only show the note about nc26 when all containers are started

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/helm-release.yml

@@ -0,0 +1,47 @@
+
+name: Helm Chart Releaser
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'nextcloud-aio-helm-chart/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Turnstyle
+        uses: softprops/turnstyle@v1
+        with:
+          continue-after-seconds: 180
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN  }}
+
+      - name: Fetch history
+        run: git fetch --prune --unshallow
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      # See https://github.com/helm/chart-releaser-action/issues/6
+      - name: Set up Helm
+        uses: azure/setup-helm@v3.1
+        with:
+          version: v3.6.3
+
+      - name: Run chart-releaser
+        # TODO: switch back @main to a specific version like @v1.5.1 or higher
+        uses: helm/chart-releaser-action@main
+        with:
+          mark_as_latest: false
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+          CR_SKIP_EXISTING: true

.github/workflows/update-helm.yml

@@ -17,8 +17,8 @@ jobs:
           DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
           DOCKER_TAG="${DOCKER_TAG%%-latest*}"
           export DOCKER_TAG
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
-            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v4

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN set -ex; \
     \

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.12.2.1
+FROM collabora/code:22.05.12.4.1
 
 USER root
 

Containers/domaincheck/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 RUN apk add --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data

Containers/mastercontainer/Dockerfile

@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.1-dind as dind
+FROM docker:23.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
@@ -62,7 +62,7 @@ RUN set -ex; \
 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
 
-COPY --from=dind /usr/local/bin/docker /usr/local/bin/
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
 RUN set -e && \

Containers/mastercontainer/start.sh

@@ -95,10 +95,10 @@ fi
 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
-        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+        sleep 1
     elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
         echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/' and must not be equal to '/'.
+The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
 It is set to '$NEXTCLOUD_DATADIR'."
         exit 1
     fi
@@ -194,9 +194,9 @@ It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
     fi
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
-    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
         echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi

Containers/nextcloud/Dockerfile

@@ -98,6 +98,8 @@ RUN { \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
+        echo 'opcache.jit=1255'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
     echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \

Containers/nextcloud/entrypoint.sh

@@ -216,6 +216,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             fi
 
             # We do our own permission check so the permission check is not needed
+            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+<?php
+\$CONFIG = array (
+  'check_data_directory_permissions' => false
+);
+DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
 
             # Try to force generation of appdata dir:
@@ -238,9 +244,27 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 fi
             fi
 
+            # This autoconfig is not needed anymore and should be able to be overwritten by the user
+            rm /var/www/html/config/datadir.permission.config.php
+
             # unset admin password
             unset ADMIN_PASSWORD
 
+            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
+                php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                php /var/www/html/updater/updater.phar --no-interaction
+                php /var/www/html/occ app:enable nextcloud-aio --force
+                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                    echo "Installation of Nextcloud failed!"
+                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                fi
+                php /var/www/html/occ config:system:set updater.release.channel --value=stable
+                php /var/www/html/occ db:add-missing-indices
+                php /var/www/html/occ db:add-missing-columns
+                php /var/www/html/occ db:add-missing-primary-keys
+                yes | php /var/www/html/occ db:convert-filecache-bigint
+            fi
+
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
@@ -299,11 +323,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 done
             fi
 
-            # Set the permission check to its default value again if not set
-            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
-                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
-            fi
-
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"

Containers/talk/Dockerfile

@@ -1,6 +1,6 @@
 FROM nats:2.9.15-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server

Containers/watchtower/Dockerfile

@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /

helm-chart/Chart.yaml

@@ -1,9 +0,0 @@
-name: Nextcloud AIO Helm Chart
-description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.6.2
-apiVersion: v2
-keywords:
-  - latest
-sources:
-  - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
-home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

helm-chart/readme.md

@@ -1,3 +0,0 @@
-# You can also install the AIO containers on Kubernetes using this Helm Chart
-
-This is currently beta and not ready yet.

manual-install/update-yaml.sh

@@ -71,7 +71,6 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|SKIP_DATA_DIRECTORY_PERMISSION_CHECK=|SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
@@ -84,6 +83,7 @@ sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccom
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
+sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf

nextcloud-aio-helm-chart/Chart.yaml

@@ -0,0 +1,12 @@
+name: nextcloud-aio-helm-chart
+description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
+version: 4.7.0
+apiVersion: v2
+keywords:
+  - latest
+  - nextcloud
+  - helm-chart
+  - open-source
+sources:
+  - https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart
+home: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart

nextcloud-aio-helm-chart/readme.md

@@ -0,0 +1,14 @@
+# You can also install the AIO containers on Kubernetes using this Helm Chart
+
+This is currently beta and not ready yet.
+
+## How to use this?
+
+First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`
+
+Then run:
+
+```
+helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
+helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
+```

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230315_112022-latest
+          image: nextcloud/aio-apache:20230330_075307-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230315_112022-latest
+          image: nextcloud/aio-clamav:20230330_075307-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -44,7 +44,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230315_112022-latest
+          image: nextcloud/aio-collabora:20230330_075307-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230315_112022-latest
+          image: nextcloud/aio-postgresql:20230330_075307-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230315_112022-latest
+          image: nextcloud/aio-fulltextsearch:20230330_075307-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230315_112022-latest
+          image: nextcloud/aio-imaginary:20230330_075307-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230315_112022-latest
+          image: nextcloud/aio-nextcloud:20230330_075307-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230315_112022-latest
+          image: nextcloud/aio-onlyoffice:20230330_075307-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230315_112022-latest
+          image: nextcloud/aio-redis:20230330_075307-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230315_112022-latest
+          image: nextcloud/aio-talk:20230330_075307-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/update-helm.sh

@@ -2,6 +2,9 @@
 
 DOCKER_TAG="$1"
 
+# The logic needs the files in ./helm-chart
+mv ./nextcloud-aio-helm-chart ./helm-chart
+
 # Clean
 rm -f ./helm-chart/values.yaml
 rm -rf ./helm-chart/templates
@@ -199,4 +202,9 @@ done
 
 chmod 777 -R ./
 
+# Seems like the dir needs to match the name of the chart
+cd ../
+rm -rf ./nextcloud-aio-helm-chart
+mv ./helm-chart ./nextcloud-aio-helm-chart
+
 set +ex

php/containers-schema.json

@@ -73,6 +73,9 @@
 					"restart": {
 						"type": "string"
 					},
+					"shm_size": {
+						"type": "integer"
+					},
 					"secrets": {
 						"type": "array",
 						"items": {

php/containers.json

@@ -74,7 +74,8 @@
         "PGTZ=%TIMEZONE%"
       ],
       "stop_grace_period": 1800,
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "shm_size": 268435456
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -161,7 +162,7 @@
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
-        "SKIP_DATA_DIRECTORY_PERMISSION_CHECK=%SKIP_DATA_DIRECTORY_PERMISSION_CHECK%"
+        "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%"
       ],
       "restart": "unless-stopped",
       "devices": [

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.8.0@9cf4f60a333f779ad3bc704a555920e81d4fdcda"/>
+<files psalm-version="5.9.0@8b9ad1eb9e8b7d3101f949291da2b9f7767cd163"/>

php/public/forms.js

@@ -20,8 +20,10 @@
     if (xhr.status === 201) {
       window.location.replace(xhr.getResponseHeader('Location'));
     } else if (xhr.status === 422) {
+      disableSpinner()
       showError(xhr.response);
     } else if (xhr.status === 500) {
+      disableSpinner()
       showError("Server error. Please check the mastercontainer logs for details.");
     } else {
       // If the responose is not one of the above, we should reload to show the latest content
@@ -29,16 +31,12 @@
     }
   }
 
-  function disable(element) {
+  function disableSpinnerSpinner() {
     document.getElementById('overlay').classList.add('loading');
-    element.classList.add('loading');
-    element.disabled = true;
   }
 
-  function enable(element) {
+  function disableSpinner() {
     document.getElementById('overlay').classList.remove('loading');
-    element.classList.remove('loading');
-    element.disabled = false;
   }
 
   function initForm(form) {
@@ -50,11 +48,10 @@
       var xhr = new XMLHttpRequest();
       xhr.addEventListener('load', handleEvent);
       xhr.addEventListener('error', () => showError("Failed to talk to server."));
-      xhr.addEventListener('load', () => enable(event.submitter));
-      xhr.addEventListener('error', () => enable(event.submitter));
+      xhr.addEventListener('error', () => disableSpinner());
       xhr.open(form.method, form.getAttribute("action"));
       xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
-      disable(event.submitter);
+      disableSpinnerSpinner();
       xhr.send(new URLSearchParams(new FormData(form)));
       event.preventDefault();
     }

php/public/style.css

@@ -144,7 +144,7 @@ input {
     padding: 20px;
     max-width: 100%;
     word-break: break-word;
-    max-width: 470px;
+    max-width: 500px;
     margin: 0 auto;
 }
 

php/src/Container/Container.php

@@ -25,6 +25,7 @@ class Container {
     private array $devices;
     /** @var string[] */
     private array $capAdd;
+    private int $shmSize;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -41,6 +42,7 @@ class Container {
         array $secrets,
         array $devices,
         array $capAdd,
+        int $shmSize,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -56,6 +58,7 @@ class Container {
         $this->secrets = $secrets;
         $this->devices = $devices;
         $this->capAdd = $capAdd;
+        $this->shmSize = $shmSize;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -75,6 +78,10 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetShmSize() : int {
+        return $this->shmSize;
+    }
+
     public function GetMaxShutdownTime() : int {
         return $this->maxShutdownTime;
     }

php/src/ContainerDefinitionFetcher.php

@@ -218,6 +218,11 @@ class ContainerDefinitionFetcher
                 $capAdd = $entry['cap_add'];
             }
 
+            $shmSize = -1;
+            if (isset($entry['shm_size'])) {
+                $shmSize = $entry['shm_size'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -232,6 +237,7 @@ class ContainerDefinitionFetcher
                 $secrets,
                 $devices,
                 $capAdd,
+                $shmSize,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Controller/DockerController.php

@@ -154,11 +154,19 @@ class DockerController
             $port = 443;
         }
 
+        if (isset($request->getParsedBody()['install_latest_major'])) {
+            $installLatestMajor = 26;
+        } else {
+            $installLatestMajor = "";
+        }
+
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
         $config['AIO_URL'] = $host . ':' . $port;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
+        // set install_latest_major
+        $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
 
         // Start container

php/src/Controller/LoginController.php

@@ -21,15 +21,17 @@ class LoginController
 
     public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
-            return $response->withHeader('Location', '/')->withStatus(302);
+            $response->getBody()->write("The login is blocked since Nextcloud is running.");
+            return $response->withHeader('Location', '/')->withStatus(422);
         }
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(302);
+            return $response->withHeader('Location', '/')->withStatus(201);
         }
 
-        return $response->withHeader('Location', '/')->withStatus(302);
+        $response->getBody()->write("The password is false.");
+        return $response->withHeader('Location', '/')->withStatus(422);
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {

php/src/Data/ConfigurationManager.php

@@ -234,6 +234,11 @@ class ConfigurationManager
      * @throws InvalidSettingConfigurationException
      */
     public function SetDomain(string $domain) : void {
+        // Validate that at least one dot is contained
+        if (strpos($domain, '.') === false) {
+            throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
+        }
+
         // Validate domain
         if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
             throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
@@ -268,11 +273,10 @@ class ConfigurationManager
             $port = $this->GetApachePort();
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
-                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException($errorMessage);
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
                 } else {
-                    error_log($errorMessage);
+                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }
             }
 
@@ -664,7 +668,7 @@ class ConfigurationManager
             // Trim all unwanted chars on both sites
             $entry = trim($entry);
             if ($entry !== "") {
-                if (!preg_match("#^/[0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[0-1a-zA-Z_-]+$#", $entry)) {
+                if (!preg_match("#^/[.0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
                     throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
                 }
                 $validDirectories .= rtrim($entry, '/') . PHP_EOL;
@@ -678,6 +682,14 @@ class ConfigurationManager
         }
     }
 
+    public function shouldLatestMajorGetInstalled() : bool {
+        $config = $this->GetConfig();
+        if(!isset($config['install_latest_major'])) {
+            $config['install_latest_major'] = '';
+        }
+        return $config['install_latest_major'] !== '';
+    }
+
     public function GetAdditionalBackupDirectoriesString() : string {
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
@@ -739,14 +751,6 @@ class ConfigurationManager
         return false;
     }
 
-    public function shouldDataDirectoryPermissionCheckGetSkipped() : bool {
-        $datadir = $this->GetNextcloudDatadirMount();
-        if ($datadir === 'nextcloud_aio_nextcloud_datadir' || str_starts_with($datadir, '/run/desktop/mnt/host/')) {
-            return true;
-        }
-        return false;
-    }
-
     public function GetNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {

php/src/Docker/DockerActionManager.php

@@ -348,8 +348,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-                } elseif ($out[1] === 'SKIP_DATA_DIRECTORY_PERMISSION_CHECK') {
-                    if ($this->configurationManager->shouldDataDirectoryPermissionCheckGetSkipped()) {
+                } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') {
+                    if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
                         $replacements[1] = 'yes';
                     } else {
                         $replacements[1] = '';
@@ -411,6 +411,11 @@ class DockerActionManager
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        $shmSize = $container->GetShmSize();
+        if ($shmSize > 0) {
+            $requestBody['HostConfig']['ShmSize'] = $shmSize;
+        }
+
         $capAdds = $container->GetCapAdds();
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.7.0</h1>
+        <h1>Nextcloud AIO v4.8.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -26,6 +26,8 @@
         {% set isWatchtowerRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
+        {# Setting newMajorVersion to '' will hide corresponding options/elements #}
+        {% set newMajorVersion = 26 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -250,6 +252,12 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
+                            {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
+                                <details>
+                                <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
+                                </details><br>
+                            {% endif %}
                         {% endif %}
                     {% endif %}
                 {% endif %}
@@ -287,7 +295,16 @@
                                 <input class="button" type="submit" value="Update mastercontainer" />
                             </form>
                         {% else %}
-                            {% if was_start_button_clicked == false or has_update_available == false %}
+                            {% if was_start_button_clicked == false %}
+                                <form method="POST" action="/api/docker/start" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    {% if newMajorVersion != '' %}
+                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud {{ newMajorVersion }} (if unchecked, Nextcloud {{ newMajorVersion - 1 }} will get installed)</label><br>
+                                    {% endif %}
+                                    <input class="button" type="submit" value="Download and start containers" />
+                                </form>
+                            {% elseif has_update_available == false %}
                                 <form method="POST" action="/api/docker/start" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -441,7 +458,7 @@
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input class="button" type="submit" value="Submit" /><br>
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
+                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
                                         Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
                                         Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
                                         {% if additional_backup_directories != "" %}
@@ -514,6 +531,7 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
+                        <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
                     <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}

php/templates/layout.twig

@@ -4,7 +4,6 @@
         <link rel="stylesheet" href="/style.css" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
-        <script type="text/javascript" src="options-form-submit.js"></script>
     </head>
 
     <body>

php/templates/login.twig

@@ -7,7 +7,7 @@
             <h1>Nextcloud AIO Login</h1>
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
-                <form method="POST" action="/api/auth/login">
+                <form method="POST" action="/api/auth/login" class="xhr">
                     <input type="text" autocomplete="off" name="password" placeholder="Password" />
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">

readme.md

@@ -239,6 +239,7 @@ Here is how to reset the AIO instance properly:
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
 1. Now remove all these dangling volumes: `sudo docker volume prune` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). Also if you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well.
+1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
 1. And you are done! Now feel free to start over with the recommended docker run command!
 
@@ -268,7 +269,16 @@ The backups itself get encrypted with an encryption key that gets shown to you i
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
 
-Note that this implementation does not provide remote backups, for this you can use the [backup app](https://apps.nextcloud.com/apps/backup).
+---
+
+#### Are remote borg backups supported?
+
+Not directly but you have multiple options to achieve this:
+- Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
+- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
+- You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
+- create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)
+- Additionally, there is the [backup app](https://apps.nextcloud.com/apps/backup) for remote backups
 
 ---
 
@@ -464,7 +474,7 @@ Sure. Add this to the `/etc/fstab` file: <br>
 (Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
 
 One example could look like this:<br>
-`//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,mfsymlinks,seal,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
 and add into `/etc/storage-credentials`:
 ```
 username=<smb/cifs username>
@@ -515,7 +525,7 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 

reverse-proxy.md

@@ -447,9 +447,11 @@ The examples below define the dynamic configuration in YAML files. If you rather
 ---
 
 Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to the domain on which you want to run Nextcloud. Also make sure to adjust the port `11000` to match the chosen `APACHE_PORT`. 
-    
+
 **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. If that is not an option for you, you can alternatively instead of `localhost` use the ip-address that is displayed after running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (the command only works on Linux)
 
+**Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
+
 </details>
 
 ### Others