create important dirs beforehand

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/create-psalm-container.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Modify the Dockerfile
         run: |
           set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile"
           cat << APCU >> "psalm-github-actions/Dockerfile"
           RUN mkdir -p /usr/src/php/ext/apcu && \
             curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \

.github/workflows/dependency-updates.yml

@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: shivammathur/setup-php@v2
       with:
-        php-version: 8.1
+        php-version: 8.2
         extensions: apcu
     - name: Run dependency update script
       run: |

.github/workflows/imaginary-update.yml

@@ -19,7 +19,7 @@ jobs:
             | cut -f1 \
             | tail -1
         )"
-        sed -i "s|go install github.com/h2non/imaginary.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        sed -i "s|go install github.com/h2non/imaginary.*;|go install github.com/h2non/imaginary@$imaginary_version;|" ./Containers/imaginary/Dockerfile
         
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5

.github/workflows/lint-php.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.1"]
+        php-versions: ["8.2"]
 
     name: php-lint
 

.github/workflows/php-deprecation-detector.yml

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 

.github/workflows/psalm-analysis.yml

@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 

.github/workflows/psalm-update-baseline.yml

@@ -12,10 +12,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up php8.1
+      - name: Set up php8.2
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.1
+          php-version: 8.2
           extensions: apcu
           coverage: none
 

.github/workflows/twig-lint.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.1"]
+        php-versions: ["8.2"]
 
     name: twig-lint
 

Containers/apache/Caddyfile

@@ -5,6 +5,10 @@
         root /mnt/data/caddy
     }
 
+    servers {
+        # trusted_proxies placeholder
+    }
+
     log {
         level ERROR
     }
@@ -12,59 +16,11 @@
 
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
 
-    # Notify Push
-    route /push/* {
-        uri strip_prefix /push
-        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
-            # trusted_proxies placeholder
-        }
-    }
+    # Bundled
+    import /caddy-imports/*
 
-    # Talk
-    route /standalone-signaling/* {
-        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081 {
-            # trusted_proxies placeholder
-        }
-    }
-
-    # Collabora
-    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980 {
-            # trusted_proxies placeholder
-        }
-    }
-
-    # Onlyoffice
-    route /onlyoffice/* {
-        uri strip_prefix /onlyoffice
-        reverse_proxy {$ONLYOFFICE_HOST}:80 {
-            header_up X-Forwarded-Host {http.request.host}/onlyoffice
-            header_up X-Forwarded-Proto https
-            # trusted_proxies placeholder
-        }
-    }
-
-    # Nextcloud
-    route {
-        rewrite /.well-known/carddav /remote.php/dav
-        rewrite /.well-known/caldav /remote.php/dav
-        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000 {
-            # See https://github.com/nextcloud/all-in-one/issues/828
-            # trusted_proxies placeholder
-        }
-    }
+    # Others
+    import /mnt/data/caddy-imports/*
 
     # TLS options
     tls {

Containers/apache/Dockerfile

@@ -3,83 +3,74 @@ FROM caddy:2.6.4-alpine as caddy
 
 FROM httpd:2.4.57-alpine3.17
 
+COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+
+COPY --chown=33:33 Caddyfile /Caddyfile
+COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
+COPY --chmod=664 nextcloud /nextcloud
+COPY --chmod=664 caddy-imports/* /caddy-imports/
+COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+VOLUME /mnt/data
+
 RUN set -ex; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
     usermod -u 33 -g 33 www-data; \
-    apk del --no-cache shadow
-
-RUN mkdir -p /mnt/data; \
-    chown www-data:www-data /mnt/data;
-
-VOLUME /mnt/data
-
-RUN set -ex; \
+    apk del --no-cache shadow; \
+    \
+    mkdir -p /mnt/data; \
+    chown -R www-data:www-data /mnt/data; \
+    \
     apk add --no-cache \
         bash \
         supervisor \
-        wget \
         tzdata \
         ca-certificates \
         openssl \
-        netcat-openbsd
-
-COPY --from=caddy /usr/bin/caddy /usr/bin/
-RUN chmod +x /usr/bin/caddy
-
-RUN sed -i \
-                -e '/^Listen /d' \
-                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
-                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-                conf/httpd.conf; \
-		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
-                echo "ServerName localhost" | tee -a conf/httpd.conf
-		
-COPY nextcloud.conf conf
-
-RUN set -ex; \
-    rm -rf conf/original conf/original && \
-    rm -rf /var/www/html/* && \
-    mkdir /var/www && \
-    chown -R www-data:www-data /var/www;
-
-RUN mkdir /var/log/supervisord; \
+        netcat-openbsd; \
+    \
+    sed -i \
+            -e '/^Listen /d' \
+            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+        /usr/local/apache2/conf/httpd.conf; \
+    echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
+    echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
+    \
+    rm -rf /usr/local/apache2/conf/original /var/www; \
+    mkdir -p /var/www; \
+    chown -R www-data:www-data /var/www; \
+    \
+    mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord; \
     chown www-data:www-data /var/run/supervisord; \
-    chown www-data:www-data /var/log/supervisord;
-
-COPY Caddyfile /
-
-COPY start.sh /usr/bin/
-COPY healthcheck.sh /usr/bin/
-COPY supervisord.conf /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /usr/bin/healthcheck.sh; \
-    chmod +r /supervisord.conf; \
-    chown www-data:www-data /Caddyfile; \
+    chown www-data:www-data /var/log/supervisord; \
+    \
     chown -R www-data:www-data /usr/local/apache2; \
-    chmod +r -R /usr/local/apache2
-
-# Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    chmod +r -R /usr/local/apache2; \
+    \
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER www-data
 
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/apache/caddy-imports/collabora

@@ -0,0 +1,10 @@
+# Collabora
+route /browser/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}
+route /hosting/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}
+route /cool/* {
+    reverse_proxy {$COLLABORA_HOST}:9980
+}

Containers/apache/caddy-imports/notify-push

@@ -0,0 +1,5 @@
+# Notify Push
+route /push/* {
+    uri strip_prefix /push
+    reverse_proxy {$NEXTCLOUD_HOST}:7867
+}

Containers/apache/caddy-imports/onlyoffice

@@ -0,0 +1,8 @@
+# Onlyoffice
+route /onlyoffice/* {
+    uri strip_prefix /onlyoffice
+    reverse_proxy {$ONLYOFFICE_HOST}:80 {
+        header_up X-Forwarded-Host {http.request.host}/onlyoffice
+        header_up X-Forwarded-Proto https
+    }
+}

Containers/apache/caddy-imports/talk

@@ -0,0 +1,5 @@
+# Talk
+route /standalone-signaling/* {
+    uri strip_prefix /standalone-signaling
+    reverse_proxy {$TALK_HOST}:8081
+}

Containers/apache/nextcloud

@@ -0,0 +1,7 @@
+# Nextcloud
+route /* {
+    rewrite /.well-known/carddav /remote.php/dav
+    rewrite /.well-known/caldav /remote.php/dav
+    header Strict-Transport-Security max-age=31536000;
+    reverse_proxy localhost:8000
+}

Containers/apache/start.sh

@@ -45,12 +45,18 @@ else
 fi
 echo "$CADDYFILE" > /Caddyfile
 
+# Overwrite nextcloud conf
+cat /nextcloud > /mnt/data/caddy-imports/nextcloud
+
 # Fix the Caddyfile format
 caddy fmt --overwrite /Caddyfile
 
 # Add caddy path
 mkdir -p /mnt/data/caddy/
 
+# Add caddy import path
+mkdir -p /mnt/data/caddy-imports
+
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid
 

Containers/borgbackup/backupscript.sh

@@ -24,6 +24,14 @@ for directory in "${VOLUME_DIRS[@]}"; do
         exit 1
     fi
 done
+# Test if default volumes are there
+DEFAULT_VOLUMES=(nextcloud_aio_apache nextcloud_aio_nextcloud nextcloud_aio_database nextcloud_aio_database_dump nextcloud_aio_elasticsearch nextcloud_aio_nextcloud_data nextcloud_aio_mastercontainer)
+for volume in "${DEFAULT_VOLUMES[@]}"; do
+    if ! mountpoint -q "/nextcloud_aio_volumes/$volume"; then
+        echo "$volume is missing which is not intended."
+        exit 1
+    fi
+done
 
 # Check if target is mountpoint
 if ! mountpoint -q /mnt/borgbackup; then
@@ -86,8 +94,9 @@ if [ "$BORG_MODE" = backup ]; then
     if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
         # Don't initialize if already initialized
         if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-            echo "Cannot initialize a new repository as that was already done at least one time."
-            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "No borg config file was found in the targeted directory."
+            echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
+            echo "If you instead want to initialize a new backup repository, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
             echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
             exit 1
         fi
@@ -132,6 +141,13 @@ if [ "$BORG_MODE" = backup ]; then
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
 
+    # Make sure that there is always a borg.config file before creating a new backup
+    if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
+        echo "Did not find borg.config file in the mastercontainer volume."
+        echo "Cannot create a backup as this is wrong."
+        exit 1
+    fi
+
     # Create the backup
     echo "Starting the backup..."
     get_start_time

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.13.1.1
+FROM collabora/code:22.05.14.3.1
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -7,7 +7,7 @@ RUN set -ex; \
         vips-jxl \
         vips-poppler \
         build-base; \
-    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84;
 
 FROM alpine:3.17.3
 RUN set -ex; \
@@ -23,11 +23,13 @@ RUN set -ex; \
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
 
+ENV PORT 9000
+
 USER nobody
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["imaginary", "-p", "9000", "-return-size", "-max-allowed-resolution", "222.2"]
+ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
 
-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/mastercontainer/Dockerfile

@@ -1,28 +1,28 @@
 # Docker CLI is a requirement
-FROM docker:23.0.5-cli as docker
+FROM docker:23.0.6-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.18-fpm-alpine3.17
+# From https://github.com/docker-library/php/blob/master/8.2/alpine3.17/fpm/Dockerfile
+FROM php:8.2.6-fpm-alpine3.17
+
+EXPOSE 80
+EXPOSE 8080
+EXPOSE 8443
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+
+WORKDIR /var/www/docker-aio
 
 RUN set -ex; \
     apk add --no-cache shadow; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     groupmod -g 33 www-data; \
-    usermod -u 33 -g 33 www-data
-
-EXPOSE 80
-EXPOSE 8080
-EXPOSE 8443
-
-RUN mkdir -p /var/www/docker-aio;
-
-WORKDIR /var/www/docker-aio
-
-RUN set -ex; \
+    usermod -u 33 -g 33 www-data; \
+    \
     apk add --no-cache \
         util-linux-misc \
         ca-certificates \
@@ -36,16 +36,14 @@ RUN set -ex; \
         sudo \
         netcat-openbsd \
         curl \
-        grep
-
-RUN set -ex; \
+        grep; \
+    \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
     pecl install APCu-5.1.22; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
-    \
     runDeps="$( \
         scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
             | tr ',' '\n' \
@@ -57,15 +55,8 @@ RUN set -ex; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
-
-COPY --from=caddy /usr/bin/caddy /usr/bin/
-RUN chmod +x /usr/bin/caddy
-
-COPY --from=docker /usr/local/bin/docker /usr/local/bin/
-RUN chmod +x /usr/local/bin/docker
-
-RUN set -e && \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
+    \
     apk add --no-cache git; \
     wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
     chmod +x /usr/local/bin/composer; \
@@ -75,22 +66,19 @@ RUN set -e && \
     chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
     sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clearcache; \
+    sudo -u www-data composer clear-cache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
-    chmod 770 -R ./; \
-    chown www-data:www-data -R /var/www; \
-    rm -r ./php/data; \
-    rm -r ./php/session; \
-    apk del --no-cache git
-
-RUN mkdir -p /etc/apache2/certs && \
-    cd /etc/apache2/certs && \
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt;
-
-COPY mastercontainer.conf /etc/apache2/sites-available/
-
-RUN sed -i \
+    chmod -R 770 /var/www/docker-aio; \
+    chown -R www-data:www-data /var/www; \
+    rm -r php/data; \
+    rm -r php/session; \
+    \
+    mkdir -p /etc/apache2/certs; \
+    cd /etc/apache2/certs; \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
+    \
+    sed -i \
             -e '/^Listen /d' \
             -e 's/User apache/User www-data/g' \
             -e 's/Group apache/Group www-data/g' \
@@ -109,35 +97,23 @@ RUN sed -i \
         echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
         echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
-        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf
-
-RUN set -ex; \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
+    \
     rm -f /etc/apache2/conf.d/default.conf \
           /etc/apache2/conf.d/userdir.conf \
-          /etc/apache2/conf.d/info.conf
-
-RUN mkdir /var/log/supervisord; \
+          /etc/apache2/conf.d/info.conf; \
+    \
+    mkdir /var/log/supervisord; \
     mkdir /var/run/supervisord;
 
-COPY Caddyfile /
-COPY start.sh /usr/bin/
-COPY backup-time-file-watcher.sh /
-COPY session-deduplicator.sh /
-COPY cron.sh /
-COPY daily-backup.sh /
-COPY supervisord.conf /
-COPY healthcheck.sh /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /cron.sh; \
-    chmod +x /session-deduplicator.sh; \
-    chmod +x /backup-time-file-watcher.sh; \
-    chmod +x /daily-backup.sh; \
-    chmod a+r /Caddyfile; \
-    chmod +x /healthcheck.sh
+COPY --chmod=775 *.sh /
+COPY --chmod=664 Caddyfile /Caddyfile
+COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
 USER root
 
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh

Containers/mastercontainer/start.sh

@@ -20,6 +20,12 @@ case "${1}" in
 esac
 }
 
+# Check if running as root user
+if [ "$EUID" != "0" ]; then
+    print_red "Container does not run as root user. This is not supported."
+    exit 1
+fi
+
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
     print_red "Docker socket is not available. Cannot continue."

Containers/postgresql/Dockerfile

@@ -1,39 +1,35 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.2-alpine
+FROM postgres:15.3-alpine
 
-RUN apk add --no-cache bash openssl shadow grep mawk
+COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
 
-# We need to use the same gid and uid as on old installations
 RUN set -ex; \
+    apk add --no-cache bash openssl shadow grep mawk; \
+    \
+# We need to use the same gid and uid as on old installations
     deluser postgres; \
     groupmod -g 9999 ping; \
     addgroup -g 999 -S postgres; \
-    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres
-
+    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
+    apk del --no-cache shadow; \
+    \
 # Fix default permissions
-RUN set -ex; \
     chown -R postgres:postgres /var/lib/postgresql; \
     chown -R postgres:postgres /var/run/postgresql; \
-    chown -R postgres:postgres "$PGDATA"
-
-COPY start.sh /usr/bin/
-COPY healthcheck.sh /usr/bin/
-COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN set -ex; \
-    chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
-    chmod +x /usr/bin/healthcheck.sh
-
-RUN mkdir /mnt/data; \
-    chown postgres:postgres /mnt/data;
+    chown -R postgres:postgres "$PGDATA"; \
+    \
+    mkdir /mnt/data; \
+    chown postgres:postgres /mnt/data; \
+    \
+# Give root a random password
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 VOLUME /mnt/data
 
-# Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
-
 USER postgres
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/talk/Dockerfile

@@ -1,6 +1,6 @@
 FROM nats:2.9.16-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
-FROM coturn/coturn:4.6.2-alpine
+FROM coturn/coturn:4.6.2-r0-alpine
 USER root
 
 COPY --from=nats /nats-server /usr/local/bin/nats-server

docker-ipv6-support.md

@@ -1,6 +1,8 @@
 # IPv6-Support for Docker
 
-Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
+Before enabling IPv6-Support for Docker, please note that there are still some unresolved problems in regards to IPv6-Support in Docker. See https://github.com/nextcloud/all-in-one/discussions/2557 for more details on this.
+
+Now that this was mentioned, see the instructions below on how to enable IPv6 for Docker.
 
 ## Docker on Linux and Docker-rootless
 1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well. If you are using mailcow and enabled IPv6 with the update.sh, you can keep their daemon.json, it will work too.

local-instance.md

@@ -6,7 +6,7 @@ The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
 1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
-1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
+1. Enter the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 
 ## 2. Use the ACME DNS-challenge

manual-install/latest.yml

@@ -237,5 +237,13 @@ volumes:
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 
+# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: ${IPV6_NETWORK}

manual-install/sample.conf

@@ -31,3 +31,4 @@ TALK_PORT=3478          # This allows to adjust the port that the talk container
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use

manual-install/update-yaml.sh

@@ -15,6 +15,7 @@ OUTPUT="$(cat /tmp/containers.json)"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 5.0.0
+version: 5.1.0
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230501_090621-latest
+          image: nextcloud/aio-apache:20230511_075831-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230501_090621-latest
+          image: nextcloud/aio-clamav:20230511_075831-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -34,6 +34,8 @@ spec:
               mountPath: /nextcloud-aio-collabora-fonts
       containers:
         - env:
+            - name: DONT_GEN_SSL_CERT
+              value: "1"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
             - name: aliasgroup1
@@ -44,7 +46,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230501_090621-latest
+          image: nextcloud/aio-collabora:20230511_075831-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -22,11 +22,25 @@ spec:
         io.kompose.service: nextcloud-aio-database
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-database/data
+            - /nextcloud-aio-database
+            - /nextcloud-aio-database-dump
+          volumeMounts:
+            - name: nextcloud-aio-database-dump
+              mountPath: /nextcloud-aio-database-dump
+            - name: nextcloud-aio-database
+              mountPath: /nextcloud-aio-database
         - name: init-volumes
           image: alpine
           command:
             - chown
             - 999:999
+            - "-R"
             - /nextcloud-aio-database
             - /nextcloud-aio-database-dump
           volumeMounts:
@@ -46,12 +60,13 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230501_090621-latest
+          image: nextcloud/aio-postgresql:20230511_075831-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432
           volumeMounts:
             - mountPath: /var/lib/postgresql/data
+              subPath: data
               name: nextcloud-aio-database
             - mountPath: /mnt/data
               name: nextcloud-aio-database-dump

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230501_090621-latest
+          image: nextcloud/aio-fulltextsearch:20230511_075831-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230501_090621-latest
+          image: nextcloud/aio-imaginary:20230511_075831-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230501_090621-latest
+          image: nextcloud/aio-nextcloud:20230511_075831-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230501_090621-latest
+          image: nextcloud/aio-onlyoffice:20230511_075831-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230501_090621-latest
+          image: nextcloud/aio-redis:20230511_075831-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230501_090621-latest
+          image: nextcloud/aio-talk:20230511_075831-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/update-helm.sh

@@ -32,6 +32,7 @@ sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
 sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
 sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml
 sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
+sed -i "/name: nextcloud-aio/,$ d" latest.yml
 sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
 sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
 sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
@@ -56,7 +57,7 @@ cat << EOL > /tmp/initcontainers
 EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
-        - init-subpath
+        - name: init-subpath
           image: alpine
           command:
             - mkdir
@@ -187,6 +188,7 @@ sed -i 's|= |: |' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
 sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
 sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
+sed -i '/^IPV6_NETWORK/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf

php/composer.json

@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "8.1.*",
+        "php": "8.2.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"
 	}
 }

php/composer.lock

@@ -4,20 +4,20 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "ca8e9b0dbbbd88c096dd8f2bda37a315",
+    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.5.1",
+            "version": "7.6.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
+                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
-                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
+                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
                 "shasum": ""
             },
             "require": {
@@ -48,9 +48,6 @@
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "7.5-dev"
                 }
             },
             "autoload": {
@@ -116,7 +113,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.5.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.6.1"
             },
             "funding": [
                 {
@@ -132,7 +129,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-04-17T16:30:08+00:00"
+            "time": "2023-05-15T20:43:01+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -1642,16 +1639,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.5.1",
+            "version": "v3.6.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15"
+                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a6e0510cc793912b451fd40ab983a1d28f611c15",
-                "reference": "a6e0510cc793912b451fd40ab983a1d28f611c15",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/106c170d08e8415d78be2d16c3d057d0d108262b",
+                "reference": "106c170d08e8415d78be2d16c3d057d0d108262b",
                 "shasum": ""
             },
             "require": {
@@ -1660,15 +1657,10 @@
                 "symfony/polyfill-mbstring": "^1.3"
             },
             "require-dev": {
-                "psr/container": "^1.0",
+                "psr/container": "^1.0|^2.0",
                 "symfony/phpunit-bridge": "^4.4.9|^5.0.9|^6.0"
             },
             "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.5-dev"
-                }
-            },
             "autoload": {
                 "psr-4": {
                     "Twig\\": "src/"
@@ -1702,7 +1694,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.5.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.6.0"
             },
             "funding": [
                 {
@@ -1714,7 +1706,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-02-08T07:49:20+00:00"
+            "time": "2023-05-03T19:06:57+00:00"
         }
     ],
     "packages-dev": [],
@@ -1724,7 +1716,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "8.1.*",
+        "php": "8.2.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

php/containers-schema.json

@@ -106,6 +106,13 @@
 					"apparmor_unconfined": {
 						"type": "boolean"
 					},
+					"backup_volumes": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^nextcloud_aio_[a-z_]+$"
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
@@ -119,7 +126,8 @@
 								},
 								"source": {
 									"type": "string",
-									"pattern": "^(([a-z_]+)|(%[A-Z_]+%))$"								},
+									"pattern": "^((nextcloud_aio_[a-z_]+)|(%[A-Z_]+%))$"
+								},
 								"writeable": {
 									"type": "boolean"
 								}

php/containers.json

@@ -41,7 +41,11 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "backup_volumes": [
+        "nextcloud_aio_nextcloud",
+        "nextcloud_aio_apache"
+      ]
     },
     {
       "container_name": "nextcloud-aio-database",
@@ -75,7 +79,11 @@
       ],
       "stop_grace_period": 1800,
       "restart": "unless-stopped",
-      "shm_size": 268435456
+      "shm_size": 268435456,
+      "backup_volumes": [
+        "nextcloud_aio_database",
+        "nextcloud_aio_database_dump"
+      ]
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -167,6 +175,9 @@
       "restart": "unless-stopped",
       "devices": [
         "/dev/dri"
+      ],
+      "backup_volumes": [
+        "nextcloud_aio_nextcloud"
       ]
     },
     {
@@ -270,31 +281,11 @@
           "destination": "/root",
           "writeable": true
         },
-        {
-          "source": "nextcloud_aio_nextcloud",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
-          "writeable": true
-        },
         {
           "source": "%NEXTCLOUD_DATADIR%",
           "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
           "writeable": true
         },
-        {
-          "source": "nextcloud_aio_database",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
-          "writeable": true
-        },
-        {
-          "source": "nextcloud_aio_database_dump",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
-          "writeable": true
-        },
-        {
-          "source": "nextcloud_aio_apache",
-          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
-          "writeable": true
-        },
         {
           "source": "nextcloud_aio_mastercontainer",
           "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.10.0@a5effd2d2dddd1a7ea7a0f6a051ce63ff979e356"/>
+<files psalm-version="5.11.0@c9b192ab8400fdaf04b2b13d110575adc879aa90"/>

php/src/Container/Container.php

@@ -27,6 +27,8 @@ class Container {
     private array $capAdd;
     private int $shmSize;
     private bool $apparmorUnconfined;
+    /** @var string[] */
+    private array $backupVolumes;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -45,6 +47,7 @@ class Container {
         array $capAdd,
         int $shmSize,
         bool $apparmorUnconfined,
+        array $backupVolumes,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -62,6 +65,7 @@ class Container {
         $this->capAdd = $capAdd;
         $this->shmSize = $shmSize;
         $this->apparmorUnconfined = $apparmorUnconfined;
+        $this->backupVolumes = $backupVolumes;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -105,6 +109,10 @@ class Container {
         return $this->capAdd;
     }
 
+    public function GetBackupVolumes() : array {
+        return $this->backupVolumes;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }

php/src/ContainerDefinitionFetcher.php

@@ -228,6 +228,11 @@ class ContainerDefinitionFetcher
                 $apparmorUnconfined = $entry['apparmor_unconfined'];
             }
 
+            $backupVolumes = [];
+            if (isset($entry['backup_volumes'])) {
+                $backupVolumes = $entry['backup_volumes'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -244,6 +249,7 @@ class ContainerDefinitionFetcher
                 $capAdd,
                 $shmSize,
                 $apparmorUnconfined,
+                $backupVolumes,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Docker/DockerActionManager.php

@@ -429,6 +429,11 @@ class DockerActionManager
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             // Additional backup directories
             $mounts = [];
+            foreach ($this->getAllBackupVolumes() as $additionalBackupVolumes) {
+                if ($additionalBackupVolumes !== '') {
+                    $mounts[] = ["Type" => "volume", "Source" => $additionalBackupVolumes, "Target" => "/nextcloud_aio_volumes/" . $additionalBackupVolumes, "ReadOnly" => false];
+                }
+            }
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
                 if ($additionalBackupDirectories !== '') {
                     if (!str_starts_with($additionalBackupDirectories, '/')) {
@@ -503,6 +508,31 @@ class DockerActionManager
         }
     }
 
+    private function getBackupVolumes(string $id) : array
+    {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        $backupVolumes = $container->GetBackupVolumes();
+
+        foreach ($container->GetDependsOn() as $dependency) {
+            $backupVolumes[] = $this->getBackupVolumes($dependency);
+        }
+        return $backupVolumes;
+    }
+
+    private function getAllBackupVolumes() : array {
+        $id = 'nextcloud-aio-apache';
+        $backupVolumesArray = $this->getBackupVolumes($id);
+        // Flatten array
+        $backupVolumesArrayFlat = iterator_to_array(
+            new \RecursiveIteratorIterator(
+                new \RecursiveArrayIterator($backupVolumesArray)
+            ),
+            $use_keys = false
+        );
+        return array_unique($backupVolumesArrayFlat);
+    }
+
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {
         try {
             $containerUrl = $this->BuildApiUrl(sprintf('containers/%s/json', $containerName));

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.1.0</h1>
+        <h1>Nextcloud AIO v5.2.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

readme.md

@@ -170,6 +170,8 @@ Also, you may be interested in adjusting Nextcloud's Datadir to store the files
 ### How to run AIO on Synology DSM
 On Synology, there are two things different in comparison to Linux: instead of using `--volume /var/run/docker.sock:/var/run/docker.sock:ro`, you need to use `--volume /volume1/docker/docker.sock:/var/run/docker.sock:ro` to run it. You also need to add `--env WATCHTOWER_DOCKER_SOCKET_PATH="/volume1/docker/docker.sock"`to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`). Apart from that it should work and behave the same like on Linux. Obviously the Synology Docker GUI will not work with that so you will need to either use SSH or create a user-defined script task in the task scheduler as the user 'root' in order to run the command.
 
+⚠️ **Please note**: it is possible that the docker socket on your Synology is located in `/var/run/docker.sock` like the default on Linux. Then you can just use the Linux command without having to change anything - you will notice this when you try to start the container and it says that the bind mount failed. E.g. `docker: Error response from daemon: Bind mount failed: '/volume1/docker/docker.sock' does not exists.` 
+
 Also, you may be interested in adjusting Nextcloud's Datadir to store the files on the host system. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
 
 You'll also need to adjust Synology's firewall, see below:
@@ -301,7 +303,7 @@ Here is how to reset the AIO instance properly:
 1. Now remove all these stopped containers with `sudo docker container prune`
 1. Delete the docker network with `sudo docker network rm nextcloud-aio`
 1. Check which volumes are dangling with `sudo docker volume ls --filter "dangling=true"`
-1. Now remove all these dangling volumes: `sudo docker volume prune docker --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
+1. Now remove all these dangling volumes: `sudo docker volume prune --filter all=1` (on Windows you might need to remove some volumes afterwards manually with `docker volume rm nextcloud_aio_backupdir`, `docker volume rm nextcloud_aio_nextcloud_datadir`). 
 1. If you've configured `NEXTCLOUD_DATADIR` to a path on your host instead of the default volume, you need to clean that up as well. (E.g. by simply deleting the directory).
 1. Make sure that no volumes are remaining with `sudo docker volume ls --format {{.Name}}`. If no `nextcloud-aio` volumes are listed, you can proceed with the steps below. If there should be some, you will need to stop them with `sudo docker volume rm <volume_name>` until no one is listed anymore.
 1. Optional: You can remove all docker images with `sudo docker image prune -a`.
@@ -569,7 +571,7 @@ Be aware though that these locations will not be covered by the built-in backup
 **Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
 
 ### How to adjust the Talk port?
-By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value.
+By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `--env TALK_PORT=3478` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and adjusting the port to your desired value. Best is to use a port over 1024, so e.g. 3479 to not run into this: https://github.com/nextcloud/all-in-one/discussions/2517
 
 ### How to adjust the upload limit for Nextcloud?
 By default are public uploads to Nextcloud limited to a max of 10G (logged in users can upload much bigger files using the webinterface or the mobile/desktop clients since chunking is used in that case). You can adjust the upload limit by providing `--env NEXTCLOUD_UPLOAD_LIMIT=10G` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must start with a number and end with `G` e.g. `10G`.

reverse-proxy.md

@@ -362,6 +362,94 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 </details>
 
+### Node.js with Express
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** It might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+For Node.js, we will use the npm package `http-proxy`. WebSockets must be handled separately.
+
+This example only uses `http`, but if your Express server already uses a `https` server, then follow the same instructions for `https`.
+
+```js
+const HttpProxy = require('http-proxy');
+const express = require('express');
+const http = require('http');
+
+const app = express();
+const proxy = HttpProxy.createProxyServer({
+	target: 'http://localhost:11000',
+	// Timeout can be changed to your liking.
+	timeout: 1000 * 60 * 3,
+	proxyTimeout: 1000 * 60 * 3,
+	// Not 100% certain whether autoRewrite is necessary, but enabling it SEEMS to make it behave more stably.
+	autoRewrite: true,
+	// Do not enable followRedirects.
+	followRedirects: false,
+});
+
+// Handle errors with proxy.web and proxy.ws
+function onProxyError(err, req, res, target) {
+	// Handle errors however you like. Here's an example:
+	if (err.code === 'ECONNREFUSED') {
+		return res.status(503).send('Nextcloud server is currently not running. It may be down for temporary maintenance.');
+	}
+	// other errors
+	else {
+		console.error(err);
+		return res.status(500).send(String(err));
+	}
+}
+
+app.use((req, res) => {
+	proxy.web(req, res, {}, onProxyError);
+});
+
+const httpServer = http.createServer(app);
+httpServer.listen('80');
+
+// Listen for an upgrade to a WebSocket connection.
+httpServer.on('upgrade', (req, socket, head) => {
+	proxy.ws(req, socket, head, {}, onProxyError);
+});
+```
+
+If you are using the Express package `vhost` for your app, you can use `proxy.web` inside the vhosted express function (see the following code snippet), but `proxy.ws` still needs to be done "globally" on your http server. Nextcloud should automatically ignore websocket requests for other domains.
+
+```js
+const HttpProxy = require('http-proxy');
+const express = require('express');
+const http = require('http');
+
+const myNextcloudApp = express();
+const myOtherApp = express();
+const vhost = express();
+
+// Definitions for proxy and onProxyError unchanged. (see above)
+
+myNextcloudApp.use((req, res) => {
+	proxy.web(req, res, {}, onProxyError);
+});
+
+vhost.use(vhostFunc('<your-nextcloud-domain>', myNextcloudApp));
+
+const httpServer = http.createServer(app);
+httpServer.listen('80');
+
+// Listen for an upgrade to a WebSocket connection.
+httpServer.on('upgrade', (req, socket, head) => {
+	proxy.ws(req, socket, head, {}, onProxyError);
+});
+```
+
+Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. 
+**Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
+
+</details>
+
 ### Synology Reverse Proxy
 
 <details>
@@ -461,7 +549,7 @@ Of course you need to modify `<your-nextcloud-domain>` in the `nextcloud.yml` to
 
 **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
-**Hint:** Possibly the following link is useful to understand how AIO configures things: https://github.com/nextcloud/all-in-one/blob/main/manual-install/latest.yml
+**Hint**: see https://www.youtube.com/watch?v=VLPSRrLMDmA for a video on configuring Traefik.
 
 </details>