementById('eurooffice');
    let initialOfficeSelection = null;
    optionsContainersCheckboxes.forEach(checkbox => {
@@ -38,13 +36,11 @@ document.addEventListener("DOMContentLoaded", function () {
    });
    // Store initial office suite selection
-    if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio) {
+    if (collaboraRadio && onlyofficeRadio && noneRadio) {
        if (collaboraRadio.checked) {
            initialOfficeSelection = 'collabora';
        } else if (onlyofficeRadio.checked) {
            initialOfficeSelection = 'onlyoffice';
        } else if (euroofficeRadio.checked) {
            initialOfficeSelection = 'eurooffice';
        } else {
            initialOfficeSelection = 'none';
        }
@@ -61,28 +57,20 @@ document.addEventListener("DOMContentLoaded", function () {
        });
        // Check office suite changes and sync to hidden inputs
-        if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden && euroofficeHidden) {
+        if (collaboraRadio && onlyofficeRadio && noneRadio && collaboraHidden && onlyofficeHidden) {
            let currentOfficeSelection = null;
            if (collaboraRadio.checked) {
                currentOfficeSelection = 'collabora';
                collaboraHidden.value = 'on';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = '';
            } else if (onlyofficeRadio.checked) {
                currentOfficeSelection = 'onlyoffice';
                collaboraHidden.value = '';
                onlyofficeHidden.value = 'on';
                euroofficeHidden.value = '';
            } else if (euroofficeRadio.checked) {
                currentOfficeSelection = 'eurooffice';
                collaboraHidden.value = '';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = 'on';
            } else {
                currentOfficeSelection = 'none';
                collaboraHidden.value = '';
                onlyofficeHidden.value = '';
                euroofficeHidden.value = '';
            }
            if (currentOfficeSelection !== initialOfficeSelection) {
@@ -156,10 +144,9 @@ document.addEventListener("DOMContentLoaded", function () {
    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
    // Add event listeners for office suite radio buttons
-    if (collaboraRadio && onlyofficeRadio && euroofficeRadio && noneRadio) {
+    if (collaboraRadio && onlyofficeRadio && noneRadio) {
        collaboraRadio.addEventListener('change', checkForOptionContainerChanges);
        onlyofficeRadio.addEventListener('change', checkForOptionContainerChanges);
        euroofficeRadio.addEventListener('change', checkForOptionContainerChanges);
        noneRadio.addEventListener('change', checkForOptionContainerChanges);
    }
@@ -27,12 +27,6 @@ document.addEventListener("DOMContentLoaded", function(event) {
    const onlyoffice = document.getElementById("office-onlyoffice");
    onlyoffice.disabled = true;
    // EuroOffice
    const eurooffice = document.getElementById("office-eurooffice");
    if (eurooffice) {
        eurooffice.disabled = true;
    }
    // Imaginary
    let imaginary = document.getElementById("imaginary");
    imaginary.disabled = true;
@@ -104,7 +104,6 @@ $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . '
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
 $app->post('/api/docker/backup-reset-location', AIO\Controller\DockerController::class . ':DeleteBorgBackupConfig');
 $app->post('/api/docker/nextcloud-upgrade-to-latest-major', AIO\Controller\DockerController::class . ':RunNextcloudUpgradeToLatestMajor');
 $app->post('/api/docker/prune', AIO\Controller\DockerController::class . ':SystemPrune');
 $app->get('/api/docker/logs', AIO\Controller\DockerController::class . ':GetLogs');
 $app->post('/api/auth/login', AIO\Controller\LoginController::class . ':TryLogin');
@@ -144,6 +143,7 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
        'is_backup_container_running' => $dockerActionManager->isBackupContainerRunning(),
        'backup_exit_code' => $dockerActionManager->GetBackupcontainerExitCode(),
        'is_ssh_auth_error' => $dockerActionManager->isBorgBackupSshAuthError(),
        'is_instance_restore_attempt' => $configurationManager->instanceRestoreAttempt,
        'borg_backup_mode' => $configurationManager->backupMode,
        'was_start_button_clicked' => $configurationManager->wasStartButtonClicked,
@@ -153,7 +153,6 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'current_channel' => $dockerActionManager->GetCurrentChannel(),
        'is_clamav_enabled' => $configurationManager->isClamavEnabled,
        'is_onlyoffice_enabled' => $configurationManager->isOnlyofficeEnabled,
        'is_eurooffice_enabled' => $configurationManager->isEuroofficeEnabled,
        'is_collabora_enabled' => $configurationManager->isCollaboraEnabled,
        'is_talk_enabled' => $configurationManager->isTalkEnabled,
        'borg_restore_password' => $configurationManager->borgRestorePassword,
@@ -183,10 +182,8 @@ $app->get('/containers', function (Request $request, Response $response, array $
        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
        'community_containers_enabled' => $configurationManager->aioCommunityContainers,
        'bypass_container_update' => $bypass_container_update,
-    // Do not cache the page as it shows credentials
+    ]);
    ])->withHeader('Cache-Control', 'no-store');
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Docker\DockerActionManager $dockerActionManager */
@@ -195,7 +192,6 @@ $app->get('/login', function (Request $request, Response $response, array $args)
        'is_login_allowed' => $dockerActionManager->isLoginAllowed(),
    ]);
 });
 $app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\Setup $setup */
@@ -214,10 +210,8 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
        [
            'password' => $setup->Setup(),
        ]
-    // Do not cache the page as it shows credentials
+    );
    )->withHeader('Cache-Control', 'no-store');
 });
 $app->get('/log', function (Request $request, Response $response, array $args) use ($container) {
    $params = $request->getQueryParams();
    $id = $params['id'] ?? '';
@@ -225,13 +219,7 @@ $app->get('/log', function (Request $request, Response $response, array $args) u
        throw new DI\NotFoundException();
    }
    $view = Twig::fromRequest($request);
-    return $view->render(
+    return $view->render($response, 'log.twig', ['id' => $id]);
        $response, 'log.twig', 
        [
            'id' => $id
        ]
    // Do not cache the page as it might shows credentials
    )->withHeader('Cache-Control', 'no-store');
 });
 // Auth Redirector
@@ -10,7 +10,6 @@ pre {
    margin: 0;
    padding: 1rem;
    box-sizing: border-box;
    font-family: system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
 }
 #floating-box {
    position: fixed;
@@ -27,8 +26,7 @@ pre {
    gap: 0.5rem;
    font-size: large;
    border: solid thin gray;
-    background-color: var(--color-main-background);
+    background-color: #f9f9f9;
    color: var(--color-main-text);
    width: 10rem;
    padding: 0.5rem 1rem;
    margin: 0 0 0 1rem;
@@ -483,8 +483,8 @@ input[type="checkbox"]:disabled:not(:checked) + label {
    visibility: hidden;
    opacity: 0;
    align-self: start;
-    width: min(600px, calc(100vw - 4rem));
+    width: 300px;
-    height: min(400px, calc(100vh - 14rem));
+    height: 200px;
    border-radius: var(--border-radius-large);
    border: solid thin rgb(192, 192, 192);
 }
@@ -606,15 +606,13 @@ input[type="checkbox"]:disabled:not(:checked) + label {
 }
 #office-collabora:checked + .office-card,
-#office-onlyoffice:checked + .office-card,
+#office-onlyoffice:checked + .office-card {
 #office-eurooffice:checked + .office-card {
    border-color: var(--color-nextcloud-blue);
    background: linear-gradient(135deg, rgba(0, 130, 201, 0.08) 0%, rgba(0, 130, 201, 0.02) 100%);
 }
 [data-theme="dark"] #office-collabora:checked + .office-card,
-[data-theme="dark"] #office-onlyoffice:checked + .office-card,
+[data-theme="dark"] #office-onlyoffice:checked + .office-card {
 [data-theme="dark"] #office-eurooffice:checked + .office-card {
    background: linear-gradient(135deg, rgba(0, 145, 242, 0.15) 0%, rgba(0, 145, 242, 0.03) 100%);
 }
@@ -633,21 +631,13 @@ input[type="checkbox"]:disabled:not(:checked) + label {
    color: var(--color-main-text);
 }
 .office-powered-by {
    margin: 4px 0 0;
    font-size: 13px;
    color: var(--color-main-text);
    opacity: 0.7;
 }
 .office-checkmark {
    flex-shrink: 0;
    display: none;
 }
 #office-collabora:checked + .office-card .office-checkmark,
-#office-onlyoffice:checked + .office-card .office-checkmark,
+#office-onlyoffice:checked + .office-card .office-checkmark {
 #office-eurooffice:checked + .office-card .office-checkmark {
    display: block;
 }
@@ -11,7 +11,7 @@ function toggleTheme() {
 function setThemeToDOM(value) {
    // Set the theme to the root document and all possible iframe documents (so they can adapt their styling, too).
-    const documents = [document, ...Array.from(document.querySelectorAll('iframe')).map((iframe) => iframe.contentDocument).filter(Boolean)]
+    const documents = [document, Array.from(document.querySelectorAll('iframe')).map((iframe) => iframe.contentDocument)].flat()
    documents.forEach((doc) => doc.documentElement.setAttribute('data-theme', value));
 }
@@ -35,6 +35,4 @@ setThemeToDOM(getSavedTheme());
 document.addEventListener('DOMContentLoaded', () => {
    setThemeIcon(getSavedTheme())
    document.querySelector('button#theme-toggle')?.addEventListener('click', () => toggleTheme());
    // Re-apply theme when the overlay-log iframe navigates (e.g. after a form submission).
    document.querySelector('iframe#overlay-log')?.addEventListener('load', () => setThemeToDOM(getSavedTheme()));
 });
@@ -52,18 +52,14 @@ readonly class ContainerDefinitionFetcher {
        $standardContainerNames = array_column($data['aio_services_v1'], 'container_name');
        $additionalContainerNames = [];
        $additionalTopLevelContainerNames = [];
        foreach ($this->configurationManager->aioCommunityContainers as $communityContainer) {
            if ($communityContainer !== '') {
                $path = DataConst::GetCommunityContainersDirectory() . '/' . $communityContainer . '/' . $communityContainer . '.json';
                $additionalData = json_decode((string)file_get_contents($path), true, 512, JSON_THROW_ON_ERROR);
                $data = array_merge_recursive($data, $additionalData);
                foreach ($additionalData['aio_services_v1'] as $additionalEntry) {
                    $additionalContainerNames[] = $additionalEntry['container_name'];
                }
                if (isset($additionalData['aio_services_v1'][0]['display_name']) && $additionalData['aio_services_v1'][0]['display_name'] !== '') {
-                    // Store main container_name of community containers in variable for later
+                    // Store container_name of community containers in variable for later
-                    $additionalTopLevelContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
+                    $additionalContainerNames[] = $additionalData['aio_services_v1'][0]['container_name'];
                }
            }
        }
@@ -78,10 +74,6 @@ readonly class ContainerDefinitionFetcher {
                if (!$this->configurationManager->isOnlyofficeEnabled) {
                    continue;
                }
            } elseif ($entry['container_name'] === 'nextcloud-aio-eurooffice') {
                if (!$this->configurationManager->isEuroofficeEnabled) {
                    continue;
                }
            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                if (!$this->configurationManager->isCollaboraEnabled) {
                    continue;
@@ -184,7 +176,7 @@ readonly class ContainerDefinitionFetcher {
                if ($entry['container_name'] === 'nextcloud-aio-apache') {
                    // Add community containers first and default ones last so that aio_variables works correctly
                    $valueDependsOnTemp = [];
-                    foreach ($additionalTopLevelContainerNames as $containerName) {
+                    foreach ($additionalContainerNames as $containerName) {
                        $valueDependsOnTemp[] = $containerName;
                    }
                    $valueDependsOn = array_merge_recursive($valueDependsOnTemp, $valueDependsOn);
@@ -198,10 +190,6 @@ readonly class ContainerDefinitionFetcher {
                        if (!$this->configurationManager->isOnlyofficeEnabled) {
                            continue;
                        }
                    } elseif ($value === 'nextcloud-aio-eurooffice') {
                        if (!$this->configurationManager->isEuroofficeEnabled) {
                            continue;
                        }
                    } elseif ($value === 'nextcloud-aio-collabora') {
                        if (!$this->configurationManager->isCollaboraEnabled) {
                            continue;
@@ -81,19 +81,12 @@ readonly class ConfigurationController {
                if ($officeSuiteChoice === 'collabora') {
                    $this->configurationManager->isCollaboraEnabled = true;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = false;
                } elseif ($officeSuiteChoice === 'onlyoffice') {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = true;
                    $this->configurationManager->isEuroofficeEnabled = false;
                } elseif ($officeSuiteChoice === 'eurooffice') {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = true;
                } else {
                    $this->configurationManager->isCollaboraEnabled = false;
                    $this->configurationManager->isOnlyofficeEnabled = false;
                    $this->configurationManager->isEuroofficeEnabled = false;
                }
                $this->configurationManager->isClamavEnabled = isset($request->getParsedBody()['clamav']);
                $this->configurationManager->isTalkEnabled = isset($request->getParsedBody()['talk']);
@@ -14,7 +14,6 @@ use Slim\Psr7\NonBufferedBody;
 readonly class DockerController {
    private const string TOP_CONTAINER = 'nextcloud-aio-apache';
    private const string LATEST_MAJOR_VERSION = '34';
    public function __construct(
        private DockerActionManager           $dockerActionManager,
@@ -222,7 +221,7 @@ readonly class DockerController {
        }
        if (isset($request->getParsedBody()['install_latest_major'])) {
-            $installLatestMajor = self::LATEST_MAJOR_VERSION;
+            $installLatestMajor = '33';
        } else {
            $installLatestMajor = '';
        }
@@ -299,7 +298,7 @@ readonly class DockerController {
        }
        if ($addToStreamingResponseBody !== null) {
-            $addToStreamingResponseBody("Stopping container", $container);
+            $addToStreamingResponseBody($container, "Stopping container");
        }
        // Stop itself first and then all the dependencies
@@ -334,30 +333,14 @@ readonly class DockerController {
        return $response->withStatus(201)->withHeader('Location', '.');
    }
    public function RunNextcloudUpgradeToLatestMajor(Request $request, Response $response, array $args) : Response {
        $this->configurationManager->installLatestMajor = self::LATEST_MAJOR_VERSION;
        // Get streaming response start and closure
        $nonbufResp = $this->startStreamingResponse($response);
        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
        $this->dockerActionManager->RunNextcloudUpgradeToLatestMajor($addToStreamingResponseBody);
        // We automatically reload after 10s so that the output can be read or copied if necessary 
        $addToStreamingResponseBody("Automatically reloading the page after 10s."); 
        sleep(10); 
        // End streaming response
        $this->finalizeStreamingResponse($nonbufResp);
        return $nonbufResp;
    }
    public function SystemPrune(Request $request, Response $response, array $args) : Response {
        // Get streaming response start and closure
        $nonbufResp = $this->startStreamingResponse($response);
        $body = $nonbufResp->getBody();
-        $addToStreamingResponseBody = $this->getAddToStreamingResponseBody($nonbufResp);
+        $addToStreamingResponseBody = function (string $message) use ($body) : void {
            $body->write("<div>$message</div>");
        };
        $this->dockerActionManager->SystemPrune($addToStreamingResponseBody);
@@ -418,8 +401,7 @@ readonly class DockerController {
        <!DOCTYPE html>
        <html lang="en" class="overlay-iframe">
            <head>
-                <link rel="stylesheet" href="../../style.css?v11" media="all" />
+                <link rel="stylesheet" href="../../style.css?v8" media="all" />
                <script type="text/javascript" src="../../apply-theme.js?v1"></script>
                <script type="text/javascript" src="../../scroll-into-view.js"></script>
            </head>
            <body>
@@ -443,17 +425,12 @@ readonly class DockerController {
        return $nonbufResp;
    }
-    private function getAddToStreamingResponseBody(Response $nonbufResp) : \Closure {
+    private function getAddToStreamingResponseBody(Response $nonbufResp) : ?\Closure {
        // Create a closure to pass around to the code, which should to the logging (because it e.g. decides
        // if it'll actually pull an image), but which should not need to know anything about the
        // wanted markup or formatting.
-        $addToStreamingResponseBody = function (string $message, ?Container $container = null) use ($nonbufResp) : void {
+        $addToStreamingResponseBody = function (Container $container, string $message) use ($nonbufResp) : void {
-            // Strip ANSI codes.
+            $nonbufResp->getBody()->write("<div>{$container->displayName}: {$message}</div>");
            $message = preg_replace('/\e[[][A-Za-z0-9];?[0-9]*m?/', '', $message);
            if ($container) {
                $message = "{$container->displayName}: {$message}";
            }
            $nonbufResp->getBody()->write("<div>" . htmlspecialchars("{$message}", ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8') . "</div>");
        };
        return $addToStreamingResponseBody;
@@ -5,7 +5,6 @@ namespace AIO\Data;
 use AIO\Auth\PasswordGenerator;
 use AIO\Controller\DockerController;
 use AIO\Helper\NetworkHelper;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\TransferException;
@@ -99,11 +98,6 @@ class ConfigurationManager
        set { $this->set('isOnlyofficeEnabled', $value); }
    }
    public bool $isEuroofficeEnabled {
        get => $this->get('isEuroofficeEnabled', false);
        set { $this->set('isEuroofficeEnabled', $value); }
    }
    public bool $isCollaboraEnabled {
        // Type-cast because old configs could have 1/0 for this key.
        get => (bool) $this->get('isCollaboraEnabled', true);
@@ -1092,7 +1086,6 @@ class ConfigurationManager
            'CLAMAV_ENABLED' => $this->isClamavEnabled ? 'yes' : '',
            'TALK_RECORDING_ENABLED' => $this->isTalkRecordingEnabled ? 'yes' : '',
            'ONLYOFFICE_ENABLED' => $this->isOnlyofficeEnabled ? 'yes' : '',
            'EUROOFFICE_ENABLED' => $this->isEuroofficeEnabled ? 'yes' : '',
            'COLLABORA_ENABLED' => $this->isCollaboraEnabled ? 'yes' : '',
            'TALK_ENABLED' => $this->isTalkEnabled ? 'yes' : '',
            'UPDATE_NEXTCLOUD_APPS' => ($this->isDailyBackupRunning() && $this->areAutomaticUpdatesEnabled()) ? 'yes' : '',
@@ -1118,9 +1111,9 @@ class ConfigurationManager
            'INSTALL_LATEST_MAJOR' => $this->installLatestMajor ? 'yes' : '',
            'REMOVE_DISABLED_APPS' => $this->nextcloudKeepDisabledApps ? '' : 'yes',
            // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
-            'AIO_DATABASE_HOST' => NetworkHelper::resolveHostname('nextcloud-aio-database'),
+            'AIO_DATABASE_HOST' => gethostbyname('nextcloud-aio-database'),
            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
-            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? NetworkHelper::resolveHostname('nextcloud-aio-caddy') : '',
+            'CADDY_IP_ADDRESS' => in_array('caddy', $this->aioCommunityContainers, true) ? gethostbyname('nextcloud-aio-caddy') : '',
            'WHITEBOARD_ENABLED' => $this->isWhiteboardEnabled ? 'yes' : '',
            'AIO_VERSION' => $this->getAioVersion(),
            default => $this->getRegisteredSecret($placeholder),
@@ -68,8 +68,11 @@ class DataConst {
        return (string)realpath(__DIR__ . '/../../containers.json');
    }
    public static function GetBorgSshAuthErrorFile() : string {
        return self::GetDataDirectory() . '/borg_ssh_auth_error';
    }
    public static function GetAioVersionFile() : string {
        return (string)realpath(__DIR__ . '/../../templates/includes/aio-version.twig');
    }
 }
@@ -9,10 +9,8 @@ use AIO\Container\VersionState;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Helper\NetworkHelper;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use GuzzleHttp\Psr7\Utils;
 use http\Env\Response;
 readonly class DockerActionManager {
@@ -49,7 +47,7 @@ readonly class DockerActionManager {
    public function GetContainerRunningState(Container $container): ContainerState {
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
        try {
-            $response = $this->sendHttpRequest('GET', $url);
+            $response = $this->guzzleClient->get($url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return ContainerState::ImageDoesNotExist;
@@ -69,7 +67,7 @@ readonly class DockerActionManager {
    public function GetContainerRestartingState(Container $container): ContainerState {
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($container->identifier)));
        try {
-            $response = $this->sendHttpRequest('GET', $url);
+            $response = $this->guzzleClient->get($url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return ContainerState::ImageDoesNotExist;
@@ -139,7 +137,7 @@ readonly class DockerActionManager {
    public function DeleteContainer(Container $container): void {
        $url = $this->BuildApiUrl(sprintf('containers/%s?v=true', urlencode($container->identifier)));
        try {
-            $this->sendHttpRequest('DELETE', $url);
+            $this->guzzleClient->delete($url);
        } catch (RequestException $e) {
            if ($e->getCode() !== 404) {
                throw $e;
@@ -156,7 +154,7 @@ readonly class DockerActionManager {
        // Delete the borg cache volume
        $url = $this->BuildApiUrl('volumes/nextcloud_aio_backup_cache');
        try {
-            $this->sendHttpRequest('DELETE', $url);
+            $this->guzzleClient->delete($url);
            error_log('nextcloud_aio_backup_cache volume deleted successfully.');
        } catch (RequestException $e) {
            if ($e->getCode() !== 404) {
@@ -175,7 +173,7 @@ readonly class DockerActionManager {
                urlencode($id),
                $since
            ));
-        $responseBody = (string)$this->sendHttpRequest('GET', $url)->getBody();
+        $responseBody = (string)$this->guzzleClient->get($url)->getBody();
        $response = "";
        $separator = "\r\n";
@@ -195,9 +193,9 @@ readonly class DockerActionManager {
        $url = $this->BuildApiUrl(sprintf('containers/%s/start', urlencode($container->identifier)));
        try {
            if ($addToStreamingResponseBody !== null) {
-                $addToStreamingResponseBody("Starting container", $container);
+                $addToStreamingResponseBody($container, "Starting container");
            }
-            $this->sendHttpRequest('POST', $url);
+            $this->guzzleClient->post($url);
        } catch (RequestException $e) {
            throw new \Exception("Could not start container " . $container->identifier . ": " . $e->getResponse()?->getBody()->getContents());
        }
@@ -216,7 +214,7 @@ readonly class DockerActionManager {
            $firstChar = substr($volume->name, 0, 1);
            if (!in_array($firstChar, $forbiddenChars)) {
-                $this->sendHttpRequest(
+                $this->guzzleClient->request(
                    'POST',
                    $url,
                    [
@@ -451,7 +449,7 @@ readonly class DockerActionManager {
        // Special things for the jellyfin community container
        } elseif ($container->identifier === 'nextcloud-aio-jellyfin') {
-            $lldapIp = NetworkHelper::resolveHostname('nextcloud-aio-lldap');
+            $lldapIp = gethostbyname('nextcloud-aio-lldap');
            if ($lldapIp !== 'nextcloud-aio-lldap') {
                $requestBody['HostConfig']['ExtraHosts'] = ['nextcloud-aio-lldap:' . $lldapIp];
            }
@@ -474,7 +472,7 @@ readonly class DockerActionManager {
                // To avoid problems with whitespace or dashes in option arguments we use a regular expression
                // that splits the string at every position where a whitespace is followed by '--o:'.
                // The leading whitespace is removed in the split but the following characters are not.
-                // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"]
+                // Example: "--o:example_config1='some thing' --o:example_config2=something-else" -> ["--o:example_config1='some thing'", "--o:example_config2=something-else"] 
                $regEx = '/\s+(?=--o:)/';
                $requestBody['Cmd'] = preg_split($regEx, rtrim($this->configurationManager->collaboraAdditionalOptions));
            }
@@ -485,17 +483,16 @@ readonly class DockerActionManager {
        }
        // All AIO-managed containers should not be updated externally via watchtower but gracefully by AIO's backup and update feature.
-        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels
+        // Also DIUN should not send update notifications. See https://crazymax.dev/diun/providers/docker/#docker-labels 
        // Also Dockhand should not be auto updating the containers. See https://dockhand.pro/manual/#container-labels-behavior
        // Additionally set a default org.label-schema.vendor and com.docker.compose.project
-        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "dockhand.update" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
+        $requestBody['Labels'] = ["com.centurylinklabs.watchtower.enable" => "false", "wud.watch" => "false", "diun.enable" => "false", "org.label-schema.vendor" => "Nextcloud", "com.docker.compose.project" => "nextcloud-aio"];
        // Containers should have a fixed host name. See https://github.com/nextcloud/all-in-one/discussions/6589
        $requestBody['Hostname'] = $container->identifier;
        $url = $this->BuildApiUrl('containers/create?name=' . $container->identifier);
        try {
-            $this->sendHttpRequest(
+            $this->guzzleClient->request(
                'POST',
                $url,
                [
@@ -552,10 +549,10 @@ readonly class DockerActionManager {
        $imageIsThere = true;
        try {
            if ($addToStreamingResponseBody) {
-                $addToStreamingResponseBody("Pulling image", $container);
+                $addToStreamingResponseBody($container, "Pulling image");
            }
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $encodedImageName));
-            $this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents();
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
        } catch (\Throwable $e) {
            $imageIsThere = false;
        }
@@ -563,7 +560,7 @@ readonly class DockerActionManager {
        $maxRetries = 3;
        for ($attempt = 1; $attempt <= $maxRetries; $attempt++) {
            try {
-                $this->sendHttpRequest('POST', $url);
+                $this->guzzleClient->post($url);
                break;
            } catch (RequestException $e) {
                $message = "Could not pull image " . $imageName . " (attempt $attempt/$maxRetries): " . $e->getResponse()?->getBody()->getContents();
@@ -648,11 +645,11 @@ readonly class DockerActionManager {
    private function GetRepoDigestsOfContainer(string $containerName): ?array {
        try {
            $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
-            $containerOutput = json_decode($this->sendHttpRequest('GET', $containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $containerOutput = json_decode($this->guzzleClient->get($containerUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $imageName = $containerOutput['Image'];
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            if (!isset($imageOutput['RepoDigests'])) {
                error_log('RepoDigests is not set of container ' . $containerName);
@@ -696,7 +693,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-mastercontainer';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
        try {
-            $output = json_decode($this->sendHttpRequest('GET', $url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $imageNameArray = explode(':', $output['Config']['Image']);
            if (count($imageNameArray) === 2) {
                $imageName = $imageNameArray[0];
@@ -723,7 +720,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-mastercontainer';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));
        try {
-            $output = json_decode($this->sendHttpRequest('GET', $url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $output = json_decode($this->guzzleClient->get($url)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            $tagArray = explode(':', $output['Config']['Image']);
            if (count($tagArray) === 2) {
                $tag = $tagArray[1];
@@ -764,69 +761,48 @@ readonly class DockerActionManager {
    }
    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh'): void {
-        $this->execCommandInContainer($container, ['bash', $file, $subject, $message]);
+        if ($this->GetContainerStartingState($container) === ContainerState::Running) {
    }
-    public function execCommandInContainer(Container $container, array $cmd, ?\Closure $outputCallback = null): void {
+            $containerName = $container->identifier;
        if ($cmd === []) {
            throw new \InvalidArgumentException('$cmd must not be empty.');
        }
        foreach ($cmd as $arg) {
            if (!is_string($arg) || $arg === '') {
                throw new \InvalidArgumentException('Every element of $cmd must be a non-empty string.');
            }
        }
-        if ($this->GetContainerStartingState($container) !== ContainerState::Running) {
+            // schedule the exec
-            return;
+            $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
-        }
+            $response = json_decode(
                $this->guzzleClient->request(
                    'POST',
                    $url,
                    [
                        'json' => [
                            'AttachStdout' => true,
                            'Tty' => true,
                            'Cmd' => [
                                'bash',
                                $file,
                                $subject,
                                $message
                            ],
                        ],
                    ]
                )->getBody()->getContents(),
                true,
                512, 
                JSON_THROW_ON_ERROR,
            );
-        $containerName = $container->identifier;
+            $id = $response['Id'];
-        // Create exec instance
+            // start the exec
-        $url = $this->BuildApiUrl(sprintf('containers/%s/exec', urlencode($containerName)));
+            $url = $this->BuildApiUrl(sprintf('exec/%s/start', $id));
-        $response = json_decode(
+            $this->guzzleClient->request(
            $this->sendHttpRequest(
                'POST',
                $url,
                [
                    'json' => [
-                        'AttachStdout' => true,
+                        'Detach' => false,
                        'AttachStderr' => true,
                        'Tty' => true,
                        'Cmd' => $cmd,
                    ],
                ]
-            )->getBody()->getContents(),
+            );
            true,
            512,
            JSON_THROW_ON_ERROR,
        );
        $execId = $response['Id'];
        // Start exec
        $url = $this->BuildApiUrl(sprintf('exec/%s/start', $execId));
        $requestOptions = [
            'json' => [
                'Detach' => false,
                'Tty' => true,
            ],
        ];
        if ($outputCallback !== null) {
            $requestOptions['stream'] = true;
        }
        $startResponse = $this->sendHttpRequest('POST', $url, $requestOptions);
        if ($outputCallback !== null) {
            $body = $startResponse->getBody();
            while (!$body->eof()) {
                $line = rtrim(Utils::readLine($body), "\r");;
                if ($line !== '') {
                    $outputCallback($line);
                }
            }
        }
    }
@@ -837,7 +813,7 @@ readonly class DockerActionManager {
        );
        try {
-            $this->sendHttpRequest(
+            $this->guzzleClient->request(
                'POST',
                $url,
                [
@@ -858,7 +834,7 @@ readonly class DockerActionManager {
        if ($createNetwork) {
            $url = $this->BuildApiUrl('networks/create');
            try {
-                $this->sendHttpRequest(
+                $this->guzzleClient->request(
                    'POST',
                    $url,
                    [
@@ -887,7 +863,7 @@ readonly class DockerActionManager {
        }
        try {
-            $this->sendHttpRequest(
+            $this->guzzleClient->request(
                'POST',
                $url,
                [
@@ -932,7 +908,7 @@ readonly class DockerActionManager {
        }
        $url = $this->BuildApiUrl(sprintf('containers/%s/stop?t=%s', urlencode($container->identifier), $maxShutDownTime));
        try {
-            $this->sendHttpRequest('POST', $url);
+            $this->guzzleClient->post($url);
        } catch (RequestException $e) {
            if ($e->getCode() !== 404 && $e->getCode() !== 304) {
                throw $e;
@@ -940,11 +916,15 @@ readonly class DockerActionManager {
        }
    }
    public function isBorgBackupSshAuthError(): bool {
        return file_exists(DataConst::GetBorgSshAuthErrorFile());
    }
    public function GetBackupcontainerExitCode(): int {
        $containerName = 'nextcloud-aio-borgbackup';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
        try {
-            $response = $this->sendHttpRequest('GET', $url);
+            $response = $this->guzzleClient->get($url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return -1;
@@ -966,7 +946,7 @@ readonly class DockerActionManager {
        $containerName = 'nextcloud-aio-database';
        $url = $this->BuildApiUrl(sprintf('containers/%s/json', urlencode($containerName)));
        try {
-            $response = $this->sendHttpRequest('GET', $url);
+            $response = $this->guzzleClient->get($url);
        } catch (RequestException $e) {
            if ($e->getCode() === 404) {
                return -1;
@@ -1006,7 +986,7 @@ readonly class DockerActionManager {
        $imageName = $imageName . ':' . $this->GetCurrentChannel();
        try {
            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
-            $imageOutput = json_decode($this->sendHttpRequest('GET', $imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true, 512, JSON_THROW_ON_ERROR);
            if (!isset($imageOutput['Created'])) {
                error_log('Created is not set of image ' . $imageName);
@@ -1051,11 +1031,6 @@ readonly class DockerActionManager {
        }
    }
    public function RunNextcloudUpgradeToLatestMajor(\Closure $addToStreamingResponseBody): void {
        $container = $this->containerDefinitionFetcher->GetContainerById('nextcloud-aio-nextcloud');
        $this->execCommandInContainer($container, ['bash', '/upgrade-latest-major.sh'], $addToStreamingResponseBody);
    }
    public function SystemPrune(?\Closure $addToStreamingResponseBody = null): void {
        $endpoints = [
            // Remove stopped containers
@@ -1084,7 +1059,7 @@ readonly class DockerActionManager {
            }
            try {
-                $response = $this->sendHttpRequest('POST', $url);
+                $response = $this->guzzleClient->post($url);
                if ($addToStreamingResponseBody !== null) {
                    $data = json_decode((string)$response->getBody(), true);
                    $deleted = 0;
@@ -1122,12 +1097,4 @@ readonly class DockerActionManager {
            sleep(10);
        }
    }
-
+}
    protected function sendHttpRequest(string $httpMethod, string $url, array $requestOptions = []): \Psr\Http\Message\ResponseInterface {
        if (($requestOptions['stream'] ?? null) === true) {
            $requestOptions['proxy'] = 'unix:///var/run/docker.sock';
        }
        return $this->guzzleClient->request($httpMethod, $url, $requestOptions);
    }
 }
@@ -3,6 +3,8 @@ declare(strict_types=1);
 namespace AIO\Docker;
 use AIO\ContainerDefinitionFetcher;
 use AIO\Data\ConfigurationManager;
 use GuzzleHttp\Client;
 readonly class DockerHubManager {
@@ -13,16 +15,6 @@ readonly class DockerHubManager {
        $this->guzzleClient = new Client();
    }
    // Official Docker Hub images need the library/ prefix when using the registry API directly.
    private function normalizeImageName(string $name): string {
        if (!str_contains($name, '/')) {
            return 'library/' . $name;
        }
        return $name;
    }
    public function GetLatestDigestOfTag(string $name, string $tag) : ?string {
        $cacheKey = 'dockerhub-manifest-' . $name . $tag;
@@ -32,7 +24,6 @@ readonly class DockerHubManager {
        }
        // If one of the links below should ever become outdated, we can still upgrade the mastercontainer via the webinterface manually by opening '/api/docker/getwatchtower'
        $name = $this->normalizeImageName($name);
        try {
            $authTokenRequest = $this->guzzleClient->request(
@@ -1,23 +0,0 @@
 <?php
 declare(strict_types=1);
 namespace AIO\Helper;
 class NetworkHelper {
    /**
     * Resolve a hostname to its IP address, trying IPv4 first and falling back
     * to IPv6 (AAAA record) when no A record is found.  Returns the hostname
     * unchanged when neither record resolves successfully.
     */
    public static function resolveHostname(string $hostname): string {
        $ipv4 = gethostbyname($hostname);
        if ($ipv4 !== $hostname) {
            return $ipv4;
        }
        $records = dns_get_record($hostname, DNS_AAAA);
        if (is_array($records) && isset($records[0]['ipv6']) && $records[0]['ipv6'] !== '') {
            return $records[0]['ipv6'];
        }
        return $hostname;
    }
 }
@@ -27,7 +27,7 @@
            <script type="text/javascript" src="timezone.js?v1"></script>
            {# js for optional containers and additional containers forms #}
-            <script type="text/javascript" src="containers-form-submit.js?v8"></script>
+            <script type="text/javascript" src="containers-form-submit.js?v7"></script>
            {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
            {% set isAnyRunning = false %}
@@ -37,7 +37,7 @@
            {% set isBackupOrRestoreRunning = false %}
            {% set isApacheStarting = false %}
            {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersionString = '26 Spring' %}
+            {% set newMajorVersionString = '' %}
            {% set oldMajorVersionString = '25 Autumn' %}
            {% if is_backup_container_running == true %}
@@ -191,10 +191,17 @@
                            {% if not hasBackupLocation or borg_backup_mode not in ['test', 'check', ''] or backup_exit_code > 0 %}
                                {% if borg_remote_repo and backup_exit_code > 0 %}
-                                <p>
+                                    {% if is_ssh_auth_error %}
-                                You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
+                                        <p>
-                                To try again, resubmit your location and rerun the test.
+                                        ⚠️ <strong>SSH key not authorized on the remote server.</strong> You must add the following SSH public key to the <code>authorized_keys</code> file on your remote backup server before the restore test can succeed:<br><br><strong>{{ borg_public_key }}</strong><br><br>
-                                </p>
+                                        Once you have added the key on the remote server, resubmit your location and rerun the test.
                                        </p>
                                    {% else %}
                                        <p>
                                        You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
                                        To try again, resubmit your location and rerun the test.
                                        </p>
                                    {% endif %}
                                {% endif %}
                                <p>
@@ -298,12 +305,7 @@
                                {% if newMajorVersionString != '' and isAnyRunning == true and isApacheStarting != true %}
                                    <details>
                                    <summary>Note about <strong>Nextcloud Hub {{ newMajorVersionString }}</strong></summary>
-<p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to click the button below. ⚠️ Warning: make sure to create a backup before clicking the button as the update can go wrong and will leave your instance in a broken state!</p>
+                                        <p>If you haven't upgraded to Nextcloud Hub {{ newMajorVersionString }} yet and want to do that now, feel free to follow <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/7523">this documentation</a></strong></p>
                                        <form method="POST" action="api/docker/nextcloud-upgrade-to-latest-major" target="overlay-log">
                                            <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                            <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                            <input type="submit" value="Upgrade to Nextcloud Hub {{ newMajorVersionString }}" data-confirm="Upgrade to Nextcloud Hub {{ newMajorVersionString }}? You should consider creating a backup first." />
                                        </form>
                                    </details>
                                {% endif %}
                            {% endif %}
@@ -425,21 +427,28 @@
                                        {% if has_backup_run_once == false %}
                                            <p>The initial backup was not successful.</p>
-                                            {% if borg_remote_repo %}
+                                            {% if borg_remote_repo and is_ssh_auth_error %}
-                                            <p>
+                                                <p>
-                                            You may still need to authorize this pubkey on your borg remote:<br><strong>{{ borg_public_key }}</strong><br>
+                                                ⚠️ <strong>SSH key not authorized on the remote server.</strong> You must add the following SSH public key to the <code>authorized_keys</code> file on your remote backup server before the backup can succeed:<br><br><strong>{{ borg_public_key }}</strong><br><br>
-                                            To try again, click <strong>Create backup</strong>.
+                                                Once you have added the key on the remote server, click <strong>Create backup</strong> to try again.
-                                            </p>
+                                                </p>
                                            {% else %}
                                                <p>
                                                You may want to reset the backup location which allows you to enter a new one afterwards. 
                                                </p>
                                                <p>
                                                If the configured backup host location <strong>{{ borg_backup_host_location }}</strong>
                                                {% if borg_remote_repo %}
                                                    or the remote repo <strong>{{ borg_remote_repo }}</strong>
                                                {% endif %}
                                                is wrong or if you want to reset the backup location due to other reasons, you can do so by clicking on the button below.
                                                </p>
                                                <form method="POST" action="api/docker/backup-reset-location" class="xhr">
                                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                    <input type="submit" value="Reset backup location" data-confirm='Are you sure that you want to reset the backup location?' />
                                                </form>
                                            {% endif %}
                                            <p>You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on <strong>Create Backup</strong> to test the new value.</p>
                                            <form method="POST" action="api/configuration" class="xhr">
                                                <label>Local backup location</label> <input type="text" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
                                                <label>Remote borg repo</label> <input type="text" name="borg_remote_repo" placeholder="ssh://user@host:port/path/to/repo"/><br>
                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                <input type="submit" value="Set backup location again" />
                                            </form>
                                        {% endif %}
                                    {% elseif backup_exit_code == 0 %}
                                        {% if borg_backup_mode == "backup" %}
@@ -1 +1 @@
-13.2.0
+13.0.4
@@ -14,42 +14,6 @@
        <p>Choose your preferred office suite. Only one can be enabled at a time.</p>
    {% endif %}
    <div class="office-suite-cards">
        <input
            type="radio"
            id="office-eurooffice"
            name="office_suite_choice"
            value="eurooffice"
            class="office-radio"
            {% if is_eurooffice_enabled == true %}
                checked="checked"
            {% endif %}
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-eurooffice">
            <div class="office-card-header">
                <div>
                    <h4>Nextcloud Office</h4>
                    <p class="office-powered-by">powered by Euro-Office</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
                </svg>
            </div>
            <ul class="office-features">
                <li>Good Nextcloud integration</li>
                <li>Open source</li>
                <li>Best performance</li>
                <li>Limited ODF compatibility</li>
                <li>Best Microsoft compatibility</li>
                <li>Good security</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://github.com/Euro-Office" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
                    Learn more
                </a>
            {% endif %}
        </label>
        <input type="hidden" id="eurooffice" name="eurooffice" value="" data-initial-state="{% if is_eurooffice_enabled == true %}true{% else %}false{% endif %}">
        <input
            type="radio"
            id="office-collabora"
@@ -62,10 +26,7 @@
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-collabora">
            <div class="office-card-header">
-                <div>
+                <h4>Nextcloud Office</h4>
                    <h4>Nextcloud Office</h4>
                    <p class="office-powered-by">powered by Collabora Online</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
@@ -75,9 +36,9 @@
                <li>Best Nextcloud integration</li>
                <li>Open source</li>
                <li>Good performance</li>
                <li>Best security: documents never leave your server</li>
                <li>Best ODF compatibility</li>
                <li>Best support for legacy files</li>
                <li>Best security: documents never leave your server</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://www.collaboraoffice.com/code/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
@@ -99,22 +60,18 @@
        >
        <label class="office-card{{ isAnyRunning ? ' office-card-disabled' : '' }}" for="office-onlyoffice">
            <div class="office-card-header">
-                <div>
+                <h4>OnlyOffice</h4>
                    <h4>ONLYOFFICE</h4>
                    <p class="office-powered-by">by Ascensio System SIA</p>
                </div>
                <svg class="office-checkmark" width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
                    <circle cx="12" cy="12" r="10" fill="var(--color-nextcloud-blue)"/>
                    <path d="M7 12L10.5 15.5L17 9" stroke="white" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
                </svg>
            </div>
            <ul class="office-features">
-                <li>OK Nextcloud integration</li>
+                <li>Good Nextcloud integration</li>
-                <li>Open Core</li>
+                <li>Open core</li>
                <li>Best performance</li>
                <li>Limited ODF compatibility</li>
                <li>Best Microsoft compatibility</li>
-                <li>Good security</li>
+                <li>Limited ODF compatibility</li>
            </ul>
            {% if isAnyRunning == false %}
                <a href="https://www.onlyoffice.com/" target="_blank" class="office-learn-more" data-stop-event-propagation="true">
@@ -133,7 +90,7 @@
                name="office_suite_choice"
                value=""
                class="office-radio"
-                {% if is_collabora_enabled == false and is_onlyoffice_enabled == false and is_eurooffice_enabled == false %}
+                {% if is_collabora_enabled == false and is_onlyoffice_enabled == false %}
                    checked="checked"
                {% endif %}
            >
@@ -267,7 +224,7 @@
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}
-    <script type="text/javascript" src="disable-containers.js?v1"></script>
+    <script type="text/javascript" src="disable-containers.js"></script>
 {% endif %}
 {% if is_collabora_enabled == true and isAnyRunning == false and was_start_button_clicked == true %}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Simon L.	4ffc4a91f2	only check for exit code 81 Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-06-09 15:56:34 +02:00
copilot-swe-agent[bot]	69fe038ceb	aio-interface: handle SSH key authorization error explicitly in remote backup setup Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-05-21 12:19:04 +02:00