Alpine 3.23 (#2507)

* Run earlier

Signed-off-by: J0WI <J0WI@users.noreply.github.com>

* Run update.sh

Signed-off-by: J0WI <J0WI@users.noreply.github.com>

* Alpine 3.23

Signed-off-by: J0WI <J0WI@users.noreply.github.com>

---------

Signed-off-by: J0WI <J0WI@users.noreply.github.com>

.config/redis.config.php

@@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
     'memcache.locking' => '\OC\Memcache\Redis',
     'redis' => array(
       'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
     ),
   );
 
@@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+
+  if (getenv('REDIS_HOST_USER') !== false) {
+    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
+  }
 }

.config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

.config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
+        'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions
@@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     )
   );
 
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_KEY')) {
     $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['key'] = '';
   }
 
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
     $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
     $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['secret'] = '';
   }
 
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');

.config/smtp.config.php

@@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
     'mail_smtphost' => getenv('SMTP_HOST'),
     'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
     'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
     'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
     'mail_smtpname' => getenv('SMTP_NAME') ?: '',
     'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
     'mail_domain' => getenv('MAIL_DOMAIN'),
   );
 
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
       $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
   } elseif (getenv('SMTP_PASSWORD')) {
       $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

.examples/README.md

@@ -52,9 +52,6 @@ The required steps for each optional/recommended package that is not already in
 #### ffmpeg
 `apt install ffmpeg`
 
-#### imagemagick SVG support
-`apt install libmagickcore-6.q16-6-extra`
-
 #### LibreOffice
 `apt install libreoffice`
 
@@ -69,9 +66,9 @@ The following Dockerfile commands are also necessary for a sucessfull cron insta
 
 ## docker-compose
 In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
-Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
+Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
 
-The docker-compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
+The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
 
 
 ### insecure
@@ -81,10 +78,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
 
 To use this example complete the following steps:
 
-1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
+1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@@ -100,13 +97,13 @@ This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/
 
 To use this example complete the following steps:
 
-1. open `docker-compose.yml`
+1. open `compose.yaml`
    1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
    2. enter a valid email behind `LETSENCRYPT_EMAIL=`
    3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker-compose up -d`
+3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+4. start nextcloud with `docker compose up -d`
 
 
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.

.examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,9 +1,10 @@
-version: '3'
-
 services:
+  # Note: MariaDB is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/mariadb
   db:
-    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -14,6 +15,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -25,6 +28,7 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - MYSQL_HOST=db
       - REDIS_HOST=redis
@@ -39,6 +43,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db

.examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -0,0 +1,67 @@
+services:
+  # Note: MariaDB is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/mariadb
+  db:
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED
+    restart: always
+    volumes:
+      - db:/var/lib/mysql:Z
+    environment:
+      - MYSQL_ROOT_PASSWORD=
+      - MARIADB_AUTO_UPGRADE=1
+      - MARIADB_DISABLE_UPGRADE_BACKUP=1
+    env_file:
+      - db.env
+
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
+  redis:
+    image: redis:alpine
+    restart: always
+
+  app:
+    image: nextcloud:fpm-alpine
+    restart: always
+    volumes:
+      - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
+    environment:
+      - MYSQL_HOST=db
+      - REDIS_HOST=redis
+    env_file:
+      - db.env
+    depends_on:
+      - db
+      - redis
+
+  # Note: Nginx is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/nginx/
+  web:
+    image: nginx:alpine-slim
+    restart: always
+    ports:
+      - 127.0.0.1:8080:80
+    volumes:
+      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
+      - nextcloud:/var/www/html:z,ro
+    depends_on:
+      - app
+
+  cron:
+    image: nextcloud:fpm-alpine
+    restart: always
+    volumes:
+      - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
+    entrypoint: /cron.sh
+    depends_on:
+      - db
+      - redis
+
+volumes:
+  db:
+  nextcloud:

.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml

@@ -1,57 +0,0 @@
-version: '3'
-
-services:
-  db:
-    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    restart: always
-    volumes:
-      - db:/var/lib/mysql:Z
-    environment:
-      - MYSQL_ROOT_PASSWORD=
-      - MARIADB_AUTO_UPGRADE=1
-      - MARIADB_DISABLE_UPGRADE_BACKUP=1
-    env_file:
-      - db.env
-
-  redis:
-    image: redis:alpine
-    restart: always
-
-  app:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html:z
-    environment:
-      - MYSQL_HOST=db
-      - REDIS_HOST=redis
-    env_file:
-      - db.env
-    depends_on:
-      - db
-      - redis
-
-  web:
-    build: ./web
-    restart: always
-    ports:
-      - 127.0.0.1:8080:80
-    volumes:
-      - nextcloud:/var/www/html:z,ro
-    depends_on:
-      - app
-
-  cron:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html:z
-    entrypoint: /cron.sh
-    depends_on:
-      - db
-      - redis
-
-volumes:
-  db:
-  nextcloud:

.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile

@@ -1,3 +0,0 @@
-FROM nginx:alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,13 +33,15 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
 
+    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        server app:9000;
+        zone backends 64k;
+        server app:9000 resolve;
     }
 
     server {
@@ -140,7 +145,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -162,24 +167,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            default_type "text/javascript";
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
@@ -187,7 +184,7 @@ http {
             }
         }
 
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/insecure/postgres/apache/compose.yaml

@@ -1,7 +1,8 @@
-version: '3'
-
 services:
+  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/postgres
   db:
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -9,6 +10,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -20,6 +23,7 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - POSTGRES_HOST=db
       - REDIS_HOST=redis
@@ -34,6 +38,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db

.examples/docker-compose/insecure/postgres/fpm/compose.yaml

@@ -0,0 +1,62 @@
+services:
+  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/postgres
+  db:
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: postgres:alpine
+    restart: always
+    volumes:
+      - db:/var/lib/postgresql/data:Z
+    env_file:
+      - db.env
+
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
+  redis:
+    image: redis:alpine
+    restart: always
+
+  app:
+    image: nextcloud:fpm-alpine
+    restart: always
+    volumes:
+      - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
+    environment:
+      - POSTGRES_HOST=db
+      - REDIS_HOST=redis
+    env_file:
+      - db.env
+    depends_on:
+      - db
+      - redis
+
+  # Note: Nginx is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/nginx/
+  web:
+    image: nginx:alpine-slim
+    restart: always
+    ports:
+      - 127.0.0.1:8080:80
+    volumes:
+      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
+      - nextcloud:/var/www/html:z,ro
+    depends_on:
+      - app
+
+  cron:
+    image: nextcloud:fpm-alpine
+    restart: always
+    volumes:
+      - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
+    entrypoint: /cron.sh
+    depends_on:
+      - db
+      - redis
+
+volumes:
+  db:
+  nextcloud:

.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml

@@ -1,52 +0,0 @@
-version: '3'
-
-services:
-  db:
-    image: postgres:alpine
-    restart: always
-    volumes:
-      - db:/var/lib/postgresql/data:z
-    env_file:
-      - db.env
-
-  redis:
-    image: redis:alpine
-    restart: always
-
-  app:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html:z
-    environment:
-      - POSTGRES_HOST=db
-      - REDIS_HOST=redis
-    env_file:
-      - db.env
-    depends_on:
-      - db
-      - redis
-
-  web:
-    build: ./web
-    restart: always
-    ports:
-      - 127.0.0.1:8080:80
-    volumes:
-      - nextcloud:/var/www/html:z,ro
-    depends_on:
-      - app
-
-  cron:
-    image: nextcloud:fpm-alpine
-    restart: always
-    volumes:
-      - nextcloud:/var/www/html:z
-    entrypoint: /cron.sh
-    depends_on:
-      - db
-      - redis
-
-volumes:
-  db:
-  nextcloud:

.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile

@@ -1,3 +0,0 @@
-FROM nginx:alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,13 +33,15 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
 
+    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        server app:9000;
+        zone backends 64k;
+        server app:9000 resolve;
     }
 
     server {
@@ -140,7 +145,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -162,23 +167,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
@@ -186,7 +184,7 @@ http {
             }
         }
 
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,9 +1,10 @@
-version: '3'
-
 services:
+  # Note: MariaDB is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/mariadb
   db:
-    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -14,6 +15,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -23,6 +26,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - VIRTUAL_HOST=
       - LETSENCRYPT_HOST=
@@ -34,6 +38,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
     networks:
       - proxy-tier
       - default
@@ -43,11 +48,15 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
+  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
+  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
+  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -55,18 +64,23 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
+      - dhparam:/etc/nginx/dhparam:z
       - /var/run/docker.sock:/tmp/docker.sock:z,ro
     networks:
       - proxy-tier
 
+  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z
@@ -78,7 +92,7 @@ services:
     depends_on:
       - proxy
 
-# self signed
+# self signed,outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
@@ -100,6 +114,7 @@ volumes:
   acme:
   vhost.d:
   html:
+  dhparam:
 
 networks:
   proxy-tier:

.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,9 +1,10 @@
-version: '3'
-
 services:
+  # Note: MariaDB is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/mariadb
   db:
-    image: mariadb:10.6
-    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -14,6 +15,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -23,6 +26,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - MYSQL_HOST=db
       - REDIS_HOST=redis
@@ -31,11 +35,17 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
 
+  # Note: Nginx is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/nginx/
   web:
-    build: ./web
+    image: nginx:alpine-slim
     restart: always
     volumes:
+      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
+      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     environment:
       - VIRTUAL_HOST=
@@ -52,11 +62,15 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
+  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
+  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
+  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -64,7 +78,7 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
       - certs:/etc/nginx/certs:z,ro
       - vhost.d:/etc/nginx/vhost.d:z
@@ -73,9 +87,13 @@ services:
     networks:
       - proxy-tier
 
+  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
+    environment:
+      - DEFAULT_EMAIL=
     volumes:
       - certs:/etc/nginx/certs:z
       - acme:/etc/acme.sh:z
@@ -87,7 +105,7 @@ services:
     depends_on:
       - proxy
 
-# self signed
+# self signed, outdated. 
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile

@@ -1,3 +0,0 @@
-FROM nginx:alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,13 +33,15 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
 
+    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        server app:9000;
+        zone backends 64k;
+        server app:9000 resolve;
     }
 
     server {
@@ -140,7 +145,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -162,23 +167,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
@@ -186,7 +184,7 @@ http {
             }
         }
 
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml

@@ -1,7 +1,8 @@
-version: '3'
-
 services:
+  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/postgres
   db:
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -9,6 +10,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -18,6 +21,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - VIRTUAL_HOST=
       - LETSENCRYPT_HOST=
@@ -29,6 +33,7 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
     networks:
       - proxy-tier
       - default
@@ -38,11 +43,15 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
+  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
+  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
+  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -50,15 +59,17 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
-      - certs:/etc/nginx/certs:z,ro
+      - certs:/etc/nginx/certs:ro,z
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
       - /var/run/docker.sock:/tmp/docker.sock:z,ro
     networks:
       - proxy-tier
 
+  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -73,7 +84,7 @@ services:
     depends_on:
       - proxy
 
-# self signed
+# self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml

@@ -1,7 +1,8 @@
-version: '3'
-
 services:
+  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/postgres
   db:
+    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -9,6 +10,8 @@ services:
     env_file:
       - db.env
 
+  # Note: Redis is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -18,6 +21,7 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - POSTGRES_HOST=db
       - REDIS_HOST=redis
@@ -26,11 +30,17 @@ services:
     depends_on:
       - db
       - redis
+      - proxy
 
+  # Note: Nginx is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/_/nginx/
   web:
-    build: ./web
+    image: nginx:alpine-slim
     restart: always
     volumes:
+      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
+      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
+      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     environment:
       - VIRTUAL_HOST=
@@ -47,11 +57,15 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
+      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
+  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
+  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
+  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -59,7 +73,7 @@ services:
       - 80:80
       - 443:443
     labels:
-      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
+      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
     volumes:
       - certs:/etc/nginx/certs:z,ro
       - vhost.d:/etc/nginx/vhost.d:z
@@ -68,6 +82,8 @@ services:
     networks:
       - proxy-tier
 
+  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
+  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -77,12 +93,14 @@ services:
       - vhost.d:/etc/nginx/vhost.d:z
       - html:/usr/share/nginx/html:z
       - /var/run/docker.sock:/var/run/docker.sock:z,ro
+    environment:
+      - DEFAULT_EMAIL=
     networks:
       - proxy-tier
     depends_on:
       - proxy
 
-# self signed
+# self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:alpine
+FROM nginxproxy/nginx-proxy:1.7-alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile

@@ -1,3 +0,0 @@
-FROM nginx:alpine
-
-COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -12,6 +12,9 @@ events {
 http {
     include mime.types;
     default_type  application/octet-stream;
+    types {
+        text/javascript mjs;
+    }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -30,13 +33,15 @@ http {
     # Set the `immutable` cache control options only for assets with a cache busting `v` argument
     map $arg_v $asset_immutable {
         "" "";
-    default "immutable";
+    default ", immutable";
     }
 
     #gzip  on;
 
+    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        server app:9000;
+        zone backends 64k;
+        server app:9000 resolve;
     }
 
     server {
@@ -140,7 +145,7 @@ http {
         # to the URI, resulting in a HTTP 500 error response.
         location ~ \.php(?:$|/) {
             # Required for legacy support
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
 
             fastcgi_split_path_info ^(.+?\.php)(/.*)$;
             set $path_info $fastcgi_path_info;
@@ -162,23 +167,16 @@ http {
             fastcgi_max_temp_file_size 0;
         }
 
-        # Javascript mimetype fixes for nginx
-        # Note: The block below should be removed, and the js|mjs section should be
-        # added to the block below this one. This is a temporary fix until Nginx 
-        # upstream fixes the js mime-type
-        location ~* \.(?:js|mjs)$ {
-            types { 
-                text/javascript js mjs;
-            } 
-            try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-            access_log off;
-        }
-
         # Serve static files
-        location ~ \.(?:css|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
+        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
             try_files $uri /index.php$request_uri;
-            add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+            add_header Cache-Control "public, max-age=15778463$asset_immutable";
+            add_header Referrer-Policy                   "no-referrer"       always;
+            add_header X-Content-Type-Options            "nosniff"           always;
+            add_header X-Frame-Options                   "SAMEORIGIN"        always;
+            add_header X-Permitted-Cross-Domain-Policies "none"              always;
+            add_header X-Robots-Tag                      "noindex, nofollow" always;
+            add_header X-XSS-Protection                  "1; mode=block"     always;
             access_log off;     # Optional: Don't log access to assets
 
             location ~ \.wasm$ {
@@ -186,7 +184,7 @@ http {
             }
         }
 
-        location ~ \.woff2?$ {
+        location ~ \.(otf|woff2?)$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.github/ISSUE_TEMPLATE/01-Image_issue.md

@@ -1,6 +1,7 @@
 ---
-name: 🐛 Image issue
-about: Issues related to the Nextcloud Docker image
+name: 🐛 Report a bug in the image
+about: Create a report to help us improve the image
+labels: "bug, 0. Needs triage"
 ---
 
 <!--

.github/ISSUE_TEMPLATE/02-Image_enhancement

@@ -0,0 +1,15 @@
+---
+name: 🚀 Suggest an enhancement
+about: Suggest an idea for improving the image
+labels: "enhancement, 0. Needs triage"
+---
+
+<!--
+Thanks for suggesting an idea to improve the Nextcloud Docker image!
+
+This image is maintained by volunteers so if you're able to assist with implementing your idea, please mention that (and consider submitting a PR as well).
+
+Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to suggestion enhancements in Nextcloud Server itself. 
+
+To learn more about official images, see https://github.com/docker-library/faq
+-->

.github/ISSUE_TEMPLATE/config.yml

@@ -1,10 +1,22 @@
 contact_links:
-    - name: 🐛 Nextcloud issue
-      url: https://github.com/nextcloud/server/issues/new/choose
-      about: Bug reports and feature requests for Nextcloud
-    - name: 🐳 Docker Support and Help
-      url: https://forums.docker.com/
-      about: Configuration, installation, networking and other questions
-    - name: ❓ Nextcloud Support and Help
+    - name: ❓ Ask a question
       url: https://help.nextcloud.com/
-      about: Configuration, webserver/proxy or performance issues and other questions
+      about: Ask a question, get assistance or start a discussion regarding Nextcloud and/or this image
+    - name: Documentation - Nextcloud Server
+      url: https://docs.nextcloud.com/
+      about: Official documentation for Nextcloud Server
+    - name: Documentation - Nextcloud Docker Image
+      url: https://github.com/nextcloud/docker/blob/master/README.md
+      about: Official documentation for this image
+    - name: 🐳 Documentation - Docker
+      url: https://docs.docker.com/
+      about: Official documentation for Docker (installing, configuring, troubleshooting)  
+    - name: 🐳 Docker Forum
+      url: https://forums.docker.com/
+      about: Ask a question, get assistance or start a discussion regarding Docker
+    - name: 🐛 Bug Report - Nextcloud Server
+      url: https://github.com/nextcloud/server/issues/new/choose
+      about: Report a bug in Nextcloud Server
+    - name: Enhancement Idea - Nextcloud Server
+      url: https://github.com/nextcloud/server/issues/new/choose
+      about: Suggest an enhancement idea for Nextcloud Server

.github/workflows/command-rebase.yml

@@ -1,51 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Rebase command
-
-on:
-  issue_comment:
-    types: created
-
-permissions:
-  contents: read
-
-jobs:
-  rebase:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: none
-
-    # On pull requests and if the comment starts with `/rebase`
-    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
-
-    steps:
-      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "+1"
-
-      - name: Checkout the latest code
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-        with:
-          fetch-depth: 0
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
-        env:
-          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
-
-      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
-        if: failure()
-        with:
-          token: ${{ secrets.COMMAND_BOT_PAT }}
-          repository: ${{ github.event.repository.full_name }}
-          comment-id: ${{ github.event.comment.id }}
-          reaction-type: "-1"

.github/workflows/images.yml

@@ -20,8 +20,8 @@ jobs:
     outputs:
       strategy: ${{ steps.generate-jobs.outputs.strategy }}
     steps:
-      - uses: actions/checkout@v3
-      - uses: docker-library/bashbrew@v0.1.5
+      - uses: actions/checkout@v4
+      - uses: docker-library/bashbrew@HEAD
       - id: generate-jobs
         name: Generate Jobs
         run: |
@@ -36,7 +36,7 @@ jobs:
     name: ${{ matrix.name }}
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Prepare Environment
         run: ${{ matrix.runs.prepare }}
       - name: Run update.sh script

.github/workflows/update-sh.yml

@@ -5,7 +5,7 @@ on:
     branches:
     - master
   schedule:
-  - cron:  '15 0 * * *'
+  - cron:  '15 18 * * *'
   workflow_dispatch:
 
 jobs:
@@ -13,7 +13,7 @@ jobs:
     name: Run update.sh script
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Run update.sh script
       run: ./update.sh
     - name: Commit files

.travis/test-example-dockerfiles.sh

@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-set -e
-
-image="$1"
-
-cd .examples/dockerfiles
-
-dirs=( */ )
-dirs=( "${dirs[@]%/}" )
-for dir in "${dirs[@]}"; do
-    if [ -d "$dir/$VARIANT" ]; then
-        (
-            cd "$dir/$VARIANT"
-            sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
-            docker build -t "$image-$dir" .
-        )
-    fi
-done

26/fpm/Dockerfile

@@ -1,157 +0,0 @@
-# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-fpm-bookworm
-
-# entrypoint.sh and cron.sh dependencies
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        busybox-static \
-        bzip2 \
-        libldap-common \
-        libmagickcore-6.q16-6-extra \
-        rsync \
-    ; \
-    rm -rf /var/lib/apt/lists/*; \
-    \
-    mkdir -p /var/spool/cron/crontabs; \
-    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
-
-# install the PHP extensions we need
-# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 512M
-RUN set -ex; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        libcurl4-openssl-dev \
-        libevent-dev \
-        libfreetype6-dev \
-        libgmp-dev \
-        libicu-dev \
-        libjpeg-dev \
-        libldap2-dev \
-        libmagickwand-dev \
-        libmcrypt-dev \
-        libmemcached-dev \
-        libpng-dev \
-        libpq-dev \
-        libwebp-dev \
-        libxml2-dev \
-        libzip-dev \
-    ; \
-    \
-    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
-    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
-    docker-php-ext-install -j "$(nproc)" \
-        bcmath \
-        exif \
-        gd \
-        gmp \
-        intl \
-        ldap \
-        opcache \
-        pcntl \
-        pdo_mysql \
-        pdo_pgsql \
-        sysvsem \
-        zip \
-    ; \
-    \
-# pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
-    pecl install imagick-3.7.0; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
-    \
-    docker-php-ext-enable \
-        apcu \
-        imagick \
-        memcached \
-        redis \
-    ; \
-    rm -r /tmp/pear; \
-    \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-    apt-mark auto '.*' > /dev/null; \
-    apt-mark manual $savedAptMark; \
-    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
-        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
-        | sort -u \
-        | xargs -r dpkg-query --search \
-        | cut -d: -f1 \
-        | sort -u \
-        | xargs -rt apt-mark manual; \
-    \
-    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
-
-# set recommended PHP.ini settings
-# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
-RUN { \
-        echo 'opcache.enable=1'; \
-        echo 'opcache.interned_strings_buffer=32'; \
-        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
-        echo 'opcache.save_comments=1'; \
-        echo 'opcache.revalidate_freq=60'; \
-        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
-    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
-    \
-    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
-    \
-    { \
-        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
-        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
-        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
-    } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \
-    \
-    mkdir /var/www/data; \
-    mkdir -p /docker-entrypoint-hooks.d/pre-installation \
-             /docker-entrypoint-hooks.d/post-installation \
-             /docker-entrypoint-hooks.d/pre-upgrade \
-             /docker-entrypoint-hooks.d/post-upgrade \
-             /docker-entrypoint-hooks.d/before-starting; \
-    chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www
-
-VOLUME /var/www/html
-
-
-ENV NEXTCLOUD_VERSION 26.0.12
-
-RUN set -ex; \
-    fetchDeps=" \
-        gnupg \
-        dirmngr \
-    "; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends $fetchDeps; \
-    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.12.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.12.tar.bz2.asc"; \
-    export GNUPGHOME="$(mktemp -d)"; \
-# gpg key from https://nextcloud.com/nextcloud.asc
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
-    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
-    gpgconf --kill all; \
-    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
-    mkdir -p /usr/src/nextcloud/data; \
-    mkdir -p /usr/src/nextcloud/custom_apps; \
-    chmod +x /usr/src/nextcloud/occ; \
-    \
-    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
-
-COPY *.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["php-fpm"]

27/apache/Dockerfile

@@ -1,172 +0,0 @@
-# DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-apache-bookworm
-
-# entrypoint.sh and cron.sh dependencies
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        busybox-static \
-        bzip2 \
-        libldap-common \
-        libmagickcore-6.q16-6-extra \
-        rsync \
-    ; \
-    rm -rf /var/lib/apt/lists/*; \
-    \
-    mkdir -p /var/spool/cron/crontabs; \
-    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
-
-# install the PHP extensions we need
-# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 512M
-RUN set -ex; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        libcurl4-openssl-dev \
-        libevent-dev \
-        libfreetype6-dev \
-        libgmp-dev \
-        libicu-dev \
-        libjpeg-dev \
-        libldap2-dev \
-        libmagickwand-dev \
-        libmcrypt-dev \
-        libmemcached-dev \
-        libpng-dev \
-        libpq-dev \
-        libwebp-dev \
-        libxml2-dev \
-        libzip-dev \
-    ; \
-    \
-    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
-    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
-    docker-php-ext-install -j "$(nproc)" \
-        bcmath \
-        exif \
-        gd \
-        gmp \
-        intl \
-        ldap \
-        opcache \
-        pcntl \
-        pdo_mysql \
-        pdo_pgsql \
-        sysvsem \
-        zip \
-    ; \
-    \
-# pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
-    pecl install imagick-3.7.0; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
-    \
-    docker-php-ext-enable \
-        apcu \
-        imagick \
-        memcached \
-        redis \
-    ; \
-    rm -r /tmp/pear; \
-    \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-    apt-mark auto '.*' > /dev/null; \
-    apt-mark manual $savedAptMark; \
-    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
-        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
-        | sort -u \
-        | xargs -r dpkg-query --search \
-        | cut -d: -f1 \
-        | sort -u \
-        | xargs -rt apt-mark manual; \
-    \
-    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
-
-# set recommended PHP.ini settings
-# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
-RUN { \
-        echo 'opcache.enable=1'; \
-        echo 'opcache.interned_strings_buffer=32'; \
-        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
-        echo 'opcache.save_comments=1'; \
-        echo 'opcache.revalidate_freq=60'; \
-        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
-    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
-    \
-    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
-    \
-    { \
-        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
-        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
-        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
-    } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \
-    \
-    mkdir /var/www/data; \
-    mkdir -p /docker-entrypoint-hooks.d/pre-installation \
-             /docker-entrypoint-hooks.d/post-installation \
-             /docker-entrypoint-hooks.d/pre-upgrade \
-             /docker-entrypoint-hooks.d/post-upgrade \
-             /docker-entrypoint-hooks.d/before-starting; \
-    chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www
-
-VOLUME /var/www/html
-
-RUN a2enmod headers rewrite remoteip ; \
-    { \
-     echo 'RemoteIPHeader X-Real-IP'; \
-     echo 'RemoteIPInternalProxy 10.0.0.0/8'; \
-     echo 'RemoteIPInternalProxy 172.16.0.0/12'; \
-     echo 'RemoteIPInternalProxy 192.168.0.0/16'; \
-    } > /etc/apache2/conf-available/remoteip.conf; \
-    a2enconf remoteip
-
-# set apache config LimitRequestBody
-ENV APACHE_BODY_LIMIT 1073741824
-RUN { \
-     echo 'LimitRequestBody ${APACHE_BODY_LIMIT}'; \
-    } > /etc/apache2/conf-available/apache-limits.conf; \
-    a2enconf apache-limits
-
-ENV NEXTCLOUD_VERSION 27.1.7
-
-RUN set -ex; \
-    fetchDeps=" \
-        gnupg \
-        dirmngr \
-    "; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends $fetchDeps; \
-    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-27.1.7.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-27.1.7.tar.bz2.asc"; \
-    export GNUPGHOME="$(mktemp -d)"; \
-# gpg key from https://nextcloud.com/nextcloud.asc
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
-    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
-    gpgconf --kill all; \
-    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
-    mkdir -p /usr/src/nextcloud/data; \
-    mkdir -p /usr/src/nextcloud/custom_apps; \
-    chmod +x /usr/src/nextcloud/occ; \
-    \
-    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
-
-COPY *.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["apache2-foreground"]

27/fpm-alpine/config/redis.config.php

@@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}

27/fpm-alpine/config/reverse-proxy.config.php

@@ -1,30 +0,0 @@
-<?php
-$overwriteHost = getenv('OVERWRITEHOST');
-if ($overwriteHost) {
-  $CONFIG['overwritehost'] = $overwriteHost;
-}
-
-$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
-if ($overwriteProtocol) {
-  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
-}
-
-$overwriteCliUrl = getenv('OVERWRITECLIURL');
-if ($overwriteCliUrl) {
-  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
-}
-
-$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
-if ($overwriteWebRoot) {
-  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
-}
-
-$overwriteCondAddr = getenv('OVERWRITECONDADDR');
-if ($overwriteCondAddr) {
-  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
-}
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}

27/fpm-alpine/config/s3.config.php

@@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}

27/fpm-alpine/config/smtp.config.php

@@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}

27/fpm-alpine/entrypoint.sh

@@ -1,285 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
-exec "$@"

27/fpm/config/redis.config.php

@@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}

27/fpm/config/reverse-proxy.config.php

@@ -1,30 +0,0 @@
-<?php
-$overwriteHost = getenv('OVERWRITEHOST');
-if ($overwriteHost) {
-  $CONFIG['overwritehost'] = $overwriteHost;
-}
-
-$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
-if ($overwriteProtocol) {
-  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
-}
-
-$overwriteCliUrl = getenv('OVERWRITECLIURL');
-if ($overwriteCliUrl) {
-  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
-}
-
-$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
-if ($overwriteWebRoot) {
-  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
-}
-
-$overwriteCondAddr = getenv('OVERWRITECONDADDR');
-if ($overwriteCondAddr) {
-  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
-}
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}

27/fpm/config/s3.config.php

@@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}

27/fpm/config/smtp.config.php

@@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}

27/fpm/entrypoint.sh

@@ -1,285 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
-exec "$@"

28/apache/config/apache-pretty-urls.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'htaccess.RewriteBase' => '/',
-);

28/apache/config/apcu.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'memcache.local' => '\OC\Memcache\APCu',
-);

28/apache/config/apps.config.php

@@ -1,15 +0,0 @@
-<?php
-$CONFIG = array (
-  'apps_paths' => array (
-      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
-              'url'      => '/apps',
-              'writable' => false,
-      ),
-      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
-              'url'      => '/custom_apps',
-              'writable' => true,
-      ),
-  ),
-);

28/apache/config/autoconfig.php

@@ -1,41 +0,0 @@
-<?php
-
-$autoconfig_enabled = false;
-
-if (getenv('SQLITE_DATABASE')) {
-    $AUTOCONFIG['dbtype'] = 'sqlite';
-    $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
-    $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
-    $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
-    $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
-    $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-}
-
-if ($autoconfig_enabled) {
-    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
-}

28/apache/config/redis.config.php

@@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}

28/apache/config/reverse-proxy.config.php

@@ -1,30 +0,0 @@
-<?php
-$overwriteHost = getenv('OVERWRITEHOST');
-if ($overwriteHost) {
-  $CONFIG['overwritehost'] = $overwriteHost;
-}
-
-$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
-if ($overwriteProtocol) {
-  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
-}
-
-$overwriteCliUrl = getenv('OVERWRITECLIURL');
-if ($overwriteCliUrl) {
-  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
-}
-
-$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
-if ($overwriteWebRoot) {
-  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
-}
-
-$overwriteCondAddr = getenv('OVERWRITECONDADDR');
-if ($overwriteCondAddr) {
-  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
-}
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}

28/apache/config/s3.config.php

@@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}

28/apache/config/smtp.config.php

@@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}

28/apache/config/swift.config.php

@@ -1,31 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_SWIFT_URL')) {
-    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => [
-      'class' => 'OC\\Files\\ObjectStore\\Swift',
-      'arguments' => [
-        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
-        'user' => [
-          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
-          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
-          'domain' => [
-            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
-          ],
-        ],
-        'scope' => [
-          'project' => [
-            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
-            'domain' => [
-              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
-            ],
-          ],
-        ],
-        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
-        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
-        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
-        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
-      ]
-    ]
-  );
-}

28/apache/config/upgrade-disable-web.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'upgrade.disable-web' => true,
-);

28/apache/cron.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-set -eu
-
-exec busybox crond -f -L /dev/stdout

28/apache/entrypoint.sh

@@ -1,285 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
-exec "$@"

28/apache/upgrade.exclude

@@ -1,6 +0,0 @@
-/config/
-/data/
-/custom_apps/
-/themes/
-/version.php
-/nextcloud-init-sync.lock

28/fpm-alpine/Dockerfile

@@ -1,141 +0,0 @@
-# DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.19
-
-# entrypoint.sh and cron.sh dependencies
-RUN set -ex; \
-    \
-    apk add --no-cache \
-        imagemagick \
-        rsync \
-    ; \
-    \
-    rm /var/spool/cron/crontabs/root; \
-    echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
-
-# install the PHP extensions we need
-# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-RUN set -ex; \
-    \
-    apk add --no-cache --virtual .build-deps \
-        $PHPIZE_DEPS \
-        autoconf \
-        freetype-dev \
-        gmp-dev \
-        icu-dev \
-        imagemagick-dev \
-        libevent-dev \
-        libjpeg-turbo-dev \
-        libmcrypt-dev \
-        libmemcached-dev \
-        libpng-dev \
-        libwebp-dev \
-        libxml2-dev \
-        libzip-dev \
-        openldap-dev \
-        pcre-dev \
-        postgresql-dev \
-    ; \
-    \
-    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ldap; \
-    docker-php-ext-install -j "$(nproc)" \
-        bcmath \
-        exif \
-        gd \
-        gmp \
-        intl \
-        ldap \
-        opcache \
-        pcntl \
-        pdo_mysql \
-        pdo_pgsql \
-        sysvsem \
-        zip \
-    ; \
-    \
-# pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
-    pecl install imagick-3.7.0; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
-    \
-    docker-php-ext-enable \
-        apcu \
-        imagick \
-        memcached \
-        redis \
-    ; \
-    rm -r /tmp/pear; \
-    \
-    runDeps="$( \
-        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
-            | tr ',' '\n' \
-            | sort -u \
-            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-    )"; \
-    apk add --no-network --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del --no-network .build-deps
-
-# set recommended PHP.ini settings
-# see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 512M
-RUN { \
-        echo 'opcache.enable=1'; \
-        echo 'opcache.interned_strings_buffer=32'; \
-        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
-        echo 'opcache.save_comments=1'; \
-        echo 'opcache.revalidate_freq=60'; \
-        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
-    } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
-    \
-    echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
-    \
-    { \
-        echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
-        echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
-        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
-    } > "${PHP_INI_DIR}/conf.d/nextcloud.ini"; \
-    \
-    mkdir /var/www/data; \
-    mkdir -p /docker-entrypoint-hooks.d/pre-installation \
-             /docker-entrypoint-hooks.d/post-installation \
-             /docker-entrypoint-hooks.d/pre-upgrade \
-             /docker-entrypoint-hooks.d/post-upgrade \
-             /docker-entrypoint-hooks.d/before-starting; \
-    chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www
-
-VOLUME /var/www/html
-
-
-ENV NEXTCLOUD_VERSION 28.0.3
-
-RUN set -ex; \
-    apk add --no-cache --virtual .fetch-deps \
-        bzip2 \
-        gnupg \
-    ; \
-    \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2.asc"; \
-    export GNUPGHOME="$(mktemp -d)"; \
-# gpg key from https://nextcloud.com/nextcloud.asc
-    gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
-    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
-    gpgconf --kill all; \
-    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
-    mkdir -p /usr/src/nextcloud/data; \
-    mkdir -p /usr/src/nextcloud/custom_apps; \
-    chmod +x /usr/src/nextcloud/occ; \
-    apk del --no-network .fetch-deps
-
-COPY *.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["php-fpm"]

28/fpm-alpine/config/apcu.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'memcache.local' => '\OC\Memcache\APCu',
-);

28/fpm-alpine/config/apps.config.php

@@ -1,15 +0,0 @@
-<?php
-$CONFIG = array (
-  'apps_paths' => array (
-      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
-              'url'      => '/apps',
-              'writable' => false,
-      ),
-      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
-              'url'      => '/custom_apps',
-              'writable' => true,
-      ),
-  ),
-);

28/fpm-alpine/config/autoconfig.php

@@ -1,41 +0,0 @@
-<?php
-
-$autoconfig_enabled = false;
-
-if (getenv('SQLITE_DATABASE')) {
-    $AUTOCONFIG['dbtype'] = 'sqlite';
-    $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
-    $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
-    $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
-    $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
-    $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-}
-
-if ($autoconfig_enabled) {
-    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
-}

28/fpm-alpine/config/redis.config.php

@@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}

28/fpm-alpine/config/reverse-proxy.config.php

@@ -1,30 +0,0 @@
-<?php
-$overwriteHost = getenv('OVERWRITEHOST');
-if ($overwriteHost) {
-  $CONFIG['overwritehost'] = $overwriteHost;
-}
-
-$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
-if ($overwriteProtocol) {
-  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
-}
-
-$overwriteCliUrl = getenv('OVERWRITECLIURL');
-if ($overwriteCliUrl) {
-  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
-}
-
-$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
-if ($overwriteWebRoot) {
-  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
-}
-
-$overwriteCondAddr = getenv('OVERWRITECONDADDR');
-if ($overwriteCondAddr) {
-  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
-}
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}

28/fpm-alpine/config/s3.config.php

@@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}

28/fpm-alpine/config/smtp.config.php

@@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}

28/fpm-alpine/config/swift.config.php

@@ -1,31 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_SWIFT_URL')) {
-    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => [
-      'class' => 'OC\\Files\\ObjectStore\\Swift',
-      'arguments' => [
-        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
-        'user' => [
-          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
-          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
-          'domain' => [
-            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
-          ],
-        ],
-        'scope' => [
-          'project' => [
-            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
-            'domain' => [
-              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
-            ],
-          ],
-        ],
-        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
-        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
-        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
-        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
-      ]
-    ]
-  );
-}

28/fpm-alpine/config/upgrade-disable-web.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'upgrade.disable-web' => true,
-);

28/fpm-alpine/cron.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-set -eu
-
-exec busybox crond -f -L /dev/stdout

28/fpm-alpine/entrypoint.sh

@@ -1,285 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
-exec "$@"

28/fpm-alpine/upgrade.exclude

@@ -1,6 +0,0 @@
-/config/
-/data/
-/custom_apps/
-/themes/
-/version.php
-/nextcloud-init-sync.lock

28/fpm/config/apcu.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'memcache.local' => '\OC\Memcache\APCu',
-);

28/fpm/config/apps.config.php

@@ -1,15 +0,0 @@
-<?php
-$CONFIG = array (
-  'apps_paths' => array (
-      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
-              'url'      => '/apps',
-              'writable' => false,
-      ),
-      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
-              'url'      => '/custom_apps',
-              'writable' => true,
-      ),
-  ),
-);

28/fpm/config/autoconfig.php

@@ -1,41 +0,0 @@
-<?php
-
-$autoconfig_enabled = false;
-
-if (getenv('SQLITE_DATABASE')) {
-    $AUTOCONFIG['dbtype'] = 'sqlite';
-    $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
-    $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
-    $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
-    $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
-    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
-    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
-    $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
-    $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
-    $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
-    $autoconfig_enabled = true;
-}
-
-if ($autoconfig_enabled) {
-    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
-}

28/fpm/config/redis.config.php

@@ -1,17 +0,0 @@
-<?php
-if (getenv('REDIS_HOST')) {
-  $CONFIG = array(
-    'memcache.distributed' => '\OC\Memcache\Redis',
-    'memcache.locking' => '\OC\Memcache\Redis',
-    'redis' => array(
-      'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-    ),
-  );
-
-  if (getenv('REDIS_HOST_PORT') !== false) {
-    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
-  } elseif (getenv('REDIS_HOST')[0] != '/') {
-    $CONFIG['redis']['port'] = 6379;
-  }
-}

28/fpm/config/reverse-proxy.config.php

@@ -1,30 +0,0 @@
-<?php
-$overwriteHost = getenv('OVERWRITEHOST');
-if ($overwriteHost) {
-  $CONFIG['overwritehost'] = $overwriteHost;
-}
-
-$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
-if ($overwriteProtocol) {
-  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
-}
-
-$overwriteCliUrl = getenv('OVERWRITECLIURL');
-if ($overwriteCliUrl) {
-  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
-}
-
-$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
-if ($overwriteWebRoot) {
-  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
-}
-
-$overwriteCondAddr = getenv('OVERWRITECONDADDR');
-if ($overwriteCondAddr) {
-  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
-}
-
-$trustedProxies = getenv('TRUSTED_PROXIES');
-if ($trustedProxies) {
-  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
-}

28/fpm/config/s3.config.php

@@ -1,48 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_S3_BUCKET')) {
-  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
-  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
-  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
-  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => array(
-      'class' => '\OC\Files\ObjectStore\S3',
-      'arguments' => array(
-        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
-        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
-        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
-        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
-        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
-        // required for some non Amazon S3 implementations
-        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
-        // required for older protocol versions
-        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
-      )
-    )
-  );
-
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
-    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
-  } else {
-    $CONFIG['objectstore']['arguments']['key'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
-    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
-    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
-  } else {
-    $CONFIG['objectstore']['arguments']['secret'] = '';
-  }
-
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
-  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  }
-}

28/fpm/config/smtp.config.php

@@ -1,22 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
-      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
-  } elseif (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}

28/fpm/config/swift.config.php

@@ -1,31 +0,0 @@
-<?php
-if (getenv('OBJECTSTORE_SWIFT_URL')) {
-    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
-  $CONFIG = array(
-    'objectstore' => [
-      'class' => 'OC\\Files\\ObjectStore\\Swift',
-      'arguments' => [
-        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
-        'user' => [
-          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
-          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
-          'domain' => [
-            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
-          ],
-        ],
-        'scope' => [
-          'project' => [
-            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
-            'domain' => [
-              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
-            ],
-          ],
-        ],
-        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
-        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
-        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
-        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
-      ]
-    ]
-  );
-}

28/fpm/config/upgrade-disable-web.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'upgrade.disable-web' => true,
-);

28/fpm/cron.sh

@@ -1,4 +0,0 @@
-#!/bin/sh
-set -eu
-
-exec busybox crond -f -L /dev/stdout

28/fpm/entrypoint.sh

@@ -1,285 +0,0 @@
-#!/bin/sh
-set -eu
-
-# version_greater A B returns whether A > B
-version_greater() {
-    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
-}
-
-# return true if specified directory is empty
-directory_empty() {
-    [ -z "$(ls -A "$1/")" ]
-}
-
-run_as() {
-    if [ "$(id -u)" = 0 ]; then
-        su -p "$user" -s /bin/sh -c "$1"
-    else
-        sh -c "$1"
-    fi
-}
-
-# Execute all executable files in a given directory in alphanumeric order
-run_path() {
-    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
-    local return_code=0
-
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-        return 0
-    fi
-
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
-            if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                continue
-            fi
-
-            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
-            run_as "${script_file_path}" || return_code="$?"
-
-            if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
-                exit 1
-            fi
-
-            echo "==> Finished the script: \"${script_file_path}\""
-        done
-    )
-}
-
-# usage: file_env VAR [DEFAULT]
-#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
-    local var="$1"
-    local fileVar="${var}_FILE"
-    local def="${2:-}"
-    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
-    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
-    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
-        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
-        exit 1
-    fi
-    if [ -n "${varValue}" ]; then
-        export "$var"="${varValue}"
-    elif [ -n "${fileVarValue}" ]; then
-        export "$var"="$(cat "${fileVarValue}")"
-    elif [ -n "${def}" ]; then
-        export "$var"="$def"
-    fi
-    unset "$fileVar"
-}
-
-if expr "$1" : "apache" 1>/dev/null; then
-    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
-        a2disconf remoteip
-    fi
-fi
-
-if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
-    uid="$(id -u)"
-    gid="$(id -g)"
-    if [ "$uid" = '0' ]; then
-        case "$1" in
-            apache2*)
-                user="${APACHE_RUN_USER:-www-data}"
-                group="${APACHE_RUN_GROUP:-www-data}"
-
-                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
-                user="${user#'#'}"
-                group="${group#'#'}"
-                ;;
-            *) # php-fpm
-                user='www-data'
-                group='www-data'
-                ;;
-        esac
-    else
-        user="$uid"
-        group="$gid"
-    fi
-
-    if [ -n "${REDIS_HOST+x}" ]; then
-
-        echo "Configuring Redis as session handler"
-        {
-            file_env REDIS_HOST_PASSWORD
-            echo 'session.save_handler = redis'
-            # check if redis host is an unix socket path
-            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
-              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-              else
-                echo "session.save_path = \"unix://${REDIS_HOST}\""
-              fi
-            # check if redis password has been set
-            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-            else
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
-            fi
-            echo "redis.session.locking_enabled = 1"
-            echo "redis.session.lock_retries = -1"
-            # redis.session.lock_wait_time is specified in microseconds.
-            # Wait 10ms before retrying the lock rather than the default 2ms.
-            echo "redis.session.lock_wait_time = 10000"
-        } > /usr/local/etc/php/conf.d/redis-session.ini
-    fi
-
-    # If another process is syncing the html folder, wait for
-    # it to be done, then escape initalization.
-    (
-        if ! flock -n 9; then
-            # If we couldn't get it immediately, show a message, then wait for real
-            echo "Another process is initializing Nextcloud. Waiting..."
-            flock 9
-        fi
-
-        installed_version="0.0.0.0"
-        if [ -f /var/www/html/version.php ]; then
-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-        fi
-        # shellcheck disable=SC2016
-        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
-
-        if version_greater "$installed_version" "$image_version"; then
-            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
-            exit 1
-        fi
-
-        if version_greater "$image_version" "$installed_version"; then
-            echo "Initializing nextcloud $image_version ..."
-            if [ "$installed_version" != "0.0.0.0" ]; then
-                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
-                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
-                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
-                    exit 1
-                fi
-                echo "Upgrading nextcloud from $installed_version ..."
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
-            fi
-            if [ "$(id -u)" = 0 ]; then
-                rsync_options="-rlDog --chown $user:$group"
-            else
-                rsync_options="-rlD"
-            fi
-
-            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
-            for dir in config data custom_apps themes; do
-                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-                fi
-            done
-            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-
-            # Install
-            if [ "$installed_version" = "0.0.0.0" ]; then
-                echo "New nextcloud instance"
-
-                file_env NEXTCLOUD_ADMIN_PASSWORD
-                file_env NEXTCLOUD_ADMIN_USER
-
-                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
-                    # shellcheck disable=SC2016
-                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
-                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
-                    fi
-
-                    file_env MYSQL_DATABASE
-                    file_env MYSQL_PASSWORD
-                    file_env MYSQL_USER
-                    file_env POSTGRES_DB
-                    file_env POSTGRES_PASSWORD
-                    file_env POSTGRES_USER
-
-                    install=false
-                    if [ -n "${SQLITE_DATABASE+x}" ]; then
-                        echo "Installing with SQLite database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
-                        install=true
-                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
-                        echo "Installing with MySQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
-                        install=true
-                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
-                        echo "Installing with PostgreSQL database"
-                        # shellcheck disable=SC2016
-                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
-                        install=true
-                    fi
-
-                    if [ "$install" = true ]; then
-                        run_path pre-installation
-
-                        echo "Starting nextcloud installation"
-                        max_retries=10
-                        try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
-                        do
-                            echo "Retrying install..."
-                            try=$((try+1))
-                            sleep 10s
-                        done
-                        if [ "$try" -gt "$max_retries" ]; then
-                            echo "Installing of nextcloud failed!"
-                            exit 1
-                        fi
-                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
-                            echo "Setting trusted domains…"
-                            NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
-                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
-                            done
-                        fi
-
-                        run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
-                fi
-            # Upgrade
-            else
-                run_path pre-upgrade
-
-                run_as 'php /var/www/html/occ upgrade'
-
-                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-                echo "The following apps have been disabled:"
-                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-                rm -f /tmp/list_before /tmp/list_after
-
-                run_path post-upgrade
-            fi
-
-            echo "Initializing finished"
-        fi
-
-        # Update htaccess after init if requested
-        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
-            run_as 'php /var/www/html/occ maintenance:update:htaccess'
-        fi
-    ) 9> /var/www/html/nextcloud-init-sync.lock
-
-    run_path before-starting
-fi
-
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
-exec "$@"

28/fpm/upgrade.exclude

@@ -1,6 +0,0 @@
-/config/
-/data/
-/custom_apps/
-/themes/
-/version.php
-/nextcloud-init-sync.lock

31/apache/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.2-apache-bookworm
+FROM php:8.3-apache-trixie
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -9,10 +9,10 @@ RUN set -ex; \
         busybox-static \
         bzip2 \
         libldap-common \
-        libmagickcore-6.q16-6-extra \
+        libmagickcore-7.q16-10-extra \
         rsync \
     ; \
-    rm -rf /var/lib/apt/lists/*; \
+    apt-get dist-clean; \
     \
     mkdir -p /var/spool/cron/crontabs; \
     echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@@ -21,6 +21,7 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
+ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -34,8 +35,8 @@ RUN set -ex; \
         libicu-dev \
         libjpeg-dev \
         libldap2-dev \
+        liblz4-dev \
         libmagickwand-dev \
-        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libpq-dev \
@@ -45,16 +46,17 @@ RUN set -ex; \
     ; \
     \
     debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
+    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
     docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
     docker-php-ext-install -j "$(nproc)" \
         bcmath \
         exif \
+        ftp \
         gd \
         gmp \
         intl \
         ldap \
-        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -63,13 +65,17 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
-    pecl install imagick-3.7.0; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
+    pecl install APCu-5.1.28; \
+    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.8.1; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+        memcached-3.4.0; \
+    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
+        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
+        igbinary \
         imagick \
         memcached \
         redis \
@@ -82,13 +88,14 @@ RUN set -ex; \
     ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
         | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
         | sort -u \
-        | xargs -r dpkg-query --search \
-        | cut -d: -f1 \
+        | xargs -rt dpkg-query --search \
+# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
+        | awk 'sub(":$", "", $1) { print $1 }' \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@@ -96,15 +103,20 @@ RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
+    { \
+        echo 'apc.serializer=igbinary'; \
+        echo 'session.serialize_handler=igbinary'; \
+    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
+    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -138,7 +150,7 @@ RUN { \
     } > /etc/apache2/conf-available/apache-limits.conf; \
     a2enconf apache-limits
 
-ENV NEXTCLOUD_VERSION 28.0.3
+ENV NEXTCLOUD_VERSION 31.0.12
 
 RUN set -ex; \
     fetchDeps=" \
@@ -148,8 +160,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@@ -163,7 +175,7 @@ RUN set -ex; \
     chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    rm -rf /var/lib/apt/lists/*
+    apt-get dist-clean
 
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/

31/apache/config/redis.config.php

@@ -5,7 +5,7 @@ if (getenv('REDIS_HOST')) {
     'memcache.locking' => '\OC\Memcache\Redis',
     'redis' => array(
       'host' => getenv('REDIS_HOST'),
-      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
     ),
   );
 
@@ -14,4 +14,8 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
+
+  if (getenv('REDIS_HOST_USER') !== false) {
+    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
+  }
 }

31/apache/config/reverse-proxy.config.php

@@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
   $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
+
+$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+if ($forwardedForHeaders) {
+  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+}

31/apache/config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        'autocreate' => strtolower($autocreate) !== 'false',
+        'use_ssl' => strtolower($use_ssl) !== 'false',
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions
@@ -24,7 +24,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     )
   );
 
-  if (getenv('OBJECTSTORE_S3_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_KEY')) {
     $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
@@ -32,7 +32,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['key'] = '';
   }
 
-  if (getenv('OBJECTSTORE_S3_SECRET_FILE') && file_exists(getenv('OBJECTSTORE_S3_SECRET_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
     $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
     $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
@@ -40,7 +40,7 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
     $CONFIG['objectstore']['arguments']['secret'] = '';
   }
 
-  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE') && file_exists(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE'))) {
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
   } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
     $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');

31/apache/config/smtp.config.php

@@ -5,14 +5,14 @@ if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN'))
     'mail_smtphost' => getenv('SMTP_HOST'),
     'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
     'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE')))),
+    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
     'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
     'mail_smtpname' => getenv('SMTP_NAME') ?: '',
     'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
     'mail_domain' => getenv('MAIL_DOMAIN'),
   );
 
-  if (getenv('SMTP_PASSWORD_FILE') && file_exists(getenv('SMTP_PASSWORD_FILE'))) {
+  if (getenv('SMTP_PASSWORD_FILE')) {
       $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
   } elseif (getenv('SMTP_PASSWORD')) {
       $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');

31/apache/entrypoint.sh

@@ -23,32 +23,39 @@ run_as() {
 run_path() {
     local hook_folder_path="/docker-entrypoint-hooks.d/$1"
     local return_code=0
+    local found=0
 
-    if ! [ -d "${hook_folder_path}" ]; then
-        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
+
+    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
+        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
         return 0
     fi
 
-    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-
-    (
-        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
+    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
+        while read -r script_file_path; do
             if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
+                found=$((found-1))
                 continue
             fi
 
             echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-
+            found=$((found+1))
             run_as "${script_file_path}" || return_code="$?"
 
             if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
                 exit 1
             fi
 
-            echo "==> Finished the script: \"${script_file_path}\""
+            echo "==> Finished executing the script: \"${script_file_path}\""
         done
+        if [ "$found" -lt "1" ]; then
+            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
+        else
+            echo "=> Completed executing scripts in the \"$1\" folder"
+        fi
     )
 }
 
@@ -114,13 +121,21 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
+                else
+                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+                fi
               else
                 echo "session.save_path = \"unix://${REDIS_HOST}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
+                else
+                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+                fi
             else
                 echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
             fi
@@ -186,6 +201,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                 file_env NEXTCLOUD_ADMIN_PASSWORD
                 file_env NEXTCLOUD_ADMIN_USER
 
+                install=false
                 if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
                     # shellcheck disable=SC2016
                     install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
@@ -201,7 +217,6 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                     file_env POSTGRES_PASSWORD
                     file_env POSTGRES_USER
 
-                    install=false
                     if [ -n "${SQLITE_DATABASE+x}" ]; then
                         echo "Installing with SQLite database"
                         # shellcheck disable=SC2016
@@ -225,7 +240,7 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         echo "Starting nextcloud installation"
                         max_retries=10
                         try=0
-                        until run_as "php /var/www/html/occ maintenance:install $install_options" || [ "$try" -gt "$max_retries" ]
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
                         do
                             echo "Retrying install..."
                             try=$((try+1))
@@ -237,18 +252,23 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         fi
                         if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                             echo "Setting trusted domains…"
+			    set -f # turn off glob
                             NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
+                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
                                 NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                             done
+			    set +f # turn glob back on
                         fi
 
                         run_path post-installation
-                    else
-                        echo "Please run the web-based installer on first connect!"
-                    fi
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
                 fi
             # Upgrade
             else
@@ -273,13 +293,18 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
         fi
     ) 9> /var/www/html/nextcloud-init-sync.lock
 
+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
     run_path before-starting
 fi
 
-echo "⚠️⚠️⚠️"
-echo "This image is maintained by community volunteers and designed for expert use."
-echo "For quick and easy deployment that supports the full set of Nextcloud Hub features, use the Nextcloud All-in-One docker container maintained by Nextcloud GmbH."
-echo "See https://github.com/nextcloud/all-in-one#nextcloud-all-in-one"
-echo "⚠️⚠️⚠️ "
-
 exec "$@"

31/fpm-alpine/Dockerfile

@@ -1,11 +1,18 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.2-fpm-alpine3.19
+FROM php:8.3-fpm-alpine3.23
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
     \
     apk add --no-cache \
         imagemagick \
+        imagemagick-pdf \
+        imagemagick-jpeg \
+        imagemagick-raw \
+        imagemagick-tiff \
+        imagemagick-heic \
+        imagemagick-webp \
+        imagemagick-svg \
         rsync \
     ; \
     \
@@ -25,7 +32,6 @@ RUN set -ex; \
         imagemagick-dev \
         libevent-dev \
         libjpeg-turbo-dev \
-        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libwebp-dev \
@@ -36,16 +42,17 @@ RUN set -ex; \
         postgresql-dev \
     ; \
     \
+    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
     docker-php-ext-configure ldap; \
     docker-php-ext-install -j "$(nproc)" \
         bcmath \
         exif \
+        ftp \
         gd \
         gmp \
         intl \
         ldap \
-        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -54,13 +61,17 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
-    pecl install imagick-3.7.0; \
-    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
+    pecl install APCu-5.1.28; \
+    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.8.1; \
+    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+        memcached-3.4.0; \
+    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
+        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
+        igbinary \
         imagick \
         memcached \
         redis \
@@ -80,19 +91,25 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
+ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=128'; \
+        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=128M'; \
+        echo 'opcache.jit_buffer_size=8M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
+    { \
+        echo 'apc.serializer=igbinary'; \
+        echo 'session.serialize_handler=igbinary'; \
+    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
+    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -111,7 +128,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 26.0.12
+ENV NEXTCLOUD_VERSION 31.0.12
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -119,8 +136,8 @@ RUN set -ex; \
         gnupg \
     ; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-26.0.12.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-26.0.12.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \