increase to 4.7.0

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/php-deprecation-detector.yml

@@ -26,4 +26,7 @@ jobs:
           cd php
           composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
-          composer run php-deprecation-detector
+          composer run php-deprecation-detector | tee -i ./phpdd.log
+          if grep "Total issues:" ./phpdd.log; then
+            exit 1
+          fi

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.8.1
+FROM collabora/code:22.05.12.2.1
 
 USER root
 

Containers/mastercontainer/Dockerfile

@@ -5,7 +5,7 @@ FROM docker:23.0.1-dind as dind
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.16-fpm-alpine3.17
+FROM php:8.1.17-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

Containers/mastercontainer/start.sh

@@ -79,7 +79,8 @@ fi
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
-Using a different name is not supported since mastercontainer updates will not work in that case!"
+Using a different name is not supported since mastercontainer updates will not work in that case!
+If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
     echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
@@ -223,7 +224,8 @@ curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
     echo "Could not resolve the host nextcloud.com."
     echo "Most likely the DNS resolving does not work."
-    echo "You should be able to fix this by adding the '--dns=\"ip.address.of.dns.server\"' option to the docker run command."
+    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
     exit 1
 fi
 

Containers/nextcloud/Dockerfile

@@ -116,7 +116,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.4
+ENV NEXTCLOUD_VERSION 25.0.5
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \

Containers/nextcloud/entrypoint.sh

@@ -39,7 +39,10 @@ $(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
 (userID:groupID permissions)
 but they should be:
 33:0 750
-(userID:groupID permissions)"
+(userID:groupID permissions)
+Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
+Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
+For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
     exit 1
 fi
 rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
@@ -359,6 +362,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
     if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
         UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
+        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
+        php /var/www/html/occ app:update --all
         if [ -n "$UPDATED_APPS" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
         fi
@@ -527,7 +532,8 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
         php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
-    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
+    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
         php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi

Containers/onlyoffice/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.3.2.8
+FROM onlyoffice/documentserver:7.3.3.49
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/redis/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.9-alpine
+FROM redis:7.0.10-alpine
 
 RUN apk add --no-cache openssl bash
 

Containers/talk/Dockerfile

@@ -1,70 +1,65 @@
-FROM ubuntu:focal-20230301
+FROM nats:2.9.15-scratch as nats
+FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
+FROM alpine:3.17.2
+USER root
+
+COPY --from=nats /nats-server /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
 
 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        openssl \
-        coturn \
-        supervisor \
-        curl \
+    apk add --no-cache \
         ca-certificates \
-        netcat \
-        dnsutils \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN set -ex; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nats-server.asc" "https://packaging.gitlab.io/nats-server/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nats-server nats main" > /etc/apt/sources.list.d/morph027-nats-server.list; \
-    . /etc/lsb-release; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-janus.asc" "https://packaging.gitlab.io/janus/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/janus/$DISTRIB_CODENAME $DISTRIB_CODENAME main" > /etc/apt/sources.list.d/morph027-janus.list; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc" "https://packaging.gitlab.io/nextcloud-spreed-signaling/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nextcloud-spreed-signaling signaling main" > /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list
-
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        nats-server \
-        janus \
-        nextcloud-spreed-signaling \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN adduser --system --group talk
-
-RUN mkdir /var/log/supervisord; \
-    mkdir /var/run/supervisord; \
-    chown talk:talk /var/run/supervisord; \
-    chown talk:talk /var/log/supervisord;
-
-COPY start.sh /usr/bin/
-COPY supervisord.conf /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +r /supervisord.conf; \
-    touch /etc/turnserver.conf; \
-    chown talk:talk /etc/turnserver.conf; \
-    sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn; \
-    mkdir -p /var/tmp;
-
-RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.com/rxi/json.lua/master/json.lua"; \
-    curl -sL -o "/usr/share/janus/lua/ansicolors.lua" "https://raw.githubusercontent.com/kikito/ansicolors.lua/master/ansicolors.lua"
-
-RUN mkdir -p /etc/nats; \
-    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
-    mkdir /var/lib/turn; \
-    chown talk:talk /etc; \
-    chown talk:talk -R /etc/nats; \
-    chown talk:talk -R /etc/janus; \
-    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr; \
-    chown talk:talk -R /var/lib/turn;
+        tzdata \
+        bash \
+        coturn \
+        openssl \
+        supervisor \
+        bind-tools \
+        netcat-openbsd \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3; \
+    apk add --no-cache janus-gateway --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+    useradd --system talk; \
+    luarocks-5.3 install luajson; \
+    luarocks-5.3 install ansicolors; \
+    rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
+    apk del --no-cache \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3;
 
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+
+RUN set -ex; \
+    touch \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf; \
+    echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
+    mkdir -p \
+        /var/tmp \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord; \
+    chown talk:talk -R \
+        /usr \
+        /etc/janus \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord;
+
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
 

Containers/talk/start.sh

@@ -51,16 +51,8 @@ denied-peer-ip=203.0.113.0-203.0.113.255
 denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
-# Janus
-set -x
-sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-set +x
-
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling/server.conf"
+cat << SIGNALING_CONF > "/etc/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
 

Containers/talk/supervisord.conf

@@ -13,25 +13,25 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver
+command=turnserver -c /etc/turnserver.conf
 
 [program:nats-server]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nats-server -c /etc/nats/nats.conf
+command=nats-server -c /etc/nats.conf
 
 [program:janus]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
 
 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling --config /etc/signaling/server.conf
+command=nextcloud-spreed-signaling -config /etc/signaling.conf

helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: Nextcloud AIO Helm Chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.5.0
+version: 4.6.2
 apiVersion: v2
 keywords:
   - latest

helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230302_085724-latest
+          image: nextcloud/aio-apache:20230315_112022-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230302_085724-latest
+          image: nextcloud/aio-clamav:20230315_112022-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -41,10 +41,10 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230302_085724-latest
+          image: nextcloud/aio-collabora:20230315_112022-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230302_085724-latest
+          image: nextcloud/aio-postgresql:20230315_112022-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230302_085724-latest
+          image: nextcloud/aio-fulltextsearch:20230315_112022-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -26,8 +26,12 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230302_085724-latest
+          image: nextcloud/aio-imaginary:20230315_112022-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
+          securityContext:
+            capabilities:
+              add:
+                - SYS_NICE
 {{- end }}

helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -98,6 +98,8 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: SIGNALING_SECRET
               value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: SKIP_DATA_DIRECTORY_PERMISSION_CHECK
+              value: "{{ .Values.SKIP_DATA_DIRECTORY_PERMISSION_CHECK }}"
             - name: STARTUP_APPS
               value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
             - name: TALK_ENABLED
@@ -112,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230302_085724-latest
+          image: nextcloud/aio-nextcloud:20230315_112022-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230302_085724-latest
+          image: nextcloud/aio-onlyoffice:20230315_112022-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230302_085724-latest
+          image: nextcloud/aio-redis:20230315_112022-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230302_085724-latest
+          image: nextcloud/aio-talk:20230315_112022-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

helm-chart/values.yaml

@@ -22,6 +22,7 @@ ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables
 ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+SKIP_DATA_DIRECTORY_PERMISSION_CHECK: no          # When setting to yes (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.

manual-install/latest.yml

@@ -101,6 +101,7 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
+      - SKIP_DATA_DIRECTORY_PERMISSION_CHECK=${SKIP_DATA_DIRECTORY_PERMISSION_CHECK}
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -125,7 +126,7 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
@@ -193,6 +194,8 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    cap_add:
+      - SYS_NICE
 
   nextcloud-aio-fulltextsearch:
     profiles: ["fulltextsearch"]

manual-install/sample.conf

@@ -25,6 +25,7 @@ ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables t
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.
 TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.

php/composer.lock

@@ -220,16 +220,16 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.3",
+            "version": "2.4.4",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d"
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
+                "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
                 "shasum": ""
             },
             "require": {
@@ -319,7 +319,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
+                "source": "https://github.com/guzzle/psr7/tree/2.4.4"
             },
             "funding": [
                 {
@@ -335,7 +335,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-10-26T14:07:24+00:00"
+            "time": "2023-03-09T13:19:02+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.7@e028ba46ba0d7f9a78bc3201c251e137383e145f"/>
+<files psalm-version="5.8.0@9cf4f60a333f779ad3bc704a555920e81d4fdcda"/>

php/psalm.xml

@@ -6,6 +6,8 @@
 	xmlns="https://getpsalm.org/schema/config"
 	xsi:schemaLocation="https://getpsalm.org/schema/config"
     errorBaseline="psalm-baseline.xml"
+	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>

php/src/Data/ConfigurationManager.php

@@ -78,7 +78,10 @@ class ConfigurationManager
         }
 
         $lastBackupLines = explode("\n", $content);
-        $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        $lastBackupLine = "";
+        if (count($lastBackupLines) >= 2) {
+            $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        }
         if ($lastBackupLine === "") {
             return '';
         }

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.6.2</h1>
+        <h1>Nextcloud AIO v4.7.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

readme.md

@@ -15,7 +15,7 @@ Included are:
 The following instructions are meant for installations without a web server or reverse proxy (like Apache, Nginx and else) already being in place. If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the [reverse proxy documentation](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md). Also, the instructions below are especially meant for Linux. For macOS see [this](#how-to-run-aio-on-macos), for Windows see [this](#how-to-run-aio-on-windows) and for Synology see [this](#how-to-run-aio-on-synology-dsm).
 1. Install Docker on your Linux installation by following the official documentation: https://docs.docker.com/engine/install/#server. The easiest way is installing it by **using the convenience script**:  
     ```sh
-    curl -fsSL get.docker.com | sudo sh
+    curl -fsSL https://get.docker.com | sudo sh
     ```
 1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/.
 2. Run the command below in order to start the container:
@@ -115,7 +115,7 @@ You'll also need to adjust Synology's firewall, see below:
 <details>
 <summary>Click here to expand</summary>
 
-The Synology DSM is vulnerable to attacks with it's open ports and login interfaces, which is why a firewall setup is always recommended. If a firewall is activated it is necessary to have exceptions for ports 80,443, the subnet of the docker bridge which includes the nextcloud containers, your public static IP (if you don't use DDNS) and if applicable your NC-Talk ports 3478 TCP+UDP:
+The Synology DSM is vulnerable to attacks with it's open ports and login interfaces, which is why a firewall setup is always recommended. If a firewall is activated it is necessary to have exceptions for ports 80,443, the subnet of the docker bridge which includes the Nextcloud containers, your public static IP (if you don't use DDNS) and if applicable your NC-Talk ports 3478 TCP+UDP:
 
 ![Screenshot 2023-01-19 at 14 13 48](https://user-images.githubusercontent.com/70434961/213677995-71a9f364-e5d2-49e5-831e-4579f217c95c.png)
 
@@ -131,10 +131,11 @@ The easiest way to run it with Portainer on Linux is to use Portainer's stacks f
 - It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
+- Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
+- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
-- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 
 ### How to run Nextcloud behind a Cloudflare Tunnel?
 Although it does not seems like it is the case but from AIO perspective a Cloudflare Tunnel works like a reverse proxy. So please follow the [reverse proxy documentation](./reverse-proxy.md) where is documented how to make it run behind a Cloudflare Tunnel.
@@ -163,7 +164,7 @@ No and they will not be. If you want to run it locally, without opening Nextclou
 ### Can I use an ip-address for Nextcloud instead of a domain?
 No and it will not be added. If you only want to run it locally, you may have a look at the following documentation: [local-instance.md](./local-instance.md)
 
-### Are other ports than then default 443 for Nextcloud supported?
+### Are other ports than the default 443 for Nextcloud supported?
 No and they will not be. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md). If port 443 and/or 80 is blocked for you, you may use the ACME DNS-challenge or a Cloudflare Tunnel.
 
 ### Can I run Nextcloud in a subdirectory on my domain?

reverse-proxy.md

@@ -272,7 +272,6 @@ server {
 
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Port $server_port;
-        proxy_set_header Early-Data $ssl_early_data;
         proxy_set_header X-Forwarded-Scheme $scheme;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
@@ -292,7 +291,6 @@ server {
     ssl_certificate /etc/letsencrypt/live/<your-nc-domain>/fullchain.pem;   # managed by certbot on host machine
     ssl_certificate_key /etc/letsencrypt/live/<your-nc-domain>/privkey.pem; # managed by certbot on host machine
 
-    ssl_early_data on;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
     ssl_session_tickets off;