fix link

Signed-off-by: szaimen <szaimen@e.mail.de>

Containers/apache/Dockerfile

@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.5.2-alpine as caddy
 
-FROM debian:bullseye-20220822-slim
+FROM debian:bullseye-20220912-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

Containers/apache/nextcloud.conf

@@ -1,8 +1,12 @@
 Listen 8000
 <VirtualHost *:8000>
+    # Add error log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+
     # PHP match
     <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://nextcloud-aio-nextcloud:9000"
+        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
     # Nextcloud dir
     DocumentRoot /var/www/html/
@@ -26,5 +30,11 @@ Listen 8000
     SetEnv proxy-sendcl 1
 
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
-    LimitRequestBody 0
+    LimitRequestBody ${APACHE_MAX_SIZE}
+
+    # See https://httpd.apache.org/docs/current/mod/core.html#timeout
+    Timeout ${APACHE_MAX_TIME}
+
+    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
+    ProxyTimeout ${APACHE_MAX_TIME}
 </VirtualHost>

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye-20220822-slim
+FROM debian:bullseye-20220912-slim
 
 RUN set -ex; \
     \

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.5.4.1
+FROM collabora/code:22.05.6.1.1
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20220905
+FROM nextcloud/imaginary:20220919
 
 USER root
 RUN set -ex; \

Containers/mastercontainer/Dockerfile

@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:20.10.17-dind-alpine3.16 as dind
+FROM docker:20.10.18-dind-alpine3.16 as dind
 
 # Caddy is a requirement
 FROM caddy:2.5.2-alpine as caddy
@@ -37,7 +37,7 @@ COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
 RUN set -ex; \
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
     docker-php-ext-enable apcu
 
 RUN set -e && \

Containers/mastercontainer/daily-backup.sh

@@ -80,7 +80,9 @@ fi
 # Delete the lock file
 rm -f "/mnt/docker-aio-config/data/daily_backup_running"
 
-if [ "$DAILY_BACKUP" = 1 ]; then
+# Send backup notification
+# shellcheck disable=SC2235
+if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAINERS" = 1 ]); then
     # Wait for the nextcloud container to start and send if the backup was successful
     if ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-nextcloud$"; then
         echo "Something seems to be wrong: Nextcloud should be started at this step."

Containers/mastercontainer/start.sh

@@ -161,6 +161,14 @@ It is set to '$DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
+It should be an absolute path to a directory that starts with '/' but not end with '/'.
+It is set to '$TRUSTED_CACERTS_DIR '."
+        exit 1
+    fi
+fi
 
 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565

Containers/nextcloud/Dockerfile

@@ -61,7 +61,7 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.21; \
+    pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
     pecl install imagick-3.7.0; \

Containers/nextcloud/entrypoint.sh

@@ -29,13 +29,20 @@ if [ -n "$PHP_MAX_CHILDREN" ]; then
 fi
 
 # Check permissions in ncdata
-touch "/mnt/ncdata/this-is-a-test-file"
-if ! [ -f "/mnt/ncdata/this-is-a-test-file" ]; then
-    echo "The www-data user doesn't seem to have access rights in /mnt/ncdata.
-Did you maybe change the datadir and did forget to apply the correct permissions?"
+touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
+if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
+    echo "The www-data user doesn't seem to have access rights in the datadir.
+Did you maybe change the datadir and did forget to apply the correct permissions?
+See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+The found permissions are:
+$(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
+(userID:groupID permissions)
+but they should be:
+33:0 750
+(userID:groupID permissions)"
     exit 1
 fi
-rm "/mnt/ncdata/this-is-a-test-file"
+rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
 if [ -f /var/www/html/version.php ]; then
     # shellcheck disable=SC2016
@@ -65,7 +72,7 @@ if [ -f "/var/www/html/lib/versioncheck.php" ] && ! php /var/www/html/lib/versio
 fi
 
 # Do not start the container if the last update failed
-if [ -f "/mnt/ncdata/update.failed" ]; then
+if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
     echo "The last Nextcloud update failed."
     echo "Please restore from backup and try again!"
     echo "If you do not have a backup in place, you can simply delete the update.failed file in the datadir which will allow the container to start again."
@@ -73,7 +80,7 @@ if [ -f "/mnt/ncdata/update.failed" ]; then
 fi
 
 # Skip any update if Nextcloud was just restored
-if ! [ -f "/mnt/ncdata/skip.update" ]; then
+if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     if version_greater "$image_version" "$installed_version"; then
         # Check if it skips a major version
         INSTALLED_MAJOR="${installed_version%%.*}"
@@ -135,8 +142,11 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
             php /var/www/html/occ app:update --all
 
             # Fix removing the updatenotification for old instances
+            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
             if [ -d "/var/www/html/apps/updatenotification" ]; then
                 php /var/www/html/occ app:disable updatenotification
+            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
+                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
             fi
         fi
 
@@ -228,7 +238,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
 
         #upgrade
         else
-            touch "/mnt/ncdata/update.failed"
+            touch "$NEXTCLOUD_DATA_DIR/update.failed"
             while [ -n "$(pgrep -f cron.php)" ]
             do
                 echo "Waiting for Nextclouds cronjob to finish..."
@@ -242,7 +252,7 @@ if ! [ -f "/mnt/ncdata/skip.update" ]; then
                 exit 1
             fi
 
-            rm "/mnt/ncdata/update.failed"
+            rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 
             php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
@@ -273,24 +283,24 @@ fi
 
 # Check if appdata is present
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
-if [ -z "$(find "/mnt/ncdata/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
+if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
     echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
     exit 1
 fi
 
 # Configure tempdirectory
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
-    mkdir -p "/mnt/ncdata/tmp/"
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
     if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
-        echo "upload_tmp_dir = /mnt/ncdata/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
     fi
-    php /var/www/html/occ config:system:set tempdirectory --value="/mnt/ncdata/tmp/"
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
 fi
 
 # Perform fingerprint update if instance was restored
-if [ -f "/mnt/ncdata/fingerprint.update" ]; then
+if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
     php /var/www/html/occ maintenance:data-fingerprint
-    rm "/mnt/ncdata/fingerprint.update"
+    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi
 
 # Apply one-click-instance settings
@@ -466,12 +476,12 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
     php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"
 
     # Do the index
-    if ! [ -f "/mnt/ncdata/fts-index.done" ]; then
+    if ! [ -f "$NEXTCLOUD_DATA_DIR/fts-index.done" ]; then
         echo "Waiting 10s before activating FTS..."
         sleep 10
         echo "Activating fulltextsearch..."
         if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
-            touch "/mnt/ncdata/fts-index.done"
+            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
         else
             echo "Fulltextsearch failed. Could not index."
         fi
@@ -489,4 +499,4 @@ else
 fi
 
 # Remove the update skip file always
-rm -f /mnt/ncdata/skip.update
+rm -f "$NEXTCLOUD_DATA_DIR"/skip.update

Containers/nextcloud/start.sh

@@ -22,6 +22,12 @@ if [ -f "/var/www/html/config/config.php" ]; then
     # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
 fi
 
+# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
+if [ -n "$TRUSTED_CACERTS_DIR" ]; then
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates."
+    update-ca-certificates
+fi
+
 # Run original entrypoint
 if ! bash /entrypoint.sh; then
     exit 1

docker-compose.yml

@@ -26,6 +26,8 @@ services:
       # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

manual-install/update-yaml.sh

@@ -63,7 +63,9 @@ sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
+sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
@@ -72,6 +74,7 @@ sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be
 sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.|' sample.conf
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
+sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf

php/composer.lock

@@ -397,16 +397,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.2.1",
+            "version": "v1.2.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b"
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/d78fd36ba031a1a695ea5a406f29996948d7011b",
-                "reference": "d78fd36ba031a1a695ea5a406f29996948d7011b",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/47afb7fae28ed29057fdca37e16a84f90cc62fae",
+                "reference": "47afb7fae28ed29057fdca37e16a84f90cc62fae",
                 "shasum": ""
             },
             "require": {
@@ -453,7 +453,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2022-08-26T15:25:27+00:00"
+            "time": "2022-09-08T13:45:54+00:00"
         },
         {
             "name": "nikic/fast-route",

php/containers.json

@@ -24,7 +24,9 @@
         "TALK_HOST=nextcloud-aio-talk",
         "APACHE_PORT=%APACHE_PORT%",
         "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
+        "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
       ],
       "volumes": [
         {
@@ -112,6 +114,11 @@
           "name": "%NEXTCLOUD_MOUNT%",
           "location": "%NEXTCLOUD_MOUNT%",
           "writeable": true
+        },
+        {
+          "name": "%TRUSTED_CACERTS_DIR%",
+          "location": "/usr/local/share/ca-certificates",
+          "writeable": false
         }
       ],
       "environmentVariables": [
@@ -148,7 +155,8 @@
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
-        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%"
+        "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
+        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"
@@ -185,7 +193,7 @@
       ],
       "environmentVariables": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%"
       ],

php/src/ContainerDefinitionFetcher.php

@@ -120,6 +120,11 @@ class ContainerDefinitionFetcher
                     if($value['name'] === '') {
                         continue;
                     }
+                } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') {
+                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
+                    if($value['name'] === '') {
+                        continue;
+                    }
                 }
                 if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
                     $value['location'] = $this->configurationManager->GetNextcloudMount();

php/src/Data/ConfigurationManager.php

@@ -524,6 +524,11 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetApacheMaxSize() : int {
+        $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
+        return $uploadLimit * 1024 * 1024 * 1024;
+    }
+
     public function GetNextcloudMaxTime() : string {
         $envVariableName = 'NEXTCLOUD_MAX_TIME';
         $configName = 'nextcloud_max_time';
@@ -538,6 +543,28 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetTrustedCacertsDir() : string {
+        $envVariableName = 'TRUSTED_CACERTS_DIR';
+        $configName = 'trusted_cacerts_dir';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function GetCollaboraSeccompPolicy() : string {
+        $defaultString = '--o:security.seccomp=';
+        if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
+            return $defaultString . 'true';
+        }
+        return $defaultString . 'false';
+    }
+
+    private function GetCollaboraSeccompDisabledState() : string {
+        $envVariableName = 'COLLABORA_SECCOMP_DISABLED';
+        $configName = 'collabora_seccomp_disabled';
+        $defaultValue = 'false';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     /**
      * @throws InvalidSettingConfigurationException
      */

php/src/Docker/DockerActionManager.php

@@ -314,6 +314,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') {
+                    $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
                     if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
                         $replacements[1] = 'yes';
@@ -322,6 +324,10 @@ class DockerActionManager
                     }
                 } elseif ($out[1] === 'BORGBACKUP_HOST_LOCATION') {
                     $replacements[1] = $this->configurationManager->GetBorgBackupHostLocation();
+                } elseif ($out[1] === 'APACHE_MAX_SIZE') {
+                    $replacements[1] = $this->configurationManager->GetApacheMaxSize();
+                } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.0.2</h1>
+        <h1>Nextcloud AIO v2.0.3</h1>
 
         {% set isAnyRunning = false %}
         {% set isAnyRestarting = false %}

readme.md

@@ -378,13 +378,15 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/backup
 ### How to stop/start/update containers or trigger the daily backup from a script externally?
 You can do so by running the `/daily-backup.sh` script that is stored in the mastercontainer. It accepts the following environmental varilables:
 - `AUTOMATIC_UPDATES` if set to `1`, it will automatically stop the containers, update them and start them including the mastercontainer. If the mastercontainer gets updated, this script's execution will stop as soon as the mastercontainer gets stopped. You can then wait until it is started again and run the script with this flag again in order to update all containers correctly afterwards.
-- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking which means that the backup is not done when the process is finished since it only start the borgbackup container with the correct configuration.
+- `DAILY_BACKUP` if set to `1`, it will automatically stop the containers and create a backup. If you want to start them again afterwards, you may have a look at the `START_CONTAINERS` option. Please be aware that this option is non-blocking if `START_CONTAINERS` and `AUTOMATIC_UPDATES` is not enabled at the same time which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 - `START_CONTAINERS` if set to `1`, it will automatically start the containers without updating them.
 - `STOP_CONTAINERS` if set to `1`, it will automatically stop the containers.
-- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`.
+- `CHECK_BACKUP` if set to `1`, it will start the backup check. This is not allowed to be enabled at the same time like `DAILY_BACKUP`. Please be aware that this option is non-blocking which means that the backup check is not done when the process is finished since it only start the borgbackup container with the correct configuration.
 
 One example for this would be `sudo docker exec -it -e DAILY_BACKUP=1 nextcloud-aio-mastercontainer /daily-backup.sh`, which you can run via a cronjob or put it in a script.
 
+⚠️ Please note that none of the option returns error codes. So you need to check for the correct result yourself.
+
 ### How to disable the backup section?
 If you already have a backup solution in place, you may want to hide the backup section. You can do so by adding `-e DISABLE_BACKUP_SECTION=true` to the initial startup of the mastercontainer.
 
@@ -490,3 +492,15 @@ What are the requirements?
 3. The feature that gets added into Nextcloud by adding the container must be maintained by the Nextcloud GmbH. 
 4. It must be possible to run the container without big quirks inside docker containers. Big quirks means e.g. needing to change the capabilities or security options. 
 5. The container should not mount directories from the host into the container: only docker volumes should be used.
+
+### How to trust user-defiend Certification Authorities (CA)?
+For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
+
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+
+When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+
+In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
+
+### How to disable Collabora's Seccomp feature?
+The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.

tests/QA/060-environmental-variables.md

@@ -11,5 +11,8 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
+- [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
+See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+- [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)