286 changed files with 6329 additions and 8181 deletions
--- a/.config/apps.config.php
+++ b/.config/apps.config.php
@ -1,15 +1,15 @@
 <?php
 $CONFIG = array (
-  'apps_paths' => array (
+  "apps_paths" => array (
      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
+              "path"     => OC::$SERVERROOT."/apps",
-              'url'      => '/apps',
+              "url"      => "/apps",
-              'writable' => false,
+              "writable" => false,
      ),
      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
+              "path"     => OC::$SERVERROOT."/custom_apps",
-              'url'      => '/custom_apps',
+              "url"      => "/custom_apps",
-              'writable' => true,
+              "writable" => true,
      ),
  ),
 );
--- a/.config/autoconfig.php
+++ b/.config/autoconfig.php
@ -3,39 +3,32 @@
 $autoconfig_enabled = false;
 if (getenv('SQLITE_DATABASE')) {
-    $AUTOCONFIG['dbtype'] = 'sqlite';
+    $AUTOCONFIG["dbtype"] = "sqlite";
-    $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
+    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
    $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
    $AUTOCONFIG['dbtype'] = 'mysql';
    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'mysql';
+    $AUTOCONFIG["dbtype"] = "mysql";
-    $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
+    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
-    $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
+    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
-    $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
+    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
+    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
    $AUTOCONFIG['dbtype'] = 'pgsql';
    $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
    $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
    $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
-    $AUTOCONFIG['dbtype'] = 'pgsql';
+    $AUTOCONFIG["dbtype"] = "pgsql";
-    $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
+    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
-    $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
+    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
-    $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
+    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
-    $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
+    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 }
 if ($autoconfig_enabled) {
-    $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
+    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/.config/redis.config.php
+++ b/.config/redis.config.php
@ -1,21 +0,0 @@
 <?php
 if (getenv('REDIS_HOST')) {
  $CONFIG = array(
    'memcache.distributed' => '\OC\Memcache\Redis',
    'memcache.locking' => '\OC\Memcache\Redis',
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
    ),
  );
  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
  if (getenv('REDIS_HOST_USER') !== false) {
    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
  }
 }
--- a/.config/reverse-proxy.config.php
+++ b/.config/reverse-proxy.config.php
@ -1,35 +0,0 @@
 <?php
 $overwriteHost = getenv('OVERWRITEHOST');
 if ($overwriteHost) {
  $CONFIG['overwritehost'] = $overwriteHost;
 }
 $overwriteProtocol = getenv('OVERWRITEPROTOCOL');
 if ($overwriteProtocol) {
  $CONFIG['overwriteprotocol'] = $overwriteProtocol;
 }
 $overwriteCliUrl = getenv('OVERWRITECLIURL');
 if ($overwriteCliUrl) {
  $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
 }
 $overwriteWebRoot = getenv('OVERWRITEWEBROOT');
 if ($overwriteWebRoot) {
  $CONFIG['overwritewebroot'] = $overwriteWebRoot;
 }
 $overwriteCondAddr = getenv('OVERWRITECONDADDR');
 if ($overwriteCondAddr) {
  $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
 }
 $trustedProxies = getenv('TRUSTED_PROXIES');
 if ($trustedProxies) {
  $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
 }
 $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
 if ($forwardedForHeaders) {
  $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
 }
--- a/.config/s3.config.php
+++ b/.config/s3.config.php
@ -1,48 +0,0 @@
 <?php
 if (getenv('OBJECTSTORE_S3_BUCKET')) {
  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
  $CONFIG = array(
    'objectstore' => array(
      'class' => '\OC\Files\ObjectStore\S3',
      'arguments' => array(
        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
        'autocreate' => strtolower($autocreate) !== 'false',
        'use_ssl' => strtolower($use_ssl) !== 'false',
        // required for some non Amazon S3 implementations
        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
        // required for older protocol versions
        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
      )
    )
  );
  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
  } else {
    $CONFIG['objectstore']['arguments']['key'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
  } else {
    $CONFIG['objectstore']['arguments']['secret'] = '';
  }
  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
  }
 }
--- a/.config/smtp.config.php
+++ b/.config/smtp.config.php
@ -1,22 +0,0 @@
 <?php
 if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
  $CONFIG = array (
    'mail_smtpmode' => 'smtp',
    'mail_smtphost' => getenv('SMTP_HOST'),
    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
    'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
    'mail_domain' => getenv('MAIL_DOMAIN'),
  );
  if (getenv('SMTP_PASSWORD_FILE')) {
      $CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
  } elseif (getenv('SMTP_PASSWORD')) {
      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
  } else {
      $CONFIG['mail_smtppassword'] = '';
  }
 }
--- a/.config/swift.config.php
+++ b/.config/swift.config.php
@ -1,31 +0,0 @@
 <?php
 if (getenv('OBJECTSTORE_SWIFT_URL')) {
    $autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
  $CONFIG = array(
    'objectstore' => [
      'class' => 'OC\\Files\\ObjectStore\\Swift',
      'arguments' => [
        'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
        'user' => [
          'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
          'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
          'domain' => [
            'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
          ],
        ],
        'scope' => [
          'project' => [
            'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
            'domain' => [
              'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
            ],
          ],
        ],
        'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
        'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
        'url' => getenv('OBJECTSTORE_SWIFT_URL'),
        'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
      ]
    ]
  );
 }
--- a/.config/upgrade-disable-web.config.php
+++ b/.config/upgrade-disable-web.config.php
@ -1,4 +0,0 @@
 <?php
 $CONFIG = array (
  'upgrade.disable-web' => true,
 );
--- a/.examples/README.md
+++ b/.examples/README.md
@ -13,62 +13,65 @@ The Dockerfiles use the default images as base image and build on top of it.
 Example | Description
 ------- | -------
-[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed). This image runs `supervisord` to start nextcloud and cron as two seperate processes inside the container.
+[cron](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/cron) | uses supervisor to run the cron job inside the container (so no extra container is needed).
 [imap](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/imap) | adds dependencies required to authenticate users via imap
 [smb](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/smb) | adds dependencies required to use smb shares
 [full](https://github.com/nextcloud/docker/tree/master/.examples/dockerfiles/full) | adds dependencies for ALL optional packages and cron functionality via supervisor (as in the `cron` example Dockerfile).
 ### cron
 NOTE: [this container must run as root or `cron.php` will not run](https://github.com/nextcloud/docker/issues/1899).
 ### full
-The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html).
+The `full` Dockerfile example adds dependencies for all optional packages suggested by nextcloud that may be needed for some features (e.g. Video Preview Generation), as stated in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html).
-NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the appropriate line in the Dockerfile.
+NOTE: The Dockerfile does not install the LibreOffice package (line is commented), because it would increase the generated Image size by approximately 500 MB. In order to install it, simply uncomment the 13th line of the Dockerfile.</br>
-NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#previews)
+NOTE: Per default, only previews for BMP, GIF, JPEG, MarkDown, MP3, PNG, TXT, and XBitmap Files are generated. The configuration of the preview generation can be done in config.php, as explained in the [Administration Manual](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html#previews)</br>
-NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/latest/admin_manual/installation/harden_server.html#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.
+NOTE: Nextcloud recommends [disabling preview generation](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/harden_server.html?highlight=enabledpreviewproviders#disable-preview-image-generation) for high security deployments, as preview generation opens your nextcloud instance to new possible attack vectors.</br>
 The required steps for each optional/recommended package that is not already in the Nextcloud image are listed here, so that the Dockerfile can easily be modified to only install the needed extra packages. Simply remove the steps for the unwanted packages  from the Dockerfile.
 #### PHP Module bz2
-`docker-php-ext-install bz2`
+`docker-php-ext-install bz2` </br>
 #### PHP Module imagick
 `apt install libmagickwand-dev` </br>
 `pecl install imagick` </br>
 `docker-php-ext-enable imagick` </br>
 #### PHP Module imap
-`apt install libc-client-dev libkrb5-dev`
+`apt install libc-client-dev libkrb5-dev` </br>
-`docker-php-ext-configure imap --with-kerberos --with-imap-ssl`
+`docker-php-ext-configure imap --with-kerberos --with-imap-ssl` </br>
-`docker-php-ext-install imap`
+`docker-php-ext-install imap` </br>
 #### PHP Module gmp
-`apt install libgmp3-dev`
+`apt install libgmp3-dev` </br>
-`docker-php-ext-install gmp`
+`docker-php-ext-install gmp` </br>
 #### PHP Module smbclient
-`apt install smbclient libsmbclient-dev`
+`apt install smbclient libsmbclient-dev` </br>
-`pecl install smbclient`
+`pecl install smbclient` </br>
-`docker-php-ext-enable smbclient`
+`docker-php-ext-enable smbclient` </br>
 #### ffmpeg
-`apt install ffmpeg`
+`echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list` </br>
 `apt install ffmpeg` </br>
 #### LibreOffice
-`apt install libreoffice`
+`apt install LibreOffice` </br>
 #### CRON via supervisor
-`apt install supervisor`
+`apt install supervisor` </br>
-`mkdir /var/log/supervisord /var/run/supervisord`
+`mkdir /var/log/supervisord /var/run/supervisord` </br>
-The following Dockerfile commands are also necessary for a sucessfull cron installation:
+The following Dockerfile commands are also necessary for a sucessfull cron installation: </br>
-`COPY supervisord.conf /etc/supervisor/supervisord.conf`
+`COPY supervisord.conf /etc/supervisor/supervisord.conf` </br>
-`CMD ["/usr/bin/supervisord"]`
+`CMD ["/usr/bin/supervisord"]` </br>
 ## docker-compose
 In `docker-compose` additional services are bundled to create a complete nextcloud installation. The examples are designed to run out-of-the-box.
-Before running the examples you have to modify the `db.env` and `compose.yaml` file and fill in your custom information.
+Before running the examples you have to modify the `db.env` and `docker-compose.yml` file and fill in your custom information.
-The docker compose examples make heavily use of derived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `compose.yaml` file.
+The docker-compose examples make heavily use of dereived Dockerfiles to add configuration files into the containers. This way they should also work on remote docker systems as _Docker for Windows_. When running docker-compose on the same host as the docker daemon, another possibility would be to simply mount the files in the volumes section in the `docker-compose.yml` file.
 ### insecure
@ -78,10 +81,10 @@ For this use one of the [with-nginx-proxy](#with-nginx-proxy) examples.
 To use this example complete the following steps:
-1. if you use mariadb or mysql choose a root password for the database in `compose.yaml` behind `MYSQL_ROOT_PASSWORD=`
+1. if you use mariadb or mysql choose a root password for the database in `docker-compose.yml` behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker compose up -d`
+4. start nextcloud with `docker-compose up -d`
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
@ -89,21 +92,18 @@ If you want to update your installation to a newer version of nextcloud, repeat
 ### with-nginx-proxy
 The nginx proxy adds a proxy layer between nextcloud and the internet. The proxy is designed to serve multiple sites on the same host machine.
 The advantage in adding this layer is the ability to add a container for [Let's Encrypt](https://letsencrypt.org/) certificate handling.
-This combination of the [nginxproxy/nginx-proxy](https://github.com/nginx-proxy/nginx-proxy) and [nginxproxy/acme-companion](https://github.com/nginx-proxy/acme-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
+This combination of the [jwilder/nginx-proxy](https://github.com/jwilder/nginx-proxy) and [jrcs/docker-letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) containers creates a fully automated https encryption of the nextcloud installation without worrying about certificate generation, validation or renewal.
 **This setup only works with a valid domain name on a server that is reachable from the internet.**
 To use this example complete the following steps:
-1. open `compose.yaml`
+1. open `docker-compose.yml`
   1. insert your nextcloud domain behind `VIRTUAL_HOST=`and `LETSENCRYPT_HOST=`
   2. enter a valid email behind `LETSENCRYPT_EMAIL=`
   3. if you use mariadb or mysql choose a root password for the database behind `MYSQL_ROOT_PASSWORD=`
 2. choose a password for the database user nextcloud in `db.env` behind `MYSQL_PASSWORD=` (for mariadb/mysql) or `POSTGRES_PASSWORD=` (for postgres)
-3. run `docker compose build --pull` to pull the most recent base images and build the custom dockerfiles
+3. run `docker-compose build --pull` to pull the most recent base images and build the custom dockerfiles
-4. start nextcloud with `docker compose up -d`
+4. start nextcloud with `docker-compose up -d`
 If you want to update your installation to a newer version of nextcloud, repeat the steps 3 and 4.
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/Dockerfile
@ -0,0 +1,3 @@
 FROM nextcloud:apache
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/app/redis.config.php
@ -0,0 +1,8 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/db.env
@ -0,0 +1,3 @@
 MYSQL_PASSWORD=
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/apache/docker-compose.yml
@ -0,0 +1,46 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  redis:
    image: redis
    restart: always
  app:  
    build: ./app
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  cron:
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/Dockerfile
@ -0,0 +1,3 @@
 FROM nextcloud:fpm
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/app/redis.config.php
@ -0,0 +1,8 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/db.env
@ -0,0 +1,3 @@
 MYSQL_PASSWORD=
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/docker-compose.yml
@ -0,0 +1,54 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  redis:
    image: redis
    restart: always
  app:  
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  web:
    build: ./web
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html:ro
    depends_on:
      - app
  cron:
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb-cron-redis/fpm/web/nginx.conf
@ -0,0 +1,154 @@
 user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    upstream php-handler {
        server app:9000;
    }
    server {
        listen 80;
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        root /var/www/html;
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
        # last;
        location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
        }
        location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
        }
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;
        location / {
            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/insecure/mariadb/apache/compose.yaml
+++ b/.examples/docker-compose/insecure/mariadb/apache/compose.yaml
@ -1,54 +0,0 @@
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:apache
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/apache/docker-compose.yml
@ -0,0 +1,31 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  app:  
    image: nextcloud:apache
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/compose.yaml
@ -1,67 +0,0 @@
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/mariadb/fpm/docker-compose.yml
@ -0,0 +1,39 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  app:  
    image: nextcloud:fpm
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
  web:
    build: ./web
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html:ro
    depends_on:
      - app
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf
@ -1,4 +1,5 @@
-worker_processes auto;
+user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -10,11 +11,8 @@ events {
 http {
-    include mime.types;
+    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -25,178 +23,132 @@ http {
    sendfile        on;
    #tcp_nopush     on;
    # Prevent nginx HTTP Server Detection
    server_tokens   off;
    keepalive_timeout  65;
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        zone backends 64k;
+        server app:9000;
        server app:9000 resolve;
    }
    server {
        listen 80;
-        # HSTS settings
+        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # set max upload size and increase upload timeout:
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        # The settings allows you to optimize the HTTP2 bandwidth.
        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
        # for tuning hints
        client_body_buffer_size 512k;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"       always;
        add_header X-Content-Type-Options               "nosniff"           always;
        add_header X-Frame-Options                      "SAMEORIGIN"        always;
        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
        add_header X-Robots-Tag                         "noindex, nofollow" always;
        add_header X-XSS-Protection                     "1; mode=block"     always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;
        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
-        # Make a regex exception for `/.well-known` so that clients can still
+        # The following 2 rules are only needed for the user_webfinger app.
-        # access it despite the existence of the regex rule
+        # Uncomment it if you're planning to use this app.
-        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        # for `/.well-known`.
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-        location ^~ /.well-known {
+        # last;
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.
-            location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav {
-            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+            return 301 $scheme://$host/remote.php/dav;
-
+        }
-            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location = /.well-known/caldav {
-            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+            return 301 $scheme://$host/remote.php/dav;
            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }
-        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        # set max upload size
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        client_max_body_size 10G;
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+        fastcgi_buffers 64 4K;
-        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+        # Enable gzip but do not remove ETag headers
-        # which handle static assets (as seen below). If this block is not declared first,
+        gzip on;
-        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+        gzip_vary on;
-        # to the URI, resulting in a HTTP 500 error response.
+        gzip_comp_level 4;
-        location ~ \.php(?:$|/) {
+        gzip_min_length 256;
-            # Required for legacy support
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        # Uncomment if your server is build with the ngx_pagespeed module
-            set $path_info $fastcgi_path_info;
+        # This module is currently not supported.
-
+        #pagespeed off;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            #fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_max_temp_file_size 0;
        }
        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }
        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }
        location / {
-            try_files $uri $uri/ /index.php$request_uri;
+            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/insecure/postgres/apache/compose.yaml
+++ b/.examples/docker-compose/insecure/postgres/apache/compose.yaml
@ -1,49 +0,0 @@
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:apache
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/apache/docker-compose.yml
@ -0,0 +1,28 @@
 version: '3'
 services:
  db:
    image: postgres
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
  app:  
    image: nextcloud:apache
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html
    environment:
      - POSTGRES_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/compose.yaml
+++ b/.examples/docker-compose/insecure/postgres/fpm/compose.yaml
@ -1,62 +0,0 @@
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    ports:
      - 127.0.0.1:8080:80
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    depends_on:
      - app
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/insecure/postgres/fpm/docker-compose.yml
@ -0,0 +1,36 @@
 version: '3'
 services:
  db:
    image: postgres
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
  app:  
    image: nextcloud:fpm
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - POSTGRES_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
  web:
    build: ./web
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud:/var/www/html:ro
    depends_on:
      - app
 volumes:
  db:
  nextcloud:
--- a/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf
@ -1,4 +1,5 @@
-worker_processes auto;
+user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -10,11 +11,8 @@ events {
 http {
-    include mime.types;
+    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -25,178 +23,132 @@ http {
    sendfile        on;
    #tcp_nopush     on;
    # Prevent nginx HTTP Server Detection
    server_tokens   off;
    keepalive_timeout  65;
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        zone backends 64k;
+        server app:9000;
        server app:9000 resolve;
    }
    server {
        listen 80;
-        # HSTS settings
+        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # set max upload size and increase upload timeout:
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        # The settings allows you to optimize the HTTP2 bandwidth.
        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
        # for tuning hints
        client_body_buffer_size 512k;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"       always;
        add_header X-Content-Type-Options               "nosniff"           always;
        add_header X-Frame-Options                      "SAMEORIGIN"        always;
        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
        add_header X-Robots-Tag                         "noindex, nofollow" always;
        add_header X-XSS-Protection                     "1; mode=block"     always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;
        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
-        # Make a regex exception for `/.well-known` so that clients can still
+        # The following 2 rules are only needed for the user_webfinger app.
-        # access it despite the existence of the regex rule
+        # Uncomment it if you're planning to use this app.
-        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        # for `/.well-known`.
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-        location ^~ /.well-known {
+        # last;
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.
-            location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav {
-            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+            return 301 $scheme://$host/remote.php/dav;
-
+        }
-            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location = /.well-known/caldav {
-            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+            return 301 $scheme://$host/remote.php/dav;
            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }
-        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        # set max upload size
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        client_max_body_size 10G;
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+        fastcgi_buffers 64 4K;
-        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+        # Enable gzip but do not remove ETag headers
-        # which handle static assets (as seen below). If this block is not declared first,
+        gzip on;
-        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+        gzip_vary on;
-        # to the URI, resulting in a HTTP 500 error response.
+        gzip_comp_level 4;
-        location ~ \.php(?:$|/) {
+        gzip_min_length 256;
-            # Required for legacy support
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        # Uncomment if your server is build with the ngx_pagespeed module
-            set $path_info $fastcgi_path_info;
+        # This module is currently not supported.
-
+        #pagespeed off;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            #fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_max_temp_file_size 0;
        }
        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }
        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }
        location / {
-            try_files $uri $uri/ /index.php$request_uri;
+            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/Dockerfile
@ -0,0 +1,3 @@
 FROM nextcloud:apache
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/app/redis.config.php
@ -0,0 +1,8 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/db.env
@ -0,0 +1,3 @@
 MYSQL_PASSWORD=
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/docker-compose.yml
@ -0,0 +1,88 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  redis:
    image: redis
    restart: always
  app:  
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
      - redis
    networks:
      - proxy-tier
      - default
  cron:
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/Dockerfile
@ -0,0 +1,3 @@
 FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/apache/proxy/uploadsize.conf
@ -0,0 +1 @@
 client_max_body_size 10G;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/Dockerfile
@ -0,0 +1,3 @@
 FROM nextcloud:fpm
 COPY redis.config.php /usr/src/nextcloud/config/redis.config.php
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/app/redis.config.php
@ -0,0 +1,8 @@
 <?php
 $CONFIG = array (
  'memcache.locking' => '\OC\Memcache\Redis',
  'redis' => array(
    'host' => 'redis',
    'port' => 6379,
  ),
 );
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/db.env
@ -0,0 +1,3 @@
 MYSQL_PASSWORD=
 MYSQL_DATABASE=nextcloud
 MYSQL_USER=nextcloud
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/docker-compose.yml
@ -0,0 +1,97 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  redis:
    image: redis
    restart: always
  app:  
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
      - redis
  web:
    build: ./web
    restart: always
    volumes:
      - nextcloud:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  cron:
    build: ./app
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/Dockerfile
@ -0,0 +1,3 @@
 FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/proxy/uploadsize.conf
@ -0,0 +1 @@
 client_max_body_size 10G;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
@ -0,0 +1,154 @@
 user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
 events {
    worker_connections  1024;
 }
 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;
    upstream php-handler {
        server app:9000;
    }
    server {
        listen 80;
        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        root /var/www/html;
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
        # The following 2 rules are only needed for the user_webfinger app.
        # Uncomment it if you're planning to use this app.
        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
        # last;
        location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
        }
        location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
        }
        # set max upload size
        client_max_body_size 10G;
        fastcgi_buffers 64 4K;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Uncomment if your server is build with the ngx_pagespeed module
        # This module is currently not supported.
        #pagespeed off;
        location / {
            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml
@ -1,120 +0,0 @@
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
      - proxy
    networks:
      - proxy-tier
      - default
  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - dhparam:/etc/nginx/dhparam:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    environment:
      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 # self signed,outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
 #    volumes:
 #      - certs:/certs
 #    environment:
 #      - SSL_SUBJECT=servhostname.local
 #      - CA_SUBJECT=my@example.com
 #      - SSL_KEY=/certs/servhostname.local.key
 #      - SSL_CSR=/certs/servhostname.local.csr
 #      - SSL_CERT=/certs/servhostname.local.crt
 #    networks:
 #      - proxy-tier
 volumes:
  db:
  nextcloud:
  certs:
  acme:
  vhost.d:
  html:
  dhparam:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/docker-compose.yml
@ -0,0 +1,73 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  app:  
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
    networks:
      - proxy-tier
      - default
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/uploadsize.conf
@ -1,2 +1 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml
@ -1,132 +0,0 @@
 services:
  # Note: MariaDB is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/mariadb
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: mariadb:lts
    command: --transaction-isolation=READ-COMMITTED
    restart: always
    volumes:
      - db:/var/lib/mysql:Z
    environment:
      - MYSQL_ROOT_PASSWORD=
      - MARIADB_AUTO_UPGRADE=1
      - MARIADB_DISABLE_UPGRADE_BACKUP=1
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
      - proxy
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    environment:
      - DEFAULT_EMAIL=
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 # self signed, outdated. 
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
 #    volumes:
 #      - certs:/certs
 #    environment:
 #      - SSL_SUBJECT=servhostname.local
 #      - CA_SUBJECT=my@example.com
 #      - SSL_KEY=/certs/servhostname.local.key
 #      - SSL_CSR=/certs/servhostname.local.csr
 #      - SSL_CERT=/certs/servhostname.local.crt
 #    networks:
 #      - proxy-tier
 volumes:
  db:
  nextcloud:
  certs:
  acme:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
@ -0,0 +1,82 @@
 version: '3'
 services:
  db:
    image: mariadb
    # image: mysql
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=
    env_file:
      - db.env
  app:  
    image: nextcloud:fpm
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
  web:
    build: ./web
    restart: always
    volumes:
      - nextcloud:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/uploadsize.conf
@ -1,2 +1 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf
@ -1,4 +1,5 @@
-worker_processes auto;
+user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -10,11 +11,8 @@ events {
 http {
-    include mime.types;
+    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -25,178 +23,132 @@ http {
    sendfile        on;
    #tcp_nopush     on;
    # Prevent nginx HTTP Server Detection
    server_tokens   off;
    keepalive_timeout  65;
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        zone backends 64k;
+        server app:9000;
        server app:9000 resolve;
    }
    server {
        listen 80;
-        # HSTS settings
+        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # set max upload size and increase upload timeout:
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        # The settings allows you to optimize the HTTP2 bandwidth.
        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
        # for tuning hints
        client_body_buffer_size 512k;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"       always;
        add_header X-Content-Type-Options               "nosniff"           always;
        add_header X-Frame-Options                      "SAMEORIGIN"        always;
        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
        add_header X-Robots-Tag                         "noindex, nofollow" always;
        add_header X-XSS-Protection                     "1; mode=block"     always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;
        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
-        # Make a regex exception for `/.well-known` so that clients can still
+        # The following 2 rules are only needed for the user_webfinger app.
-        # access it despite the existence of the regex rule
+        # Uncomment it if you're planning to use this app.
-        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        # for `/.well-known`.
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-        location ^~ /.well-known {
+        # last;
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.
-            location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav {
-            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+            return 301 $scheme://$host/remote.php/dav;
-
+        }
-            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location = /.well-known/caldav {
-            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+            return 301 $scheme://$host/remote.php/dav;
            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }
-        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        # set max upload size
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        client_max_body_size 10G;
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+        fastcgi_buffers 64 4K;
-        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+        # Enable gzip but do not remove ETag headers
-        # which handle static assets (as seen below). If this block is not declared first,
+        gzip on;
-        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+        gzip_vary on;
-        # to the URI, resulting in a HTTP 500 error response.
+        gzip_comp_level 4;
-        location ~ \.php(?:$|/) {
+        gzip_min_length 256;
-            # Required for legacy support
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        # Uncomment if your server is build with the ngx_pagespeed module
-            set $path_info $fastcgi_path_info;
+        # This module is currently not supported.
-
+        #pagespeed off;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_max_temp_file_size 0;
        }
        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }
        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }
        location / {
-            try_files $uri $uri/ /index.php$request_uri;
+            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml
@ -1,111 +0,0 @@
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
      - proxy
    networks:
      - proxy-tier
      - default
  cron:
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:ro,z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 # self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
 #    volumes:
 #      - certs:/certs
 #    environment:
 #      - SSL_SUBJECT=servhostname.local
 #      - CA_SUBJECT=my@example.com
 #      - SSL_KEY=/certs/servhostname.local.key
 #      - SSL_CSR=/certs/servhostname.local.csr
 #      - SSL_CERT=/certs/servhostname.local.crt
 #    networks:
 #      - proxy-tier
 volumes:
  db:
  nextcloud:
  certs:
  acme:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/docker-compose.yml
@ -0,0 +1,70 @@
 version: '3'
 services:
  db:
    image: postgres
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
  app:  
    image: nextcloud:apache
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
      - POSTGRES_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
    networks:
      - proxy-tier
      - default
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/uploadsize.conf
@ -1,2 +1 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml
@ -1,127 +0,0 @@
 services:
  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/postgres
  db:
    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
    image: postgres:alpine
    restart: always
    volumes:
      - db:/var/lib/postgresql/data:Z
    env_file:
      - db.env
  # Note: Redis is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/redis
  redis:
    image: redis:alpine
    restart: always
  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    environment:
      - POSTGRES_HOST=db
      - REDIS_HOST=redis
    env_file:
      - db.env
    depends_on:
      - db
      - redis
      - proxy
  # Note: Nginx is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/_/nginx/
  web:
    image: nginx:alpine-slim
    restart: always
    volumes:
      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
      - nextcloud:/var/www/html:z,ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html:z
      # NOTE: The `volumes` config of the `cron` and `app` containers must match
    entrypoint: /cron.sh
    depends_on:
      - db
      - redis
  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
  # https://hub.docker.com/r/nginxproxy/nginx-proxy
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
      - certs:/etc/nginx/certs:z,ro
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/tmp/docker.sock:z,ro
    networks:
      - proxy-tier
  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
  # https://hub.docker.com/r/nginxproxy/acme-companion
  letsencrypt-companion:
    image: nginxproxy/acme-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs:z
      - acme:/etc/acme.sh:z
      - vhost.d:/etc/nginx/vhost.d:z
      - html:/usr/share/nginx/html:z
      - /var/run/docker.sock:/var/run/docker.sock:z,ro
    environment:
      - DEFAULT_EMAIL=
    networks:
      - proxy-tier
    depends_on:
      - proxy
 # self signed, outdated
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"
 #    volumes:
 #      - certs:/certs
 #    environment:
 #      - SSL_SUBJECT=servhostname.local
 #      - CA_SUBJECT=my@example.com
 #      - SSL_KEY=/certs/servhostname.local.key
 #      - SSL_CSR=/certs/servhostname.local.csr
 #      - SSL_CERT=/certs/servhostname.local.crt
 #    networks:
 #      - proxy-tier
 volumes:
  db:
  nextcloud:
  certs:
  acme:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/docker-compose.yml
@ -0,0 +1,80 @@
 version: '3'
 services:
  db:
    image: postgres
    restart: always
    volumes:
      - db:/var/lib/postgresql/data
    env_file:
      - db.env
  app:  
    image: nextcloud:fpm
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - POSTGRES_HOST=db
    env_file:
      - db.env
    depends_on:
      - db
  web:
    build: ./web
    restart: always
    volumes:
      - nextcloud:/var/www/html:ro
    environment:
      - VIRTUAL_HOST=
      - LETSENCRYPT_HOST=
      - LETSENCRYPT_EMAIL=
    depends_on:
      - app
    networks:
      - proxy-tier
      - default
  proxy:
    build: ./proxy
    restart: always
    ports:
      - 80:80
      - 443:443
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    volumes:
      - certs:/etc/nginx/certs:ro
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro
    networks:
      - proxy-tier
  letsencrypt-companion:
    image: jrcs/letsencrypt-nginx-proxy-companion
    restart: always
    volumes:
      - certs:/etc/nginx/certs
      - conf.d:/etc/nginx/conf.d
      - vhost.d:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - proxy-tier
    depends_on:
      - proxy
 volumes:
  db:
  nextcloud:
  certs:
  conf.d:
  vhost.d:
  html:
 networks:
  proxy-tier:
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile
@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM jwilder/nginx-proxy:alpine
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/uploadsize.conf
@ -1,2 +1 @@
 client_max_body_size 10G;
 proxy_request_buffering off;
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile
@ -0,0 +1,3 @@
 FROM nginx
 COPY nginx.conf /etc/nginx/nginx.conf
--- a/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+++ b/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
@ -1,4 +1,5 @@
-worker_processes auto;
+user  www-data;
 worker_processes  1;
 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;
@ -10,11 +11,8 @@ events {
 http {
-    include mime.types;
+    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    types {
        text/javascript mjs;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
@ -25,178 +23,132 @@ http {
    sendfile        on;
    #tcp_nopush     on;
    # Prevent nginx HTTP Server Detection
    server_tokens   off;
    keepalive_timeout  65;
    # Set the `immutable` cache control options only for assets with a cache busting `v` argument
    map $arg_v $asset_immutable {
        "" "";
    default ", immutable";
    }
    #gzip  on;
    resolver 127.0.0.11 valid=2s;
    upstream php-handler {
-        zone backends 64k;
+        server app:9000;
        server app:9000 resolve;
    }
    server {
        listen 80;
-        # HSTS settings
+        # Add headers to serve security related headers
        # Before enabling Strict-Transport-Security headers please read into this
        # topic first.
        # add_header Strict-Transport-Security "max-age=15768000;
        # includeSubDomains; preload;";
        #
        # WARNING: Only add the preload option once you read about
        # the consequences in https://hstspreload.org/. This option
        # will add the domain to a hardcoded list that is shipped
        # in all major browsers and getting removed from this list
        # could take several months.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # set max upload size and increase upload timeout:
        client_max_body_size 512M;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        # The settings allows you to optimize the HTTP2 bandwidth.
        # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
        # for tuning hints
        client_body_buffer_size 512k;
        # Enable gzip but do not remove ETag headers
        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
        # Pagespeed is not supported by Nextcloud, so if your server is built
        # with the `ngx_pagespeed` module, uncomment this line to disable it.
        #pagespeed off;
        # HTTP response headers borrowed from Nextcloud `.htaccess`
        add_header Referrer-Policy                      "no-referrer"       always;
        add_header X-Content-Type-Options               "nosniff"           always;
        add_header X-Frame-Options                      "SAMEORIGIN"        always;
        add_header X-Permitted-Cross-Domain-Policies    "none"              always;
        add_header X-Robots-Tag                         "noindex, nofollow" always;
        add_header X-XSS-Protection                     "1; mode=block"     always;
        # Remove X-Powered-By, which is an information leak
        fastcgi_hide_header X-Powered-By;
        # Path to the root of your installation
        root /var/www/html;
        # Specify how to handle directories -- specifying `/index.php$request_uri`
        # here as the fallback means that Nginx always exhibits the desired behaviour
        # when a client requests a path that corresponds to a directory that exists
        # on the server. In particular, if that directory contains an index.php file,
        # that file is correctly served; if it doesn't, then the request is passed to
        # the front-end controller. This consistent behaviour means that we don't need
        # to specify custom rules for certain paths (e.g. images and other assets,
        # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
        # `try_files $uri $uri/ /index.php$request_uri`
        # always provides the desired behaviour.
        index index.php index.html /index.php$request_uri;
        # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
        location = / {
            if ( $http_user_agent ~ ^DavClnt ) {
                return 302 /remote.php/webdav/$is_args$args;
            }
        }
        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }
-        # Make a regex exception for `/.well-known` so that clients can still
+        # The following 2 rules are only needed for the user_webfinger app.
-        # access it despite the existence of the regex rule
+        # Uncomment it if you're planning to use this app.
-        # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+        #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-        # for `/.well-known`.
+        #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-        location ^~ /.well-known {
+        # last;
            # The rules in this block are an adaptation of the rules
            # in `.htaccess` that concern `/.well-known`.
-            location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/carddav {
-            location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+            return 301 $scheme://$host/remote.php/dav;
-
+        }
-            location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location = /.well-known/caldav {
-            location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+            return 301 $scheme://$host/remote.php/dav;
            # Let Nextcloud's API for `/.well-known` URIs handle all other
            # requests by passing them to the front-end controller.
            return 301 /index.php$request_uri;
        }
-        # Rules borrowed from `.htaccess` to hide certain paths from clients
+        # set max upload size
-        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+        client_max_body_size 10G;
-        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+        fastcgi_buffers 64 4K;
-        # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+        # Enable gzip but do not remove ETag headers
-        # which handle static assets (as seen below). If this block is not declared first,
+        gzip on;
-        # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+        gzip_vary on;
-        # to the URI, resulting in a HTTP 500 error response.
+        gzip_comp_level 4;
-        location ~ \.php(?:$|/) {
+        gzip_min_length 256;
-            # Required for legacy support
+        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
+        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        # Uncomment if your server is build with the ngx_pagespeed module
-            set $path_info $fastcgi_path_info;
+        # This module is currently not supported.
-
+        #pagespeed off;
            try_files $fastcgi_script_name =404;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_max_temp_file_size 0;
        }
        # Serve static files
        location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
            try_files $uri /index.php$request_uri;
            add_header Cache-Control "public, max-age=15778463$asset_immutable";
            add_header Referrer-Policy                   "no-referrer"       always;
            add_header X-Content-Type-Options            "nosniff"           always;
            add_header X-Frame-Options                   "SAMEORIGIN"        always;
            add_header X-Permitted-Cross-Domain-Policies "none"              always;
            add_header X-Robots-Tag                      "noindex, nofollow" always;
            add_header X-XSS-Protection                  "1; mode=block"     always;
            access_log off;     # Optional: Don't log access to assets
            location ~ \.wasm$ {
                default_type application/wasm;
            }
        }
        location ~ \.(otf|woff2?)$ {
            try_files $uri /index.php$request_uri;
            expires 7d;         # Cache-Control policy borrowed from `.htaccess`
            access_log off;     # Optional: Don't log access to assets
        }
        # Rule borrowed from `.htaccess`
        location /remote {
            return 301 /remote.php$request_uri;
        }
        location / {
-            try_files $uri $uri/ /index.php$request_uri;
+            rewrite ^ /index.php$uri;
        }
        location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }
        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.*)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            # fastcgi_param HTTPS on;
            #Avoid sending the security headers twice
            fastcgi_param modHeadersAvailable true;
            fastcgi_param front_controller_active true;
            fastcgi_pass php-handler;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
        }
        location ~ ^/(?:updater|ocs-provider)(?:$|/) {
            try_files $uri/ =404;
            index index.php;
        }
        # Adding the cache control header for js and css files
        # Make sure it is BELOW the PHP block
        location ~ \.(?:css|js|woff|svg|gif)$ {
            try_files $uri /index.php$uri$is_args$args;
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers (It is intended to
            # have those duplicated to the ones above)
            # Before enabling Strict-Transport-Security headers please read into
            # this topic first.
            # add_header Strict-Transport-Security "max-age=15768000;
            #  includeSubDomains; preload;";
            #
            # WARNING: Only add the preload option once you read about
            # the consequences in https://hstspreload.org/. This option
            # will add the domain to a hardcoded list that is shipped
            # in all major browsers and getting removed from this list
            # could take several months.
            add_header X-Content-Type-Options nosniff;
            add_header X-XSS-Protection "1; mode=block";
            add_header X-Robots-Tag none;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            # Optional: Don't log access to assets
            access_log off;
        }
        location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
            try_files $uri /index.php$uri$is_args$args;
            # Optional: Don't log access to other assets
            access_log off;
        }
    }
 }
--- a/.examples/dockerfiles/cron/apache/Dockerfile
+++ b/.examples/dockerfiles/cron/apache/Dockerfile
@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord
-COPY supervisord.conf /
+COPY supervisord.conf /etc/supervisor/supervisord.conf
-ENV NEXTCLOUD_UPDATE=1
+CMD ["/usr/bin/supervisord"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/cron/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/cron/fpm-alpine/Dockerfile
@ -1,10 +0,0 @@
 FROM nextcloud:fpm-alpine
 RUN apk add --no-cache supervisor \
  && mkdir /var/log/supervisord /var/run/supervisord
 COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
+++ b/.examples/dockerfiles/cron/fpm-alpine/supervisord.conf
@ -1,22 +0,0 @@
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 [program:cron]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
--- a/.examples/dockerfiles/cron/fpm/Dockerfile
+++ b/.examples/dockerfiles/cron/fpm/Dockerfile
@ -5,8 +5,6 @@ RUN apt-get update && apt-get install -y \
  && rm -rf /var/lib/apt/lists/* \
  && mkdir /var/log/supervisord /var/run/supervisord
-COPY supervisord.conf /
+COPY supervisord.conf /etc/supervisor/supervisord.conf
-ENV NEXTCLOUD_UPDATE=1
+CMD ["/usr/bin/supervisord"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/apache/Dockerfile
+++ b/.examples/dockerfiles/full/apache/Dockerfile
@ -1,60 +1,24 @@
 FROM nextcloud:apache
-RUN set -ex; \
+RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
-    \
+    && apt-get update && apt-get install -y \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        ghostscript \
        libmagickcore-6.q16-6-extra \
        procps \
        smbclient \
        supervisor \
-#       libreoffice \
+        ffmpeg \
-    ; \
+        libmagickwand-dev \
-    rm -rf /var/lib/apt/lists/*
+        libgmp3-dev \
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libbz2-dev \
        libc-client-dev \
        libkrb5-dev \
        smbclient \
        libsmbclient-dev \
-    ; \
+#       LibreOffice \
-    \
+    && rm -rf /var/lib/apt/lists/* \
-    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
+    && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
-    docker-php-ext-install \
+    && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
-        bz2 \
+    && docker-php-ext-install bz2 gmp imap \
-        imap \
+    && pecl install imagick smbclient \
-    ; \
+    && docker-php-ext-enable imagick smbclient \
-    pecl install smbclient; \
+    && mkdir /var/log/supervisord /var/run/supervisord
    docker-php-ext-enable smbclient; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
        | xargs -r dpkg-query --search \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
-RUN mkdir -p \
+COPY supervisord.conf /etc/supervisor/supervisord.conf
    /var/log/supervisord \
    /var/run/supervisord \
 ;
-COPY supervisord.conf /
+CMD ["/usr/bin/supervisord"]
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/full/fpm-alpine/Dockerfile
@ -1,51 +0,0 @@
 FROM nextcloud:fpm-alpine
 RUN set -ex; \
    \
    apk add --no-cache \
        ffmpeg \
        imagemagick \
        procps \
        samba-client \
        supervisor \
 #       libreoffice \
    ;
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        imap-dev \
        krb5-dev \
        openssl-dev \
        samba-dev \
        bzip2-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install \
        bz2 \
        imap \
    ; \
    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
 RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
 ;
 COPY supervisord.conf /
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/full/fpm-alpine/supervisord.conf
+++ b/.examples/dockerfiles/full/fpm-alpine/supervisord.conf
@ -1,22 +0,0 @@
 [supervisord]
 nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
 logfile_maxbytes=50MB                           ; maximum size of logfile before rotation
 logfile_backups=10                              ; number of backed up logfiles
 loglevel=error
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 [program:cron]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
--- a/.examples/dockerfiles/full/fpm/Dockerfile
+++ b/.examples/dockerfiles/full/fpm/Dockerfile
@ -1,60 +1,24 @@
 FROM nextcloud:fpm
-RUN set -ex; \
+RUN echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list \
-    \
+    && apt-get update && apt-get install -y \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        ffmpeg \
        ghostscript \
        libmagickcore-6.q16-6-extra \
        procps \
        smbclient \
        supervisor \
-#       libreoffice \
+        ffmpeg \
-    ; \
+        libmagickwand-dev \
-    rm -rf /var/lib/apt/lists/*
+        libgmp3-dev \
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libbz2-dev \
        libc-client-dev \
        libkrb5-dev \
        smbclient \
        libsmbclient-dev \
-    ; \
+#       LibreOffice \
-    \
+    && rm -rf /var/lib/apt/lists/* \
-    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
+    && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
-    docker-php-ext-install \
+    && ln -s "/usr/include/$(dpkg-architecture --query DEB_BUILD_MULTIARCH)/gmp.h" /usr/include/gmp.h \
-        bz2 \
+    && docker-php-ext-install bz2 gmp imap \
-        imap \
+    && pecl install imagick smbclient \
-    ; \
+    && docker-php-ext-enable imagick smbclient \
-    pecl install smbclient; \
+    && mkdir /var/log/supervisord /var/run/supervisord
    docker-php-ext-enable smbclient; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
        | xargs -r dpkg-query --search \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
-RUN mkdir -p \
+COPY supervisord.conf /etc/supervisor/supervisord.conf
    /var/log/supervisord \
    /var/run/supervisord \
 ;
-COPY supervisord.conf /
+CMD ["/usr/bin/supervisord"]
 ENV NEXTCLOUD_UPDATE=1
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
--- a/.examples/dockerfiles/imap/apache/Dockerfile
+++ b/.examples/dockerfiles/imap/apache/Dockerfile
@ -1,28 +1,7 @@
 FROM nextcloud:apache
-RUN set -ex; \
+RUN apt-get update \
-    \
+ && apt-get install -y libc-client-dev libkrb5-dev \
-    savedAptMark="$(apt-mark showmanual)"; \
+ && rm -rf /var/lib/apt/lists/* \
-    \
+ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
-    apt-get update; \
+ && docker-php-ext-install imap
    apt-get install -y --no-install-recommends \
        libc-client-dev \
        libkrb5-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
        | xargs -r dpkg-query --search \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/imap/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/imap/fpm-alpine/Dockerfile
@ -1,22 +0,0 @@
 FROM nextcloud:fpm-alpine
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        imap-dev \
        krb5-dev \
        openssl-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
--- a/.examples/dockerfiles/imap/fpm/Dockerfile
+++ b/.examples/dockerfiles/imap/fpm/Dockerfile
@ -1,28 +1,7 @@
 FROM nextcloud:fpm
-RUN set -ex; \
+RUN apt-get update \
-    \
+ && apt-get install -y libc-client-dev libkrb5-dev \
-    savedAptMark="$(apt-mark showmanual)"; \
+ && rm -rf /var/lib/apt/lists/* \
-    \
+ && docker-php-ext-configure imap --with-kerberos --with-imap-ssl \
-    apt-get update; \
+ && docker-php-ext-install imap
    apt-get install -y --no-install-recommends \
        libc-client-dev \
        libkrb5-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install imap; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
        | sort -u \
        | xargs -r dpkg-query --search \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/smb/apache/Dockerfile
+++ b/.examples/dockerfiles/smb/apache/Dockerfile
@ -1,3 +1,3 @@
 FROM nextcloud:apache
-RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
--- a/.examples/dockerfiles/smb/fpm-alpine/Dockerfile
+++ b/.examples/dockerfiles/smb/fpm-alpine/Dockerfile
@ -1,3 +0,0 @@
 FROM nextcloud:fpm-alpine
 RUN apk add --no-cache procps samba-client
--- a/.examples/dockerfiles/smb/fpm/Dockerfile
+++ b/.examples/dockerfiles/smb/fpm/Dockerfile
@ -1,3 +1,3 @@
 FROM nextcloud:fpm
-RUN apt-get update && apt-get install -y procps smbclient && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y smbclient && rm -rf /var/lib/apt/lists/*
--- a/.github/ISSUE_TEMPLATE/01-Image_issue.md
+++ b/.github/ISSUE_TEMPLATE/01-Image_issue.md
@ -1,15 +0,0 @@
 ---
 name: 🐛 Report a bug in the image
 about: Create a report to help us improve the image
 labels: "bug, 0. Needs triage"
 ---
 <!--
 Thanks for reporting issues back to Nextcloud!
 When reporting problems, please include your *complete* Docker Compose file (or run commands) and your Nextcloud Server config (e.g. `occ config:list system`). Incomplete reports cause extra work for all parties involved and delay resolution.
 Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to report issues with Docker or Nextcloud Server itself. You can find help debugging your system on our forums: https://help.nextcloud.com/ or https://forums.docker.com/.
 To learn more about official images, see https://github.com/docker-library/faq
 -->
--- a/.github/ISSUE_TEMPLATE/02-Image_enhancement
+++ b/.github/ISSUE_TEMPLATE/02-Image_enhancement
@ -1,15 +0,0 @@
 ---
 name: 🚀 Suggest an enhancement
 about: Suggest an idea for improving the image
 labels: "enhancement, 0. Needs triage"
 ---
 <!--
 Thanks for suggesting an idea to improve the Nextcloud Docker image!
 This image is maintained by volunteers so if you're able to assist with implementing your idea, please mention that (and consider submitting a PR as well).
 Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to suggestion enhancements in Nextcloud Server itself. 
 To learn more about official images, see https://github.com/docker-library/faq
 -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -1,22 +0,0 @@
 contact_links:
    - name: ❓ Ask a question
      url: https://help.nextcloud.com/
      about: Ask a question, get assistance or start a discussion regarding Nextcloud and/or this image
    - name: Documentation - Nextcloud Server
      url: https://docs.nextcloud.com/
      about: Official documentation for Nextcloud Server
    - name: Documentation - Nextcloud Docker Image
      url: https://github.com/nextcloud/docker/blob/master/README.md
      about: Official documentation for this image
    - name: 🐳 Documentation - Docker
      url: https://docs.docker.com/
      about: Official documentation for Docker (installing, configuring, troubleshooting)  
    - name: 🐳 Docker Forum
      url: https://forums.docker.com/
      about: Ask a question, get assistance or start a discussion regarding Docker
    - name: 🐛 Bug Report - Nextcloud Server
      url: https://github.com/nextcloud/server/issues/new/choose
      about: Report a bug in Nextcloud Server
    - name: Enhancement Idea - Nextcloud Server
      url: https://github.com/nextcloud/server/issues/new/choose
      about: Suggest an enhancement idea for Nextcloud Server
--- a/.github/workflows/images.yml
+++ b/.github/workflows/images.yml
@ -1,65 +0,0 @@
 name: Images
 on:
  pull_request:
  workflow_run:
    workflows: ["update.sh"]
    branches: [master]
    types: 
      - completed
 defaults:
  run:
    shell: 'bash -Eeuo pipefail -x {0}'
 jobs:
  init:
    name: Generate Jobs
    runs-on: ubuntu-latest
    outputs:
      strategy: ${{ steps.generate-jobs.outputs.strategy }}
    steps:
      - uses: actions/checkout@v4
      - uses: docker-library/bashbrew@HEAD
      - id: generate-jobs
        name: Generate Jobs
        run: |
          strategy="$(GITHUB_REPOSITORY=nextcloud "$BASHBREW_SCRIPTS/github-actions/generate.sh")"
          strategy="$("$BASHBREW_SCRIPTS/github-actions/munge-i386.sh" -c <<<"$strategy")"
          echo "strategy=$strategy" >> "$GITHUB_OUTPUT"
          jq . <<<"$strategy" # sanity check / debugging aid
  test:
    needs: init
    strategy: ${{ fromJson(needs.init.outputs.strategy) }}
    name: ${{ matrix.name }}
    runs-on: ${{ matrix.os }}
    steps:
      - uses: actions/checkout@v4
      - name: Prepare Environment
        run: ${{ matrix.runs.prepare }}
      - name: Run update.sh script
        run: ./update.sh
      - name: Pull Dependencies
        run: ${{ matrix.runs.pull }}
      - name: Build ${{ matrix.name }}
        run: ${{ matrix.runs.build }}
      - name: History ${{ matrix.name }}
        run: ${{ matrix.runs.history }}
      - name: Test ${{ matrix.name }}
        run: ${{ matrix.runs.test }}
      - name: '"docker images"'
        run: ${{ matrix.runs.images }}
  summary:
    runs-on: ubuntu-latest
    needs: test
    if: always()
    name: images-test-summary
    steps:
      - name: Summary status
        run: if ${{ needs.test.result != 'success' && needs.test.result != 'skipped' }}; then exit 1; fi
--- a/.github/workflows/update-sh.yml
+++ b/.github/workflows/update-sh.yml
@ -1,29 +0,0 @@
 name: update.sh
 on:
  push:
    branches:
    - master
  schedule:
  - cron:  '15 18 * * *'
  workflow_dispatch:
 jobs:
  run_update_sh:
    name: Run update.sh script
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: Run update.sh script
      run: ./update.sh
    - name: Commit files
      run: |
        git config --local user.email "workflow@github.com"
        git config --local user.name "GitHub Workflow"
        git add -A
        git commit -m "Runs update.sh" || echo "Nothing to update"
    - name: Push changes
      uses: ad-m/github-push-action@master
      with:
        github_token: ${{ secrets.GITHUB_TOKEN }}
        force: true
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,87 @@
 dist: trusty
 sudo: required
 services: docker
 language: bash
 branches:
  only:
    - master
 install:
  - git clone https://github.com/docker-library/official-images.git ~/official-images
 before_script:
  - env | sort
  - image="nextcloud:${VERSION}${VARIANT:+-$VARIANT}"
  - if [[ "$ARCH" == 'i386' ]]; then sed -i -e 's/FROM php/FROM i386\/php/g' "${VERSION}/${VARIANT}/Dockerfile"; fi
 script:
  - travis_retry docker build -t "$image" "${VERSION}/${VARIANT}"
  - ~/official-images/test/run.sh "$image"
  - .travis/test-example-dockerfiles.sh "$image"
 after_script:
  - docker images
 jobs:
  include:
    - &test-scripts
      stage: test scripts
      env: SCRIPT=update.sh
      sudo: false
      services: []
      install: skip
      before_script: skip
      script:
        - hash_before=$(git write-tree)
        - ./update.sh
        - bash -c "[[ $hash_before = $(git add -A && git write-tree) ]]"
      after_script: skip
    - <<: *test-scripts
      env: SCRIPT=generate-stackbrew-library.sh
      install:
        - wget -O "$HOME/bin/bashbrew" https://doi-janky.infosiftr.net/job/bashbrew/lastSuccessfulBuild/artifact/bin/bashbrew-amd64
        - chmod +x "$HOME/bin/bashbrew"
      script:
        - ./generate-stackbrew-library.sh
    - stage: test images
      env: VERSION=11.0-rc VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=11.0-rc VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=11.0-rc VARIANT=fpm ARCH=amd64
    - env: VERSION=11.0-rc VARIANT=fpm ARCH=i386
    - env: VERSION=11.0-rc VARIANT=apache ARCH=amd64
    - env: VERSION=11.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=12.0-rc VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=12.0-rc VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=12.0-rc VARIANT=fpm ARCH=amd64
    - env: VERSION=12.0-rc VARIANT=fpm ARCH=i386
    - env: VERSION=12.0-rc VARIANT=apache ARCH=amd64
    - env: VERSION=12.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=13.0-rc VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=13.0-rc VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=13.0-rc VARIANT=fpm ARCH=amd64
    - env: VERSION=13.0-rc VARIANT=fpm ARCH=i386
    - env: VERSION=13.0-rc VARIANT=apache ARCH=amd64
    - env: VERSION=13.0-rc VARIANT=apache ARCH=i386
    - env: VERSION=11.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=11.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=11.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=11.0 VARIANT=fpm ARCH=i386
    - env: VERSION=11.0 VARIANT=apache ARCH=amd64
    - env: VERSION=11.0 VARIANT=apache ARCH=i386
    - env: VERSION=12.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=12.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=12.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=12.0 VARIANT=fpm ARCH=i386
    - env: VERSION=12.0 VARIANT=apache ARCH=amd64
    - env: VERSION=12.0 VARIANT=apache ARCH=i386
    - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=amd64
    - env: VERSION=13.0 VARIANT=fpm-alpine ARCH=i386
    - env: VERSION=13.0 VARIANT=fpm ARCH=amd64
    - env: VERSION=13.0 VARIANT=fpm ARCH=i386
    - env: VERSION=13.0 VARIANT=apache ARCH=amd64
    - env: VERSION=13.0 VARIANT=apache ARCH=i386
--- a/.travis/test-example-dockerfiles.sh
+++ b/.travis/test-example-dockerfiles.sh
@ -0,0 +1,19 @@
 #!/bin/bash
 set -e
 image="$1"
 cd .examples/dockerfiles
 dirs=( */ )
 dirs=( "${dirs[@]%/}" )
 for dir in "${dirs[@]}"; do
    if [ -d "$dir/$VARIANT" ]; then
        (
            cd "$dir/$VARIANT" 
            sed -ri -e 's/^FROM .*/FROM '"$image"'/g' 'Dockerfile'
            docker build -t "$image-$dir" .
            ~/official-images/test/run.sh "$image-$dir"
        )
    fi
 done
--- a/11.0-rc/apache/Dockerfile
+++ b/11.0-rc/apache/Dockerfile
@ -0,0 +1,122 @@
 FROM php:7.1-apache
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        rsync \
        bzip2 \
        busybox-static \
    ; \
    rm -rf /var/lib/apt/lists/*; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libcurl4-openssl-dev \
        libfreetype6-dev \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng12-dev \
        libpq-dev \
        libxml2-dev \
    ; \
    \
    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
    docker-php-ext-install \
        exif \
        gd \
        intl \
        ldap \
        mbstring \
        mcrypt \
        mysqli \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        pgsql \
        zip \
    ; \
    pecl install \
        APCu-5.1.11 \
        memcached-3.0.4 \
        redis-3.1.6 \
    ; \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
    ; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.enable_cli=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 RUN a2enmod rewrite
 ENV NEXTCLOUD_VERSION 11.0.8RC1
 RUN set -ex; \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    rm nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ
 COPY *.sh /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["apache2-foreground"]
--- a/11.0-rc/apache/config/apache-pretty-urls.config.php
+++ b/11.0-rc/apache/config/apache-pretty-urls.config.php
--- a/11.0-rc/apache/config/apcu.config.php
+++ b/11.0-rc/apache/config/apcu.config.php
--- a/11.0-rc/apache/config/apps.config.php
+++ b/11.0-rc/apache/config/apps.config.php
@ -0,0 +1,15 @@
 <?php
 $CONFIG = array (
  "apps_paths" => array (
      0 => array (
              "path"     => OC::$SERVERROOT."/apps",
              "url"      => "/apps",
              "writable" => false,
      ),
      1 => array (
              "path"     => OC::$SERVERROOT."/custom_apps",
              "url"      => "/custom_apps",
              "writable" => true,
      ),
  ),
 );
--- a/11.0-rc/apache/config/autoconfig.php
+++ b/11.0-rc/apache/config/autoconfig.php
@ -0,0 +1,34 @@
 <?php
 $autoconfig_enabled = false;
 if (getenv('SQLITE_DATABASE')) {
    $AUTOCONFIG["dbtype"] = "sqlite";
    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
    $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
    $AUTOCONFIG["dbtype"] = "mysql";
    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
    $AUTOCONFIG["dbtype"] = "pgsql";
    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 }
 if ($autoconfig_enabled) {
    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/11.0-rc/apache/cron.sh
+++ b/11.0-rc/apache/cron.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 set -e
 exec busybox crond -f -l 0 -L /dev/stdout
--- a/11.0-rc/apache/entrypoint.sh
+++ b/11.0-rc/apache/entrypoint.sh
@ -0,0 +1,60 @@
 #!/bin/bash
 set -e
 # version_greater A B returns whether A > B
 function version_greater() {
 	[[ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" ]];
 }
 # return true if specified directory is empty
 function directory_empty() {
    [ -n "$(find "$1"/ -prune -empty)" ]
 }
 function run_as() {
  if [[ $EUID -eq 0 ]]; then
    su - www-data -s /bin/bash -c "$1"
  else
    bash -c "$1"
  fi
 }
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
    installed_version=$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')
 fi
 image_version=$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0~unknown" ]; then
        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
    fi
    if [[ $EUID -eq 0 ]]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0~unknown" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/11.0-rc/fpm-alpine/Dockerfile
+++ b/11.0-rc/fpm-alpine/Dockerfile
@ -0,0 +1,118 @@
 FROM php:7.1-fpm-alpine
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apk add --no-cache \
        bash \
        coreutils \
        rsync \
    ; \
    \
    rm /var/spool/cron/crontabs/root; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        alpine-sdk \
        autoconf \
        freetype-dev \
        icu-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
        libpng-dev \
        libmemcached-dev \
        libxml2-dev \
        openldap-dev \
        pcre-dev \
        postgresql-dev \
    ; \
    \
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
    docker-php-ext-configure ldap; \
    docker-php-ext-install \
        exif \
        gd \
        intl \
        ldap \
        mbstring \
        mcrypt \
        mysqli \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        pgsql \
        zip \
    ; \
    pecl install \
        APCu-5.1.11 \
        memcached-3.0.4 \
        redis-3.1.6 \
    ; \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
    ; \
    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
    apk del .build-deps
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.enable_cli=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 ENV NEXTCLOUD_VERSION 11.0.8RC1
 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
        bzip2 \
        gnupg \
    ; \
    \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    rm nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
    apk del .fetch-deps
 COPY *.sh /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
--- a/11.0-rc/fpm-alpine/config/apcu.config.php
+++ b/11.0-rc/fpm-alpine/config/apcu.config.php
--- a/11.0-rc/fpm-alpine/config/apps.config.php
+++ b/11.0-rc/fpm-alpine/config/apps.config.php
@ -0,0 +1,15 @@
 <?php
 $CONFIG = array (
  "apps_paths" => array (
      0 => array (
              "path"     => OC::$SERVERROOT."/apps",
              "url"      => "/apps",
              "writable" => false,
      ),
      1 => array (
              "path"     => OC::$SERVERROOT."/custom_apps",
              "url"      => "/custom_apps",
              "writable" => true,
      ),
  ),
 );
--- a/11.0-rc/fpm-alpine/config/autoconfig.php
+++ b/11.0-rc/fpm-alpine/config/autoconfig.php
@ -0,0 +1,34 @@
 <?php
 $autoconfig_enabled = false;
 if (getenv('SQLITE_DATABASE')) {
    $AUTOCONFIG["dbtype"] = "sqlite";
    $AUTOCONFIG["dbname"] = getenv('SQLITE_DATABASE');
    $autoconfig_enabled = true;
 } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
    $AUTOCONFIG["dbtype"] = "mysql";
    $AUTOCONFIG["dbname"] = getenv('MYSQL_DATABASE');
    $AUTOCONFIG["dbuser"] = getenv('MYSQL_USER');
    $AUTOCONFIG["dbpass"] = getenv('MYSQL_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('MYSQL_HOST');
    $autoconfig_enabled = true;
 } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
    $AUTOCONFIG["dbtype"] = "pgsql";
    $AUTOCONFIG["dbname"] = getenv('POSTGRES_DB');
    $AUTOCONFIG["dbuser"] = getenv('POSTGRES_USER');
    $AUTOCONFIG["dbpass"] = getenv('POSTGRES_PASSWORD');
    $AUTOCONFIG["dbhost"] = getenv('POSTGRES_HOST');
    $autoconfig_enabled = true;
 }
 if ($autoconfig_enabled) {
    $AUTOCONFIG["dbtableprefix"] = getenv('NEXTCLOUD_TABLE_PREFIX') ?: "";
    $AUTOCONFIG["directory"] = getenv('NEXTCLOUD_DATA_DIR') ?: "/var/www/html/data";
    if (getenv('NEXTCLOUD_ADMIN_USER') && getenv('NEXTCLOUD_ADMIN_PASSWORD')) {
        $AUTOCONFIG["adminlogin"] = getenv('NEXTCLOUD_ADMIN_USER');
        $AUTOCONFIG["adminpass"] = getenv('NEXTCLOUD_ADMIN_PASSWORD');
    }
 }
--- a/11.0-rc/fpm-alpine/cron.sh
+++ b/11.0-rc/fpm-alpine/cron.sh
@ -0,0 +1,4 @@
 #!/bin/bash
 set -e
 exec busybox crond -f -l 0 -L /dev/stdout
--- a/11.0-rc/fpm-alpine/entrypoint.sh
+++ b/11.0-rc/fpm-alpine/entrypoint.sh
@ -0,0 +1,60 @@
 #!/bin/bash
 set -e
 # version_greater A B returns whether A > B
 function version_greater() {
 	[[ "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" ]];
 }
 # return true if specified directory is empty
 function directory_empty() {
    [ -n "$(find "$1"/ -prune -empty)" ]
 }
 function run_as() {
  if [[ $EUID -eq 0 ]]; then
    su - www-data -s /bin/bash -c "$1"
  else
    bash -c "$1"
  fi
 }
 installed_version="0.0.0~unknown"
 if [ -f /var/www/html/version.php ]; then
    installed_version=$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')
 fi
 image_version=$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')
 if version_greater "$installed_version" "$image_version"; then
    echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
    exit 1
 fi
 if version_greater "$image_version" "$installed_version"; then
    if [ "$installed_version" != "0.0.0~unknown" ]; then
        run_as 'php /var/www/html/occ app:list' > /tmp/list_before
    fi
    if [[ $EUID -eq 0 ]]; then
      rsync_options="-rlDog --chown www-data:root"
    else
      rsync_options="-rlD"
    fi
    rsync $rsync_options --delete --exclude /config/ --exclude /data/ --exclude /custom_apps/ --exclude /themes/ /usr/src/nextcloud/ /var/www/html/
    for dir in config data custom_apps themes; do
        if [ ! -d /var/www/html/"$dir" ] || directory_empty /var/www/html/"$dir"; then
            rsync $rsync_options --include /"$dir"/ --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        fi
    done
    if [ "$installed_version" != "0.0.0~unknown" ]; then
        run_as 'php /var/www/html/occ upgrade --no-app-disable'
        run_as 'php /var/www/html/occ app:list' > /tmp/list_after
        echo "The following apps have beed disabled:"
        diff <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_before) <(sed -n "/Enabled:/,/Disabled:/p" /tmp/list_after) | grep '<' | cut -d- -f2 | cut -d: -f1
        rm -f /tmp/list_before /tmp/list_after
    fi
 fi
 exec "$@"
--- a/11.0-rc/fpm/Dockerfile
+++ b/11.0-rc/fpm/Dockerfile
@ -0,0 +1,121 @@
 FROM php:7.1-fpm
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        rsync \
        bzip2 \
        busybox-static \
    ; \
    rm -rf /var/lib/apt/lists/*; \
    \
    mkdir -p /var/spool/cron/crontabs; \
    echo '*/15 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/12/admin_manual/installation/source_installation.html
 RUN set -ex; \
    \
    savedAptMark="$(apt-mark showmanual)"; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
        libcurl4-openssl-dev \
        libfreetype6-dev \
        libicu-dev \
        libjpeg-dev \
        libldap2-dev \
        libmcrypt-dev \
        libmemcached-dev \
        libpng12-dev \
        libpq-dev \
        libxml2-dev \
    ; \
    \
    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
    docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
    docker-php-ext-install \
        exif \
        gd \
        intl \
        ldap \
        mbstring \
        mcrypt \
        mysqli \
        opcache \
        pcntl \
        pdo_mysql \
        pdo_pgsql \
        pgsql \
        zip \
    ; \
    pecl install \
        APCu-5.1.11 \
        memcached-3.0.4 \
        redis-3.1.6 \
    ; \
    docker-php-ext-enable \
        apcu \
        memcached \
        redis \
    ; \
    \
 # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
    apt-mark auto '.*' > /dev/null; \
    apt-mark manual $savedAptMark; \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
        | awk '/=>/ { print $3 }' \
        | sort -u \
        | xargs -r dpkg-query -S \
        | cut -d: -f1 \
        | sort -u \
        | xargs -rt apt-mark manual; \
    \
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
    rm -rf /var/lib/apt/lists/*
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/12/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
 RUN { \
        echo 'opcache.enable=1'; \
        echo 'opcache.enable_cli=1'; \
        echo 'opcache.interned_strings_buffer=8'; \
        echo 'opcache.max_accelerated_files=10000'; \
        echo 'opcache.memory_consumption=128'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=1'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    chown -R www-data:root /var/www; \
    chmod -R g=u /var/www
 VOLUME /var/www/html
 ENV NEXTCLOUD_VERSION 11.0.8RC1
 RUN set -ex; \
    curl -fsSL -o nextcloud.tar.bz2 \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2"; \
    curl -fsSL -o nextcloud.tar.bz2.asc \
        "https://download.nextcloud.com/server/prereleases/nextcloud-${NEXTCLOUD_VERSION}.tar.bz2.asc"; \
    export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
    gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
    gpg --batch --verify nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
    rm -r "$GNUPGHOME" nextcloud.tar.bz2.asc; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    rm nextcloud.tar.bz2; \
    rm -rf /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ
 COPY *.sh /
 COPY config/* /usr/src/nextcloud/config/
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["php-fpm"]
--- a/Show More
+++ b/Show More
		`@ -0,0 +1,3 @@`
							`FROM nextcloud:apache`

							`COPY redis.config.php /usr/src/nextcloud/config/redis.config.php`
		`@ -0,0 +1,3 @@`
							`FROM nextcloud:fpm`

							`COPY redis.config.php /usr/src/nextcloud/config/redis.config.php`
		`@ -0,0 +1,3 @@`
							`FROM nginx`

							`COPY nginx.conf /etc/nginx/nginx.conf`
		`@ -0,0 +1,3 @@`
							`FROM jwilder/nginx-proxy:alpine`

							`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`
`@ -1,3 +1,3 @@`
	`FROM nginxproxy/nginx-proxy:1.7-alpine`	`FROM jwilder/nginx-proxy:alpine`

	`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`	`COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf`
`@ -1,2 +1 @@`
	`client_max_body_size 10G;`	`client_max_body_size 10G;`
	`proxy_request_buffering off;`
		`@ -1,3 +0,0 @@`
			`FROM nextcloud:fpm-alpine`

			`RUN apk add --no-cache procps samba-client`