fix(entrypoint): set non-bogus $HOME when using su

Signed-off-by: Josh <josh.t.richards@gmail.com>

.config/redis.config.php

@@ -14,8 +14,4 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
-
-  if (getenv('REDIS_HOST_USER') !== false) {
-    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
-  }
 }

.config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions

.examples/docker-compose/insecure/mariadb/apache/compose.yaml

@@ -1,10 +1,7 @@
 services:
-  # Note: MariaDB is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/mariadb
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:10.11
-    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -15,8 +12,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -28,7 +23,6 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - MYSQL_HOST=db
       - REDIS_HOST=redis
@@ -43,7 +37,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db

.examples/docker-compose/insecure/mariadb/fpm/compose.yaml

@@ -1,10 +1,7 @@
 services:
-  # Note: MariaDB is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/mariadb
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:10.11
-    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -15,8 +12,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -26,7 +21,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - MYSQL_HOST=db
       - REDIS_HOST=redis
@@ -36,17 +30,12 @@ services:
       - db
       - redis
 
-  # Note: Nginx is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/nginx/
   web:
-    image: nginx:alpine-slim
+    build: ./web
     restart: always
     ports:
       - 127.0.0.1:8080:80
     volumes:
-      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
-      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     depends_on:
       - app
@@ -56,7 +45,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db

.examples/docker-compose/insecure/mariadb/fpm/web/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/insecure/mariadb/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -38,10 +39,8 @@ http {
 
     #gzip  on;
 
-    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        zone backends 64k;
+        server app:9000;
-        server app:9000 resolve;
     }
 
     server {
@@ -184,7 +183,7 @@ http {
             }
         }
 
-        location ~ \.(otf|woff2?)$ {
+        location ~ \.woff2?$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/insecure/postgres/apache/compose.yaml

@@ -1,8 +1,5 @@
 services:
-  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/postgres
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -10,8 +7,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -23,7 +18,6 @@ services:
       - 127.0.0.1:8080:80
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - POSTGRES_HOST=db
       - REDIS_HOST=redis
@@ -38,7 +32,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
@@ -46,4 +39,4 @@ services:
 
 volumes:
   db:
-  nextcloud:
+  nextcloud:

.examples/docker-compose/insecure/postgres/fpm/compose.yaml

@@ -1,8 +1,5 @@
 services:
-  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/postgres
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -10,8 +7,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -21,7 +16,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - POSTGRES_HOST=db
       - REDIS_HOST=redis
@@ -31,17 +25,12 @@ services:
       - db
       - redis
 
-  # Note: Nginx is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/nginx/
   web:
-    image: nginx:alpine-slim
+    build: ./web
     restart: always
     ports:
       - 127.0.0.1:8080:80
     volumes:
-      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
-      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     depends_on:
       - app
@@ -51,7 +40,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db

.examples/docker-compose/insecure/postgres/fpm/web/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/insecure/postgres/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -38,10 +39,8 @@ http {
 
     #gzip  on;
 
-    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        zone backends 64k;
+        server app:9000;
-        server app:9000 resolve;
     }
 
     server {
@@ -184,7 +183,7 @@ http {
             }
         }
 
-        location ~ \.(otf|woff2?)$ {
+        location ~ \.woff2?$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/with-nginx-proxy/mariadb/apache/compose.yaml

@@ -1,10 +1,7 @@
 services:
-  # Note: MariaDB is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/mariadb
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:10.11
-    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -15,8 +12,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -26,7 +21,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - VIRTUAL_HOST=
       - LETSENCRYPT_HOST=
@@ -38,6 +32,9 @@ services:
     depends_on:
       - db
       - redis
+      # Added proxy container dependency below. 
+      # It is unclear on when or why it happens, but sometimes NC manages to start before the proxy 
+      #  and it breaks for whatever weird reason resulting in the need of manual proxy container restart.
       - proxy
     networks:
       - proxy-tier
@@ -48,15 +45,11 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
-  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
-  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
-  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -74,8 +67,6 @@ services:
     networks:
       - proxy-tier
 
-  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -92,7 +83,7 @@ services:
     depends_on:
       - proxy
 
-# self signed,outdated
+# self signed
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/mariadb/apache/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM nginxproxy/nginx-proxy:alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/compose.yaml

@@ -1,10 +1,7 @@
 services:
-  # Note: MariaDB is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/mariadb
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
+    image: mariadb:10.11
-    image: mariadb:lts
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
-    command: --transaction-isolation=READ-COMMITTED
     restart: always
     volumes:
       - db:/var/lib/mysql:Z
@@ -15,8 +12,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -26,7 +21,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - MYSQL_HOST=db
       - REDIS_HOST=redis
@@ -37,15 +31,10 @@ services:
       - redis
       - proxy
 
-  # Note: Nginx is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/nginx/
   web:
-    image: nginx:alpine-slim
+    build: ./web
     restart: always
     volumes:
-      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro  
-      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     environment:
       - VIRTUAL_HOST=
@@ -62,15 +51,11 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
-  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
-  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
-  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -87,8 +72,6 @@ services:
     networks:
       - proxy-tier
 
-  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -105,7 +88,7 @@ services:
     depends_on:
       - proxy
 
-# self signed, outdated. 
+# self signed
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM nginxproxy/nginx-proxy:alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/with-nginx-proxy/mariadb/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -38,10 +39,8 @@ http {
 
     #gzip  on;
 
-    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        zone backends 64k;
+        server app:9000;
-        server app:9000 resolve;
     }
 
     server {
@@ -184,7 +183,7 @@ http {
             }
         }
 
-        location ~ \.(otf|woff2?)$ {
+        location ~ \.woff2?$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.examples/docker-compose/with-nginx-proxy/postgres/apache/compose.yaml

@@ -1,8 +1,5 @@
 services:
-  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/postgres
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -10,8 +7,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -21,7 +16,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - VIRTUAL_HOST=
       - LETSENCRYPT_HOST=
@@ -43,15 +37,11 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
-  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
-  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
-  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -68,8 +58,6 @@ services:
     networks:
       - proxy-tier
 
-  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -84,7 +72,7 @@ services:
     depends_on:
       - proxy
 
-# self signed, outdated
+# self signed
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/postgres/apache/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM nginxproxy/nginx-proxy:alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/compose.yaml

@@ -1,8 +1,7 @@
+version: '3'
+
 services:
-  # Note: PostgreSQL is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/postgres
   db:
-    # Note: Check the recommend version here: https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html#server
     image: postgres:alpine
     restart: always
     volumes:
@@ -10,8 +9,6 @@ services:
     env_file:
       - db.env
 
-  # Note: Redis is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/redis
   redis:
     image: redis:alpine
     restart: always
@@ -21,7 +18,6 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     environment:
       - POSTGRES_HOST=db
       - REDIS_HOST=redis
@@ -32,15 +28,10 @@ services:
       - redis
       - proxy
 
-  # Note: Nginx is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/_/nginx/
   web:
-    image: nginx:alpine-slim
+    build: ./web
     restart: always
     volumes:
-      # https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
-      - ./web/nginx.conf:/etc/nginx/nginx.conf:ro
-      # NOTE: The `volumes` included below should match those of the `app` container (unless you know what you're doing)
       - nextcloud:/var/www/html:z,ro
     environment:
       - VIRTUAL_HOST=
@@ -57,15 +48,11 @@ services:
     restart: always
     volumes:
       - nextcloud:/var/www/html:z
-      # NOTE: The `volumes` config of the `cron` and `app` containers must match
     entrypoint: /cron.sh
     depends_on:
       - db
       - redis
 
-  # Note: Nginx-proxy is an external service. You can find more information about the configuration here:
-  # Warning: Do not use :latest tags of nginx-proxy unless absolutely sure about the consequences.
-  # https://hub.docker.com/r/nginxproxy/nginx-proxy
   proxy:
     build: ./proxy
     restart: always
@@ -82,8 +69,6 @@ services:
     networks:
       - proxy-tier
 
-  # Note: Letsencrypt companion is an external service. You can find more information about the configuration here:
-  # https://hub.docker.com/r/nginxproxy/acme-companion
   letsencrypt-companion:
     image: nginxproxy/acme-companion
     restart: always
@@ -100,7 +85,7 @@ services:
     depends_on:
       - proxy
 
-# self signed, outdated
+# self signed
 #  omgwtfssl:
 #    image: paulczar/omgwtfssl
 #    restart: "no"

.examples/docker-compose/with-nginx-proxy/postgres/fpm/proxy/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginxproxy/nginx-proxy:1.7-alpine
+FROM nginxproxy/nginx-proxy:alpine
 
 COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/Dockerfile

@@ -0,0 +1,3 @@
+FROM nginx:alpine
+
+COPY nginx.conf /etc/nginx/nginx.conf

.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf

@@ -14,6 +14,7 @@ http {
     default_type  application/octet-stream;
     types {
         text/javascript mjs;
+        application/wasm wasm;
     }
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -38,10 +39,8 @@ http {
 
     #gzip  on;
 
-    resolver 127.0.0.11 valid=2s;
     upstream php-handler {
-        zone backends 64k;
+        server app:9000;
-        server app:9000 resolve;
     }
 
     server {
@@ -184,7 +183,7 @@ http {
             }
         }
 
-        location ~ \.(otf|woff2?)$ {
+        location ~ \.woff2?$ {
             try_files $uri /index.php$request_uri;
             expires 7d;         # Cache-Control policy borrowed from `.htaccess`
             access_log off;     # Optional: Don't log access to assets

.github/ISSUE_TEMPLATE/02-Image_enhancement

@@ -1,15 +0,0 @@
----
-name: 🚀 Suggest an enhancement
-about: Suggest an idea for improving the image
-labels: "enhancement, 0. Needs triage"
----
-
-<!--
-Thanks for suggesting an idea to improve the Nextcloud Docker image!
-
-This image is maintained by volunteers so if you're able to assist with implementing your idea, please mention that (and consider submitting a PR as well).
-
-Note: This is the issue tracker of the official Nextcloud **Docker image**, please do NOT use this to suggestion enhancements in Nextcloud Server itself. 
-
-To learn more about official images, see https://github.com/docker-library/faq
--->

.github/ISSUE_TEMPLATE/Image_issue.md

@@ -1,7 +1,6 @@
 ---
-name: 🐛 Report a bug in the image
+name: 🐛 Image issue
-about: Create a report to help us improve the image
+about: Issues related to the Nextcloud Docker image
-labels: "bug, 0. Needs triage"
 ---
 
 <!--

.github/ISSUE_TEMPLATE/config.yml

@@ -1,22 +1,10 @@
 contact_links:
-    - name: ❓ Ask a question
+    - name: 🐛 Nextcloud issue
-      url: https://help.nextcloud.com/
+      url: https://github.com/nextcloud/server/issues/new/choose
-      about: Ask a question, get assistance or start a discussion regarding Nextcloud and/or this image
+      about: Bug reports and feature requests for Nextcloud
-    - name: Documentation - Nextcloud Server
+    - name: 🐳 Docker Support and Help
-      url: https://docs.nextcloud.com/
-      about: Official documentation for Nextcloud Server
-    - name: Documentation - Nextcloud Docker Image
-      url: https://github.com/nextcloud/docker/blob/master/README.md
-      about: Official documentation for this image
-    - name: 🐳 Documentation - Docker
-      url: https://docs.docker.com/
-      about: Official documentation for Docker (installing, configuring, troubleshooting)  
-    - name: 🐳 Docker Forum
       url: https://forums.docker.com/
-      about: Ask a question, get assistance or start a discussion regarding Docker
+      about: Configuration, installation, networking and other questions
-    - name: 🐛 Bug Report - Nextcloud Server
+    - name: ❓ Nextcloud Support and Help
-      url: https://github.com/nextcloud/server/issues/new/choose
+      url: https://help.nextcloud.com/
-      about: Report a bug in Nextcloud Server
+      about: Configuration, webserver/proxy or performance issues and other questions
-    - name: Enhancement Idea - Nextcloud Server
-      url: https://github.com/nextcloud/server/issues/new/choose
-      about: Suggest an enhancement idea for Nextcloud Server

.github/workflows/update-sh.yml

@@ -5,7 +5,7 @@ on:
     branches:
     - master
   schedule:
-  - cron:  '15 18 * * *'
+  - cron:  '15 0 * * *'
   workflow_dispatch:
 
 jobs:

28/apache/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.3-apache-trixie
+FROM php:8.2-apache-bookworm
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -9,10 +9,10 @@ RUN set -ex; \
         busybox-static \
         bzip2 \
         libldap-common \
-        libmagickcore-7.q16-10-extra \
+        libmagickcore-6.q16-6-extra \
         rsync \
     ; \
-    apt-get dist-clean; \
+    rm -rf /var/lib/apt/lists/*; \
     \
     mkdir -p /var/spool/cron/crontabs; \
     echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@@ -21,7 +21,6 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -35,8 +34,8 @@ RUN set -ex; \
         libicu-dev \
         libjpeg-dev \
         libldap2-dev \
-        liblz4-dev \
         libmagickwand-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libpq-dev \
@@ -57,6 +56,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -65,17 +65,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -88,14 +84,13 @@ RUN set -ex; \
     ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
         | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
         | sort -u \
-        | xargs -rt dpkg-query --search \
+        | xargs -r dpkg-query --search \
-# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
+        | cut -d: -f1 \
-        | awk 'sub(":$", "", $1) { print $1 }' \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@@ -103,20 +98,15 @@ RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -150,7 +140,7 @@ RUN { \
     } > /etc/apache2/conf-available/apache-limits.conf; \
     a2enconf apache-limits
 
-ENV NEXTCLOUD_VERSION 32.0.3
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     fetchDeps=" \
@@ -160,8 +150,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@@ -175,7 +165,7 @@ RUN set -ex; \
     chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/

28/apache/config/redis.config.php

@@ -14,8 +14,4 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
-
-  if (getenv('REDIS_HOST_USER') !== false) {
-    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
-  }
 }

28/apache/config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions

28/apache/entrypoint.sh

@@ -23,39 +23,32 @@ run_as() {
 run_path() {
     local hook_folder_path="/docker-entrypoint-hooks.d/$1"
     local return_code=0
-    local found=0
 
-    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
+    if ! [ -d "${hook_folder_path}" ]; then
-
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
-        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
         return 0
     fi
 
-    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-        while read -r script_file_path; do
+
+    (
+        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
             if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                found=$((found-1))
                 continue
             fi
 
             echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-            found=$((found+1))
+
             run_as "${script_file_path}" || return_code="$?"
 
             if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                 exit 1
             fi
 
-            echo "==> Finished executing the script: \"${script_file_path}\""
+            echo "==> Finished the script: \"${script_file_path}\""
         done
-        if [ "$found" -lt "1" ]; then
-            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
-        else
-            echo "=> Completed executing scripts in the \"$1\" folder"
-        fi
     )
 }
 
@@ -121,21 +114,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
               else
                 echo "session.save_path = \"unix://${REDIS_HOST}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
             else
                 echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
             fi
@@ -252,14 +237,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         fi
                         if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                             echo "Setting trusted domains…"
-			    set -f # turn off glob
                             NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
+                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                 NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                             done
-			    set +f # turn glob back on
                         fi
 
                         run_path post-installation

28/fpm-alpine/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.3-fpm-alpine3.23
+FROM php:8.2-fpm-alpine3.20
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -32,6 +32,7 @@ RUN set -ex; \
         imagemagick-dev \
         libevent-dev \
         libjpeg-turbo-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libwebp-dev \
@@ -53,6 +54,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -61,17 +63,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -91,25 +89,19 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -128,7 +120,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 32.0.3
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -136,8 +128,8 @@ RUN set -ex; \
         gnupg \
     ; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

28/fpm-alpine/config/redis.config.php

@@ -14,8 +14,4 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
-
-  if (getenv('REDIS_HOST_USER') !== false) {
-    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
-  }
 }

28/fpm-alpine/config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions

28/fpm-alpine/entrypoint.sh

@@ -23,39 +23,32 @@ run_as() {
 run_path() {
     local hook_folder_path="/docker-entrypoint-hooks.d/$1"
     local return_code=0
-    local found=0
 
-    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
+    if ! [ -d "${hook_folder_path}" ]; then
-
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
-        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
         return 0
     fi
 
-    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-        while read -r script_file_path; do
+
+    (
+        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
             if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                found=$((found-1))
                 continue
             fi
 
             echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-            found=$((found+1))
+
             run_as "${script_file_path}" || return_code="$?"
 
             if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                 exit 1
             fi
 
-            echo "==> Finished executing the script: \"${script_file_path}\""
+            echo "==> Finished the script: \"${script_file_path}\""
         done
-        if [ "$found" -lt "1" ]; then
-            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
-        else
-            echo "=> Completed executing scripts in the \"$1\" folder"
-        fi
     )
 }
 
@@ -121,21 +114,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
               else
                 echo "session.save_path = \"unix://${REDIS_HOST}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
             else
                 echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
             fi
@@ -252,14 +237,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         fi
                         if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                             echo "Setting trusted domains…"
-			    set -f # turn off glob
                             NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
+                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                 NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                             done
-			    set +f # turn glob back on
                         fi
 
                         run_path post-installation

28/fpm/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.3-fpm-trixie
+FROM php:8.2-fpm-bookworm
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -9,10 +9,10 @@ RUN set -ex; \
         busybox-static \
         bzip2 \
         libldap-common \
-        libmagickcore-7.q16-10-extra \
+        libmagickcore-6.q16-6-extra \
         rsync \
     ; \
-    apt-get dist-clean; \
+    rm -rf /var/lib/apt/lists/*; \
     \
     mkdir -p /var/spool/cron/crontabs; \
     echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@@ -21,7 +21,6 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -35,8 +34,8 @@ RUN set -ex; \
         libicu-dev \
         libjpeg-dev \
         libldap2-dev \
-        liblz4-dev \
         libmagickwand-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libpq-dev \
@@ -57,6 +56,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -65,17 +65,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -88,14 +84,13 @@ RUN set -ex; \
     ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
         | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
         | sort -u \
-        | xargs -rt dpkg-query --search \
+        | xargs -r dpkg-query --search \
-# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
+        | cut -d: -f1 \
-        | awk 'sub(":$", "", $1) { print $1 }' \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@@ -103,20 +98,15 @@ RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -135,7 +125,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 32.0.3
+ENV NEXTCLOUD_VERSION 28.0.11
 
 RUN set -ex; \
     fetchDeps=" \
@@ -145,8 +135,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v32.0.3/nextcloud-32.0.3.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@@ -160,7 +150,7 @@ RUN set -ex; \
     chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/

28/fpm/config/redis.config.php

@@ -14,8 +14,4 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
-
-  if (getenv('REDIS_HOST_USER') !== false) {
-    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
-  }
 }

28/fpm/config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions

28/fpm/entrypoint.sh

@@ -23,39 +23,32 @@ run_as() {
 run_path() {
     local hook_folder_path="/docker-entrypoint-hooks.d/$1"
     local return_code=0
-    local found=0
 
-    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
+    if ! [ -d "${hook_folder_path}" ]; then
-
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
-        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
         return 0
     fi
 
-    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-        while read -r script_file_path; do
+
+    (
+        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
             if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                found=$((found-1))
                 continue
             fi
 
             echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-            found=$((found+1))
+
             run_as "${script_file_path}" || return_code="$?"
 
             if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                 exit 1
             fi
 
-            echo "==> Finished executing the script: \"${script_file_path}\""
+            echo "==> Finished the script: \"${script_file_path}\""
         done
-        if [ "$found" -lt "1" ]; then
-            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
-        else
-            echo "=> Completed executing scripts in the \"$1\" folder"
-        fi
     )
 }
 
@@ -121,21 +114,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
               else
                 echo "session.save_path = \"unix://${REDIS_HOST}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
             else
                 echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
             fi
@@ -252,14 +237,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         fi
                         if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                             echo "Setting trusted domains…"
-			    set -f # turn off glob
                             NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
+                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                 NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                             done
-			    set +f # turn glob back on
                         fi
 
                         run_path post-installation

29/apache/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.3-apache-trixie
+FROM php:8.2-apache-bookworm
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -9,10 +9,10 @@ RUN set -ex; \
         busybox-static \
         bzip2 \
         libldap-common \
-        libmagickcore-7.q16-10-extra \
+        libmagickcore-6.q16-6-extra \
         rsync \
     ; \
-    apt-get dist-clean; \
+    rm -rf /var/lib/apt/lists/*; \
     \
     mkdir -p /var/spool/cron/crontabs; \
     echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@@ -21,7 +21,6 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -35,8 +34,8 @@ RUN set -ex; \
         libicu-dev \
         libjpeg-dev \
         libldap2-dev \
-        liblz4-dev \
         libmagickwand-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libpq-dev \
@@ -57,6 +56,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -65,17 +65,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -88,14 +84,13 @@ RUN set -ex; \
     ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
         | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
         | sort -u \
-        | xargs -rt dpkg-query --search \
+        | xargs -r dpkg-query --search \
-# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
+        | cut -d: -f1 \
-        | awk 'sub(":$", "", $1) { print $1 }' \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@@ -103,20 +98,15 @@ RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -150,7 +140,7 @@ RUN { \
     } > /etc/apache2/conf-available/apache-limits.conf; \
     a2enconf apache-limits
 
-ENV NEXTCLOUD_VERSION 31.0.12
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     fetchDeps=" \
@@ -160,8 +150,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@@ -175,7 +165,7 @@ RUN set -ex; \
     chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/

29/apache/config/redis.config.php

@@ -14,8 +14,4 @@ if (getenv('REDIS_HOST')) {
   } elseif (getenv('REDIS_HOST')[0] != '/') {
     $CONFIG['redis']['port'] = 6379;
   }
-
-  if (getenv('REDIS_HOST_USER') !== false) {
-    $CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
-  }
 }

29/apache/config/s3.config.php

@@ -14,8 +14,8 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
         'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
         'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
         'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
-        'autocreate' => strtolower($autocreate) !== 'false',
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
-        'use_ssl' => strtolower($use_ssl) !== 'false',
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
         // required for some non Amazon S3 implementations
         'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
         // required for older protocol versions

29/apache/entrypoint.sh

@@ -23,39 +23,32 @@ run_as() {
 run_path() {
     local hook_folder_path="/docker-entrypoint-hooks.d/$1"
     local return_code=0
-    local found=0
 
-    echo "=> Searching for hook scripts (*.sh) to run, located in the folder \"${hook_folder_path}\""
+    if ! [ -d "${hook_folder_path}" ]; then
-
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
-    if ! [ -d "${hook_folder_path}" ] || directory_empty "${hook_folder_path}"; then
-        echo "==> Skipped: the \"$1\" folder is empty (or does not exist)"
         return 0
     fi
 
-    find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | (
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
-        while read -r script_file_path; do
+
+    (
+        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
             if ! [ -x "${script_file_path}" ]; then
-                echo "==> The script \"${script_file_path}\" was skipped, because it lacks the executable flag"
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
-                found=$((found-1))
                 continue
             fi
 
             echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
-            found=$((found+1))
+
             run_as "${script_file_path}" || return_code="$?"
 
             if [ "${return_code}" -ne "0" ]; then
-                echo "==> Failed at executing script \"${script_file_path}\". Exit code: ${return_code}"
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
                 exit 1
             fi
 
-            echo "==> Finished executing the script: \"${script_file_path}\""
+            echo "==> Finished the script: \"${script_file_path}\""
         done
-        if [ "$found" -lt "1" ]; then
-            echo "==> Skipped: the \"$1\" folder does not contain any valid scripts"
-        else
-            echo "=> Completed executing scripts in the \"$1\" folder"
-        fi
     )
 }
 
@@ -121,21 +114,13 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
             # check if redis host is an unix socket path
             if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
               if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                  echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
               else
                 echo "session.save_path = \"unix://${REDIS_HOST}\""
               fi
             # check if redis password has been set
             elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
-                if [ -n "${REDIS_HOST_USER+x}" ]; then
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\""
-                else
-                    echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
-                fi
             else
                 echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
             fi
@@ -252,14 +237,12 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP
                         fi
                         if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
                             echo "Setting trusted domains…"
-			    set -f # turn off glob
                             NC_TRUSTED_DOMAIN_IDX=1
-                            for DOMAIN in ${NEXTCLOUD_TRUSTED_DOMAINS}; do
+                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
-                                DOMAIN=$(echo "${DOMAIN}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=\"${DOMAIN}\""
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
                                 NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
                             done
-			    set +f # turn glob back on
                         fi
 
                         run_path post-installation

29/fpm-alpine/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-alpine.template
-FROM php:8.3-fpm-alpine3.23
+FROM php:8.2-fpm-alpine3.20
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -32,6 +32,7 @@ RUN set -ex; \
         imagemagick-dev \
         libevent-dev \
         libjpeg-turbo-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libwebp-dev \
@@ -53,6 +54,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -61,17 +63,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -91,25 +89,19 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -128,7 +120,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 31.0.12
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -136,8 +128,8 @@ RUN set -ex; \
         gnupg \
     ; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com  --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \

29/fpm-alpine/config/redis.config.php

@@ -0,0 +1,17 @@
+<?php
+if (getenv('REDIS_HOST')) {
+  $CONFIG = array(
+    'memcache.distributed' => '\OC\Memcache\Redis',
+    'memcache.locking' => '\OC\Memcache\Redis',
+    'redis' => array(
+      'host' => getenv('REDIS_HOST'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
+    ),
+  );
+
+  if (getenv('REDIS_HOST_PORT') !== false) {
+    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
+  } elseif (getenv('REDIS_HOST')[0] != '/') {
+    $CONFIG['redis']['port'] = 6379;
+  }
+}

29/fpm-alpine/config/s3.config.php

@@ -0,0 +1,48 @@
+<?php
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => array(
+      'class' => '\OC\Files\ObjectStore\S3',
+      'arguments' => array(
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        // required for some non Amazon S3 implementations
+        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        // required for older protocol versions
+        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+      )
+    )
+  );
+
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
+    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
+    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
+  } else {
+    $CONFIG['objectstore']['arguments']['key'] = '';
+  }
+
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
+    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
+    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
+  } else {
+    $CONFIG['objectstore']['arguments']['secret'] = '';
+  }
+
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+  }
+}

29/fpm-alpine/entrypoint.sh

@@ -0,0 +1,293 @@
+#!/bin/sh
+set -eu
+
+# version_greater A B returns whether A > B
+version_greater() {
+    [ "$(printf '%s\n' "$@" | sort -t '.' -n -k1,1 -k2,2 -k3,3 -k4,4 | head -n 1)" != "$1" ]
+}
+
+# return true if specified directory is empty
+directory_empty() {
+    [ -z "$(ls -A "$1/")" ]
+}
+
+run_as() {
+    if [ "$(id -u)" = 0 ]; then
+        su -p "$user" -s /bin/sh -c "$1"
+    else
+        sh -c "$1"
+    fi
+}
+
+# Execute all executable files in a given directory in alphanumeric order
+run_path() {
+    local hook_folder_path="/docker-entrypoint-hooks.d/$1"
+    local return_code=0
+
+    if ! [ -d "${hook_folder_path}" ]; then
+        echo "=> Skipping the folder \"${hook_folder_path}\", because it doesn't exist"
+        return 0
+    fi
+
+    echo "=> Searching for scripts (*.sh) to run, located in the folder: ${hook_folder_path}"
+
+    (
+        find "${hook_folder_path}" -maxdepth 1 -iname '*.sh' '(' -type f -o -type l ')' -print | sort | while read -r script_file_path; do
+            if ! [ -x "${script_file_path}" ]; then
+                echo "==> The script \"${script_file_path}\" was skipped, because it didn't have the executable flag"
+                continue
+            fi
+
+            echo "==> Running the script (cwd: $(pwd)): \"${script_file_path}\""
+
+            run_as "${script_file_path}" || return_code="$?"
+
+            if [ "${return_code}" -ne "0" ]; then
+                echo "==> Failed at executing \"${script_file_path}\". Exit code: ${return_code}"
+                exit 1
+            fi
+
+            echo "==> Finished the script: \"${script_file_path}\""
+        done
+    )
+}
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+    local var="$1"
+    local fileVar="${var}_FILE"
+    local def="${2:-}"
+    local varValue=$(env | grep -E "^${var}=" | sed -E -e "s/^${var}=//")
+    local fileVarValue=$(env | grep -E "^${fileVar}=" | sed -E -e "s/^${fileVar}=//")
+    if [ -n "${varValue}" ] && [ -n "${fileVarValue}" ]; then
+        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+        exit 1
+    fi
+    if [ -n "${varValue}" ]; then
+        export "$var"="${varValue}"
+    elif [ -n "${fileVarValue}" ]; then
+        export "$var"="$(cat "${fileVarValue}")"
+    elif [ -n "${def}" ]; then
+        export "$var"="$def"
+    fi
+    unset "$fileVar"
+}
+
+if expr "$1" : "apache" 1>/dev/null; then
+    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
+        a2disconf remoteip
+    fi
+fi
+
+if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
+    uid="$(id -u)"
+    gid="$(id -g)"
+    if [ "$uid" = '0' ]; then
+        case "$1" in
+            apache2*)
+                user="${APACHE_RUN_USER:-www-data}"
+                group="${APACHE_RUN_GROUP:-www-data}"
+
+                # strip off any '#' symbol ('#1000' is valid syntax for Apache)
+                user="${user#'#'}"
+                group="${group#'#'}"
+                ;;
+            *) # php-fpm
+                user='www-data'
+                group='www-data'
+                ;;
+        esac
+    else
+        user="$uid"
+        group="$gid"
+    fi
+
+    if [ -n "${REDIS_HOST+x}" ]; then
+
+        echo "Configuring Redis as session handler"
+        {
+            file_env REDIS_HOST_PASSWORD
+            echo 'session.save_handler = redis'
+            # check if redis host is an unix socket path
+            if [ "$(echo "$REDIS_HOST" | cut -c1-1)" = "/" ]; then
+              if [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
+                echo "session.save_path = \"unix://${REDIS_HOST}?auth=${REDIS_HOST_PASSWORD}\""
+              else
+                echo "session.save_path = \"unix://${REDIS_HOST}\""
+              fi
+            # check if redis password has been set
+            elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\""
+            else
+                echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""
+            fi
+            echo "redis.session.locking_enabled = 1"
+            echo "redis.session.lock_retries = -1"
+            # redis.session.lock_wait_time is specified in microseconds.
+            # Wait 10ms before retrying the lock rather than the default 2ms.
+            echo "redis.session.lock_wait_time = 10000"
+        } > /usr/local/etc/php/conf.d/redis-session.ini
+    fi
+
+    # If another process is syncing the html folder, wait for
+    # it to be done, then escape initalization.
+    (
+        if ! flock -n 9; then
+            # If we couldn't get it immediately, show a message, then wait for real
+            echo "Another process is initializing Nextcloud. Waiting..."
+            flock 9
+        fi
+
+        installed_version="0.0.0.0"
+        if [ -f /var/www/html/version.php ]; then
+            # shellcheck disable=SC2016
+            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+        fi
+        # shellcheck disable=SC2016
+        image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
+
+        if version_greater "$installed_version" "$image_version"; then
+            echo "Can't start Nextcloud because the version of the data ($installed_version) is higher than the docker image version ($image_version) and downgrading is not supported. Are you sure you have pulled the newest image version?"
+            exit 1
+        fi
+
+        if version_greater "$image_version" "$installed_version"; then
+            echo "Initializing nextcloud $image_version ..."
+            if [ "$installed_version" != "0.0.0.0" ]; then
+                if [ "${image_version%%.*}" -gt "$((${installed_version%%.*} + 1))" ]; then
+                    echo "Can't start Nextcloud because upgrading from $installed_version to $image_version is not supported."
+                    echo "It is only possible to upgrade one major version at a time. For example, if you want to upgrade from version 14 to 16, you will have to upgrade from version 14 to 15, then from 15 to 16."
+                    exit 1
+                fi
+                echo "Upgrading nextcloud from $installed_version ..."
+                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            fi
+            if [ "$(id -u)" = 0 ]; then
+                rsync_options="-rlDog --chown $user:$group"
+            else
+                rsync_options="-rlD"
+            fi
+
+            rsync $rsync_options --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/
+            for dir in config data custom_apps themes; do
+                if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
+                    rsync $rsync_options --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+                fi
+            done
+            rsync $rsync_options --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+
+            # Install
+            if [ "$installed_version" = "0.0.0.0" ]; then
+                echo "New nextcloud instance"
+
+                file_env NEXTCLOUD_ADMIN_PASSWORD
+                file_env NEXTCLOUD_ADMIN_USER
+
+                install=false
+                if [ -n "${NEXTCLOUD_ADMIN_USER+x}" ] && [ -n "${NEXTCLOUD_ADMIN_PASSWORD+x}" ]; then
+                    # shellcheck disable=SC2016
+                    install_options='-n --admin-user "$NEXTCLOUD_ADMIN_USER" --admin-pass "$NEXTCLOUD_ADMIN_PASSWORD"'
+                    if [ -n "${NEXTCLOUD_DATA_DIR+x}" ]; then
+                        # shellcheck disable=SC2016
+                        install_options=$install_options' --data-dir "$NEXTCLOUD_DATA_DIR"'
+                    fi
+
+                    file_env MYSQL_DATABASE
+                    file_env MYSQL_PASSWORD
+                    file_env MYSQL_USER
+                    file_env POSTGRES_DB
+                    file_env POSTGRES_PASSWORD
+                    file_env POSTGRES_USER
+
+                    if [ -n "${SQLITE_DATABASE+x}" ]; then
+                        echo "Installing with SQLite database"
+                        # shellcheck disable=SC2016
+                        install_options=$install_options' --database-name "$SQLITE_DATABASE"'
+                        install=true
+                    elif [ -n "${MYSQL_DATABASE+x}" ] && [ -n "${MYSQL_USER+x}" ] && [ -n "${MYSQL_PASSWORD+x}" ] && [ -n "${MYSQL_HOST+x}" ]; then
+                        echo "Installing with MySQL database"
+                        # shellcheck disable=SC2016
+                        install_options=$install_options' --database mysql --database-name "$MYSQL_DATABASE" --database-user "$MYSQL_USER" --database-pass "$MYSQL_PASSWORD" --database-host "$MYSQL_HOST"'
+                        install=true
+                    elif [ -n "${POSTGRES_DB+x}" ] && [ -n "${POSTGRES_USER+x}" ] && [ -n "${POSTGRES_PASSWORD+x}" ] && [ -n "${POSTGRES_HOST+x}" ]; then
+                        echo "Installing with PostgreSQL database"
+                        # shellcheck disable=SC2016
+                        install_options=$install_options' --database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST"'
+                        install=true
+                    fi
+
+                    if [ "$install" = true ]; then
+                        run_path pre-installation
+
+                        echo "Starting nextcloud installation"
+                        max_retries=10
+                        try=0
+                        until  [ "$try" -gt "$max_retries" ] || run_as "php /var/www/html/occ maintenance:install $install_options" 
+                        do
+                            echo "Retrying install..."
+                            try=$((try+1))
+                            sleep 10s
+                        done
+                        if [ "$try" -gt "$max_retries" ]; then
+                            echo "Installing of nextcloud failed!"
+                            exit 1
+                        fi
+                        if [ -n "${NEXTCLOUD_TRUSTED_DOMAINS+x}" ]; then
+                            echo "Setting trusted domains…"
+                            NC_TRUSTED_DOMAIN_IDX=1
+                            for DOMAIN in $NEXTCLOUD_TRUSTED_DOMAINS ; do
+                                DOMAIN=$(echo "$DOMAIN" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
+                                run_as "php /var/www/html/occ config:system:set trusted_domains $NC_TRUSTED_DOMAIN_IDX --value=$DOMAIN"
+                                NC_TRUSTED_DOMAIN_IDX=$((NC_TRUSTED_DOMAIN_IDX+1))
+                            done
+                        fi
+
+                        run_path post-installation
+		    fi
+                fi
+		# not enough specified to do a fully automated installation 
+                if [ "$install" = false ]; then 
+                    echo "Next step: Access your instance to finish the web-based installation!"
+                    echo "Hint: You can specify NEXTCLOUD_ADMIN_USER and NEXTCLOUD_ADMIN_PASSWORD and the database variables _prior to first launch_ to fully automate initial installation."
+                fi
+            # Upgrade
+            else
+                run_path pre-upgrade
+
+                run_as 'php /var/www/html/occ upgrade'
+
+                run_as 'php /var/www/html/occ app:list' | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
+                echo "The following apps have been disabled:"
+                diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
+                rm -f /tmp/list_before /tmp/list_after
+
+                run_path post-upgrade
+            fi
+
+            echo "Initializing finished"
+        fi
+
+        # Update htaccess after init if requested
+        if [ -n "${NEXTCLOUD_INIT_HTACCESS+x}" ] && [ "$installed_version" != "0.0.0.0" ]; then
+            run_as 'php /var/www/html/occ maintenance:update:htaccess'
+        fi
+    ) 9> /var/www/html/nextcloud-init-sync.lock
+
+    # warn if config files on persistent storage differ from the latest version of this image
+    for cfgPath in /usr/src/nextcloud/config/*.php; do
+        cfgFile=$(basename "$cfgPath")
+
+        if [ "$cfgFile" != "config.sample.php" ] && [ "$cfgFile" != "autoconfig.php" ]; then
+            if ! cmp -s "/usr/src/nextcloud/config/$cfgFile" "/var/www/html/config/$cfgFile"; then
+                echo "Warning: /var/www/html/config/$cfgFile differs from the latest version of this image at /usr/src/nextcloud/config/$cfgFile"
+            fi
+        fi
+    done
+
+    run_path before-starting
+fi
+
+exec "$@"

29/fpm/Dockerfile

@@ -1,5 +1,5 @@
 # DO NOT EDIT: created by update.sh from Dockerfile-debian.template
-FROM php:8.3-fpm-trixie
+FROM php:8.2-fpm-bookworm
 
 # entrypoint.sh and cron.sh dependencies
 RUN set -ex; \
@@ -9,10 +9,10 @@ RUN set -ex; \
         busybox-static \
         bzip2 \
         libldap-common \
-        libmagickcore-7.q16-10-extra \
+        libmagickcore-6.q16-6-extra \
         rsync \
     ; \
-    apt-get dist-clean; \
+    rm -rf /var/lib/apt/lists/*; \
     \
     mkdir -p /var/spool/cron/crontabs; \
     echo '*/5 * * * * php -f /var/www/html/cron.php' > /var/spool/cron/crontabs/www-data
@@ -21,7 +21,6 @@ RUN set -ex; \
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 512M
-ENV PHP_OPCACHE_MEMORY_CONSUMPTION 128
 RUN set -ex; \
     \
     savedAptMark="$(apt-mark showmanual)"; \
@@ -35,8 +34,8 @@ RUN set -ex; \
         libicu-dev \
         libjpeg-dev \
         libldap2-dev \
-        liblz4-dev \
         libmagickwand-dev \
+        libmcrypt-dev \
         libmemcached-dev \
         libpng-dev \
         libpq-dev \
@@ -57,6 +56,7 @@ RUN set -ex; \
         gmp \
         intl \
         ldap \
+        opcache \
         pcntl \
         pdo_mysql \
         pdo_pgsql \
@@ -65,17 +65,13 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.28; \
+    pecl install APCu-5.1.24; \
-    pecl install igbinary-3.2.16; \
+    pecl install imagick-3.7.0; \
-    pecl install imagick-3.8.1; \
+    pecl install memcached-3.3.0; \
-    pecl install --configureoptions 'enable-memcached-igbinary="yes"' \
+    pecl install redis-6.1.0; \
-        memcached-3.4.0; \
-    pecl install --configureoptions 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' \
-        redis-6.3.0; \
     \
     docker-php-ext-enable \
         apcu \
-        igbinary \
         imagick \
         memcached \
         redis \
@@ -88,14 +84,13 @@ RUN set -ex; \
     ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
         | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
         | sort -u \
-        | xargs -rt dpkg-query --search \
+        | xargs -r dpkg-query --search \
-# https://manpages.debian.org/trixie/dpkg/dpkg-query.1.en.html#S (we ignore diversions and it'll be really unusual for more than one package to provide any given .so file)
+        | cut -d: -f1 \
-        | awk 'sub(":$", "", $1) { print $1 }' \
         | sort -u \
         | xargs -rt apt-mark manual; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache
@@ -103,20 +98,15 @@ RUN { \
         echo 'opcache.enable=1'; \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=${PHP_OPCACHE_MEMORY_CONSUMPTION}'; \
+        echo 'opcache.memory_consumption=128'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
         echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \
     \
     echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \
     \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> "${PHP_INI_DIR}/conf.d/docker-php-ext-igbinary.ini"; \
-    \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
         echo 'upload_max_filesize=${PHP_UPLOAD_LIMIT}'; \
@@ -135,7 +125,7 @@ RUN { \
 VOLUME /var/www/html
 
 
-ENV NEXTCLOUD_VERSION 31.0.12
+ENV NEXTCLOUD_VERSION 29.0.8
 
 RUN set -ex; \
     fetchDeps=" \
@@ -145,8 +135,8 @@ RUN set -ex; \
     apt-get update; \
     apt-get install -y --no-install-recommends $fetchDeps; \
     \
-    curl -fsSL -o nextcloud.tar.bz2 "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2"; \
+    curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \
-    curl -fsSL -o nextcloud.tar.bz2.asc "https://github.com/nextcloud-releases/server/releases/download/v31.0.12/nextcloud-31.0.12.tar.bz2.asc"; \
+    curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \
     export GNUPGHOME="$(mktemp -d)"; \
 # gpg key from https://nextcloud.com/nextcloud.asc
     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \
@@ -160,7 +150,7 @@ RUN set -ex; \
     chmod +x /usr/src/nextcloud/occ; \
     \
     apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
-    apt-get dist-clean
+    rm -rf /var/lib/apt/lists/*
 
 COPY *.sh upgrade.exclude /
 COPY config/* /usr/src/nextcloud/config/

29/fpm/config/redis.config.php

@@ -0,0 +1,17 @@
+<?php
+if (getenv('REDIS_HOST')) {
+  $CONFIG = array(
+    'memcache.distributed' => '\OC\Memcache\Redis',
+    'memcache.locking' => '\OC\Memcache\Redis',
+    'redis' => array(
+      'host' => getenv('REDIS_HOST'),
+      'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
+    ),
+  );
+
+  if (getenv('REDIS_HOST_PORT') !== false) {
+    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
+  } elseif (getenv('REDIS_HOST')[0] != '/') {
+    $CONFIG['redis']['port'] = 6379;
+  }
+}

29/fpm/config/s3.config.php

@@ -0,0 +1,48 @@
+<?php
+if (getenv('OBJECTSTORE_S3_BUCKET')) {
+  $use_ssl = getenv('OBJECTSTORE_S3_SSL');
+  $use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
+  $use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
+  $autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
+  $CONFIG = array(
+    'objectstore' => array(
+      'class' => '\OC\Files\ObjectStore\S3',
+      'arguments' => array(
+        'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
+        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
+        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
+        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
+        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
+        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
+        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
+        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
+        // required for some non Amazon S3 implementations
+        'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
+        // required for older protocol versions
+        'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
+      )
+    )
+  );
+
+  if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
+    $CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_KEY')) {
+    $CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
+  } else {
+    $CONFIG['objectstore']['arguments']['key'] = '';
+  }
+
+  if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
+    $CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SECRET')) {
+    $CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
+  } else {
+    $CONFIG['objectstore']['arguments']['secret'] = '';
+  }
+
+  if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
+  } elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
+    $CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
+  }
+}